Canada using Excel function for immigration lottery
theglobeandmail.comAll the other points about the unfairness makes sense, but the complaint about the poor random number generator does not make sense.
This isn't a multistep process that the "adversary" has access to. It doesn't matter how bad the random number generator is or even if it is predictable. Sure you could bribe the person putting it into excel I suppose, but you could do that anyway and just have them switch numbers around.
This is a silly complaint. Yes it is a bad random number generator, but predicability of the sequence isn't an attack surface in this use case.
So much this. In order to 'attack' this, how would you go about that? Somehow control who applies for the program so you wind up with an expected number?
And the gambling comparison is particularly bad. Excel is presumably not picking the same seed every day, no matter how bad it is. It's probably using time() when it's loaded, which is not great but also not visible to an 'attacker' and not consistent.
Yeah, the human component is definitely a lot easier to attack. I'm curious how this is handled. Does the person doing the random number generation have anyone else standing over their shoulder at the time? There should definitely be witnesses and/or records of something this important.
And according to the article, I notice they said that only 10k make it past the lottery stage to the vetting stage. That seems like a pretty easy anti-immigration attack surface: just submit a lot of low quality requests to block out potential acceptances.
You’re right that it seems unlikely an individual could exploit this, and it’s silly for the article to emphasize that threat.
However: “it may be that not everybody has exactly the same chance” — this might still be a concern.
Whether it really is depends on how large N is, what version of Excel they’re using, and how often they re-run the lottery.
Man, people are picky today. This isn't a public webapp, this is a spreadsheet that is controlled by a trusted party. Yeah, it isn't the state-of-the-art RNG, but given that it is only picking 10000 numbers, I would say it doesn't need to be all that good.
The complexity of random-number generation is well-known to programmers, but the inability to generate random numbers for "real-life" selection algorithms has had major life-or-death implications:
https://en.wikipedia.org/wiki/Draft_lottery_(1969)https://en...
> People soon noticed that the lottery numbers were not distributed uniformly over the year. In particular, November and December births, or dates 306 to 366, were assigned mainly to lower draft numbers representing earlier calls to serve...Analysis of the procedure suggested that mixing 366 capsules in the shoe box did not mix them sufficiently before dumping them into the jar.
I went ahead and flagged this. It is not HN quality. It is not even Globe and Mail quality.
The other comments have already expressed why that is the case - but in summary, there is no security flaw coherently expressed here, Excel is possibly the right tool for the job (it saves tens of thousands of dollars of custom software development through government acquisition programs) and the editorialism in the title was unnecessary and further hurt the credibility of the "point."
Since Office 2007, Excel's random number generator has been implemented using a Mersenne Twister.
Why would a lottery be used at all for picking “winners” for immigration? On multiple levels that seems unfair and wrong.
If they were actually accepting all applications that meet the criteria, that would make first come first serve more fair, but there are quotas so they have to reject N-1 applications regardless of their application.
Lottery systems are generally considered fairer than first come first serve because they don't advantage people who apply early. Especially in an immigration-related process where circumstances are likely to dictate when you can apply, not everyone will have an opportunity to 'get in early'.
If you have a way to make the process simultaneously non-random, fair, and not have a cap (which I personally would probably be fine with eliminating but is presumably a non-starter for various political reasons), I'm sure some people would love to hear about it.
Sure, just make the process much more restrictive. The idea is to take in the best, not help the most vulnerable.
> The idea is to take in the best
Is that really the purpose of the family-reunification program?
That's a typo.
Sure. Attach a price tag to it.
Ah yes, because "the people with the most money get in" is the absolute definition of fair for sure.
Why is that wrong? How do you propose to select to pick who gets in and who doesn’t?
Virtue.
The other options are to let everybody in or to suppose you already know the right criteria for who'd be the "best" immigrants. Hint: you don't.
Genuinely random selection averts loads of really nasty problems in a system where you need to pick things even though humans tend to be sure some other approach would work better.
> The other options are to let everybody in or to suppose you already know the right criteria for who'd be the "best" immigrants. Hint: you don't.
On an individual basis of course not, but you don't think in the aggregate better candidates can be chosen?
No. If the information is not about the individual, then it isn't useful in evaluating the individual. I know that sounds tautological, but it seems that obvious.
I would imagine it's because there are a limited number of people that Canadians will allow to immigrate into their county?
Yep Canada has pretty tight immigration policy.
While it does seem wrong and silly, isn't a completely random lottery explicitly fair? No one involved is privileged by any metric (unless you believe in supernatural luck).
Unfair to whom? That is going to be relative.
to those who lose the lottery, duh!
Its still better than using the place of birth as a determining factor.
You can still use that in concomitance with the lottery.
"The Liberals introduced a lottery in 2017 in an effort to make the system fairer – previously, applications were accepted on a first-come, first-served basis. The program receives roughly 100,000 applications each year and selects 10,000"
This is plenty Random Enough(TM).
TFA makes it sound like spending $10M on consulting for a "true" random source here is more appetising; that it would be any different, objectively better. It's nonsense.
Be happy your government is using the tools it has rather than putting every function out to tender (as seems to happen in the UK).
This is more of an amusing statement of how much of the world runs on Excel.
I used to use Excel's RNG to determine random winners for various drawings at work, including such momentous things as shift bid winners when there were more otherwise equally positioned people than available slots for a specific shift.
Excel is far and away the best product Microsoft has ever produced, and definitely one of the top five applications ever developed by anyone. It's one of the most useful and flexible tools for all kinds of practical analysis involving just about anything mathematical. Another example is that handful of us once used it, quite successfully, to manage a particular $500MM book of business for a very large insurance company.
In fact, the only people I've met who really hate Excel are developers who find they're not as necessary as they wish they were because regular managers are able to figure things out and make reasonably good decisions without their help or input because they have a good grasp of Excel.
“We stand by this randomized selection process as a sufficient means of equal opportunity for all who look to express an interest in sponsoring their parents and grandparents.”
Ignorance is bliss. Math class is tough.
Random selection is literally equal opportunity.
The selection isn't random. Cargo culting the magic number machine is the crux of the problem.
"The Liberals introduced a lottery in 2017 in an effort to make the system fairer – previously, applications were accepted on a first-come, first-served basis."
What's not fair about first-come, first-served? Why would a lottery be fairer than that?