Slashdot Mirror

Avi Rubin, an expert on electronic voting systems, worked as a judge in two elections in 2004, and he worked the chaotic Maryland primary election yesterday. His blog article about a day spent with Diebold voting machines gives impressions from the trenches of electronic voting. From the article: "The least pleasant part of the day was a nagging concern that something would go terribly wrong, and that we would have no way to recover. I believe that fully electronic systems, such as the precinct we had today, are too fragile. The smallest thing can lead to a disaster... I can't imagine basing the success of an election on something so fragile as these terrible, buggy machines... As far as I'm concerned, the 'tamper tape' does very little in the way of actual security... I hope that we got it right in my precinct, but I know that there is no way to know for sure. We cannot do recounts."

jgo writes "Johns Hopkins Computer Science professor Avi Rubin, posted his experience as an election judge on his website. It's an interesting read and exposes some potential security problems with electronic voting. At one point he held in his hand the five memory cards containing all of his precinct's votes." Rubin had posted his experience in the primary election earlier.

Christopher Soghoian writes "In an announcement earlier this week, the Electronic Frontier Foundation has revealed the winners of the Thirteenth Annual Pioneer Awards. Focusing on the area of electronic voting security and accountability, they have highlighted the work of Kim Alexander, the president of the California Voter Foundation, David Dill, a Stanford Professor and founder of VerifiedVoting.org, and Avi Rubin, a professor at Johns Hopkins University who co-authored the highly publicized Diebold report of 2003."

Christopher Soghoian writes "In an announcement earlier this week, the Electronic Frontier Foundation has revealed the winners of the Thirteenth Annual Pioneer Awards. Focusing on the area of electronic voting security and accountability, they have highlighted the work of Kim Alexander, the president of the California Voter Foundation, David Dill, a Stanford Professor and founder of VerifiedVoting.org, and Avi Rubin, a professor at Johns Hopkins University who co-authored the highly publicized Diebold report of 2003."

nazarijo writes "Avi Rubin, a well regarded Johns Hopkins computer science professor and leading critic of e-voting, has written an account of his experience as an election judge on super tuesday. Maryland was experimenting with e-Voting machines. Rubin puts it this way, 'this was one of the most incredible days in my life.' He wrote his experiences immediately after the day was over, capturing his perspective on the subject. A very interesting read."

nazarijo writes "Avi Rubin, a well regarded Johns Hopkins computer science professor and leading critic of e-voting, has written an account of his experience as an election judge on super tuesday. Maryland was experimenting with e-Voting machines. Rubin puts it this way, 'this was one of the most incredible days in my life.' He wrote his experiences immediately after the day was over, capturing his perspective on the subject. A very interesting read."

Christopher Soghoian writes "Johns Hopkins University professor Dr. Avi Rubin (of previous e-voting fame) yesterday testified before the Maryland House Ways and Means Committee. An article in the Baltimore Sun describes his testimony, as well as that of the director of the state elections board, Linda Lamone. Mrs. Lamone was highly critical of Dr Rubin's testimony, stating that he was doing 'a great disservice to democracy. They're telling the public: Don't trust them, don't trust the voting equipment.' This begs the question: Is it better for security researchers to avoid publicly criticizing e-voting flaws? Is public faith in the system more important than overall system security?"

Several well-known security researchers have examined the code for Diebold's voting machines (which we last mentioned two weeks ago) and produced an extensive report (pdf). The NYT has a story on the report, which cuts to the bone: 'Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts. We highlight several issues including unauthorized privilege escalation, incorrect use of cryptography, vulnerabilities to network threats, and poor software development processes. For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal.'

scubacuda writes "In light of the /. backlash against Spam King, Alan Ralsky, (in which /.ers published his info online--including an overhead shot of his house--and signed him up for junk) Simon Beyers, Aviel Rubin, and David Kormann have written a report entitled Defending Against an Internetbased Attack on the Physical World. Bruce Schneier notes that there's no easy defence against such an attack, largely because companies want to make it easy for consumers to get their promotional information:'Subscribing someone to magazines and signing them up for embarrassing catalogs is an old trick, but it has limitations because it's physically difficult to do it on a large scale. But this attack exploits the automation properties of the Internet, the Web availability of catalog request forms, and the paper world of the post office and catalog mailings. All the pieces (that) are required for the attack to work.' But as Rubin and his colleagues point out, there's a real danger in this ploy, one that few people have likely thought about. 'A scenario could be imagined where an attacker would do this to delay the arrival of an important letter, to wreak havoc on the postal system for political reasons, or even worse, to serve as a diversion for a terrorist act, such as the mailing of a contaminated letter.'"

Phronesis writes "Bruce Schneier reports in Crypto-Gram about the slashdot-inspired Post-office DOS attack on SPAM-king Alan Ralsky. More interesting, Schneier writes, is a recent paper on Defending against an internet-based attack on the physical world, which generalizes this attack and discusses how it could be automated and how one might defend against it (you can't stop it, but you could make it harder to effect). From the abstract of the article: 'The attack is, to some degree, a consequence of the availability of private information on the Web, and the increase in the amount of personal information that users must reveal to obtain Web services.'"

An anonymous reader sent us an excellent (and technical) paper describing problems with Passport its not lame anti ms rhetoric, its actually a well written technical assesment of security problems with the unified login that passport aims to achieve. This is a good read.