This isn't a multistep process that the "adversary" has access to. It doesn't matter how bad the random number generator is or even if it is predictable. Sure you could bribe the person putting it into excel I suppose, but you could do that anyway and just have them switch numbers around.
This is a silly complaint. Yes it is a bad random number generator, but predicability of the sequence isn't an attack surface in this use case.
And the gambling comparison is particularly bad. Excel is presumably not picking the same seed every day, no matter how bad it is. It's probably using time() when it's loaded, which is not great but also not visible to an 'attacker' and not consistent.
And according to the article, I notice they said that only 10k make it past the lottery stage to the vetting stage. That seems like a pretty easy anti-immigration attack surface: just submit a lot of low quality requests to block out potential acceptances.
However: “it may be that not everybody has exactly the same chance” — this might still be a concern.
Whether it really is depends on how large N is, what version of Excel they’re using, and how often they re-run the lottery.
https://en.wikipedia.org/wiki/Draft_lottery_(1969)https://en...
> People soon noticed that the lottery numbers were not distributed uniformly over the year. In particular, November and December births, or dates 306 to 366, were assigned mainly to lower draft numbers representing earlier calls to serve...Analysis of the procedure suggested that mixing 366 capsules in the shoe box did not mix them sufficiently before dumping them into the jar.
The other comments have already expressed why that is the case - but in summary, there is no security flaw coherently expressed here, Excel is possibly the right tool for the job (it saves tens of thousands of dollars of custom software development through government acquisition programs) and the editorialism in the title was unnecessary and further hurt the credibility of the "point."
Lottery systems are generally considered fairer than first come first serve because they don't advantage people who apply early. Especially in an immigration-related process where circumstances are likely to dictate when you can apply, not everyone will have an opportunity to 'get in early'.
If you have a way to make the process simultaneously non-random, fair, and not have a cap (which I personally would probably be fine with eliminating but is presumably a non-starter for various political reasons), I'm sure some people would love to hear about it.
Genuinely random selection averts loads of really nasty problems in a system where you need to pick things even though humans tend to be sure some other approach would work better.
On an individual basis of course not, but you don't think in the aggregate better candidates can be chosen?
TFA makes it sound like spending $10M on consulting for a "true" random source here is more appetising; that it would be any different, objectively better. It's nonsense.
Be happy your government is using the tools it has rather than putting every function out to tender (as seems to happen in the UK).
Excel is far and away the best product Microsoft has ever produced, and definitely one of the top five applications ever developed by anyone. It's one of the most useful and flexible tools for all kinds of practical analysis involving just about anything mathematical. Another example is that handful of us once used it, quite successfully, to manage a particular $500MM book of business for a very large insurance company.
In fact, the only people I've met who really hate Excel are developers who find they're not as necessary as they wish they were because regular managers are able to figure things out and make reasonably good decisions without their help or input because they have a good grasp of Excel.
Ignorance is bliss. Math class is tough.
What's not fair about first-come, first-served? Why would a lottery be fairer than that?
