Slashdot Mirror
Florida County Asks Students To Crack Elections
imAck writes: "After the election fiasco last year in Florida, many have discussed the possibilities of using a computerized voting system to replace the old punch-card ballot system. Florida's Broward county is considering buying a $20 million dollar computerized touchscreen system to handle future elections. What makes the story interesting is how they are planning to test the system for security holes.
The county plans on holding mock elections in high schools and at senior citizen communities. They are actually asking the students to try and hack into the system during the mock elections to learn of possible security issues." I wonder if Broward County would look into spending their money on hardware and supporting development of the GNU Project's existing electronic voting software.
you can keep the socialism little brother
America isn't a democracy, it's a republic
Well, if you want to be anal, its a Constitutional Democratic Republic.
And FWIW, other state had equally bad voting problems -- its just that they didnt affect the outcome, as they did in Florida, so no one paid much attention to them...
Recursive: Adj. See Recursive.
Oh, there's worse things the Evil Agents could do with a list of people who have practice at hacking into voting systems. Far worse things...
Can anyone think of other useful features Yeah, I can think of a few, but I'm afraid that the first one that will be added is advertising. "You have selected George W. Bush. Please enjoy this informational video by the NRA."
Bullshit. First of all, there wouldn't be 200 million ballots; you're high by a factor of about 3. Second, a well designed hand counted system could be handled quite quickly. The problem with the Florida counting was that the ballots were designed to be read by machine, not by hand, so hand counting was difficult. That wouldn't need to be the case if you designed the ballots to be hand counted from the start.
A single person could easily count several thousand ballots per day, which is well more than the number of voters at most polling places. That means that you just have the election monitors bring their ballot boxes to a central location (which they'd have to do anyway) and then they'd spend an hour or two counting the votes. They already have people from both major parties there, so there would be built in protection against fraud. This would require more labor than the current system, but given the reduced cost of machines and ballots might even save money.
There's no point in questioning authority if you aren't going to listen to the answers.
How about one of those 2-d barcode things like fedex uses that contains like a PGP signature or something to ensure consistancy with the system. Have the code programmed into the machine right before the election booth opens up, then when someone goes to vote, it processes the voteing info accordingly. Not only is this secret (do YOU know how to read a UPS 2-d BarCode?) but it's a little more secure, eh? (No, I'm not Canadian.)
- Sometimes you're the pidgeon, sometimes you're the statue.
So you Americans wanna record your votes on a potentially complex system, which will envariably be designed, developed and depolyed by the lowest bidder?
Now that'd be a fun house committee to sit in on...
And of course, next time, it won't be the Florida elections in dispute... Good ol' Californian brownouts will see to that.
Vs lbh pna ernq guvf, ybt bss abj. Tb bhgfvqr. Syl n xvgr.
Most states already have revenue generating Lottery Systems in place. Lotto, The Big Game, PowerBall, etc... each one sells Millions of tickets every day. How often do people screw that up? Imagine going to 7-11 for a slurpy, tonights Lottery, and naahhh... nevermind... to much trouble!
With a punch-card system, if the names are all lined up on one side, they have to be really tiny [single-lines]. Then you get flack from people who couldn't read the ballot. A butterfly ballot allows candidate names to be double-height.
drizzling shit came up with those 50 000 different voting systems, anyway? Doesn't anyone take that shit seriously enough to think that maybe, just maybe, voting systems should be consistent?
Um... the counties? The Federal elections weren't the only ones going on on Nov. 7'th, you know -- state and local candidates were running, also. A county with 200 candidates for a given position may feasibly need a different ballot design than one with 2.
"Evil company X is threatening to restrict our rights! Let's all get together to stop--OOOH! SHINEY!!!" -- AC
Ballot boxes from opposition strongholds can fall off the back of a truck. The county court house can burn down after the desired results are reported.
Mea navis aericumbens anguillis abundat
It's too bad that a comment's rating is capped at 5 because this deserves a 10.
The way people treat security these days is weak:
1. Educate self on current popular exploitation techniques.
2. Write program avoiding above vulnerabilities.
3. Put it out in operational use and see if it holds up.
4. If not, revise & repeat.
There is no way I would trust my vote to a software system where security was handled like that. The stakes are just too high. The problem is that it is exceedingly difficult to apply formal methods to study code written in current languages. You really need a new language to make your suggestion feasible, and the security community is too busy playing cloak & dagger to care.
But any other time you discover and expose a security flaw, they'll throw you in the brig and misplace the key. So get your H4X0R fix now...
"It takes many nails to build a crib, but one screw to fill it."
Gore graduated from Harvard with honors in 1969. George W. Bush graduated from Yale in 1968 with a GPA he said could be described as a "gentleman's C."
Al Gore enlisted and served in Vietnam through 1971. George Bush joined the Texas National Guard -- getting pushed ahead of a waiting list of about 500.
After Gore returned from Vietnam, he took graduate courses at Vanderbilt while simultaneously holding a job as a newspaper reporter. George W. Bush was AWOL from the National Guard during that same period of time.
Considering that Bush lost his home country, Gore has nothing to be ashamed of. Gore won in the cities and states with the best-educated voters. Uneducated yahoos in the bible belt preferred Bush.
As for bits of paper used for voting, has the idea of ballot stuffing not occured to anyone? Granted, punched chads may or may not have any protection against ballot stuffing (like printing a serial number at the moment of punch, or whatnot) but writing a number on a piece of paper, or checked boxes on a sheet of paper seems too prone to abuse to really be considered.
IP is just rude.
Is there any torture so subl
First hack: php spellcheck
All around hack: Jon Katz
Also I feel that it's the right of every citizen (or at least the knowledgeable ones) to know exactly what kind of system is used to gather their votes, this is a basic right.
You're one hundred percent correct, which is exactly why the day a federally-sponsored electronic voting system is announced, there will likely be several hundred FOIA requests fired off, mine included.
Speaking of which... Has anyone tried to do a FOIA request for mundane (ie, not carni^H^H^H^H^H DCS1000, Echelon, or nuclear simulation) government software? I'm sure some of it must be almost laughably bad. Taking it a step further... What about submitting a FOIA request for the source code to a government website, or network infrastructure, or anything else that while not "national security" may be potentially sensitive?
The truth about Scientology, Xenu, and you: Operation Clambake
I have yet to see a system more simple than the one used in Finland. You just have a piece of paper (remember those?) with a circle printed on it, and in the circle a baseline. Candidates a numbered on a list in front of your nose in the booth, and number examples are provided. In case of a vote which doesn't make sense it is simply discarded.
No boxes to tick, no electronics, nothing. Just a piece of paper dropped in a sealed box.
Honestly, if you can't manage a number which is readable, should you really vote?
.: Max Romantschuk
Cheer up guy quit wasting your life, or continue and you will be broken.
The UK does fine, and they count over 20 million votes.
Hell, the perception that Bush was "chosen" by the Supreme Court, a perception with a bit of basis in reality, might not exist had the ballots and voting machines not been so badly designed as to force counters to waste time looking at the ballots seven ways from Sunday to determine the silly crap Republicrats were asking them to look for.
Excuse me? I do believe that it was the democratic party that kept trying to recount that pile of thrown out votes. As I recall, the democrats kept changing their tactics during counting to give Gore a favorable vote. One minute its hanging chad, next minute its pregnent chad, then its "does light shine through?". It even went as far as which name was MORE dimpled!!! The republicans said very simply that the votes were invalid, throw them out. End of confusion. Geez.
Javascript + Nintendo DSi = DSiCade
won't we have use the phrase GNU/President?
Good to see a governmental body acknowledging the benefits hackers can provide for society. To go a step further, a friend of mine actually wrote the software their school used for elections back when he was in high school.
My deviantArt site
>A cute little *nix variant with a 4 button keyboard.
>Up, Down, Forward, Back.
That sounds great!
Now, if I enter UP UP DOWN DOWN FORWARD FORWARD BACK, will I get the magic power up
that will make Nader president?
"The best part? I became an ordained minister while not wearing pants." -- CleverNickName
You're proving your point about how the Democrats won by referring to democrats.com? I am sure that www.republicans.com has evidence to the contrary.
Point being, the simple, nearly moron-proof system used in Canada just plain worked. The system you propose is even better, integrity-wise.
Anything is better than punchcard butterfly ballots that might be lined up properly being hit by a machine that might be working with candidates lined up in something resembling an organized fashion that hopefully won't be confused by most people.
*goes to shake head once again*
Someday, you're going to die. Get over it.
And your stock is worth...?
If the election officials bungle paper punch cards, imagine what they will do with computers.
Training people to do a proper job, with reasonably good materials, will go much further toward fostering a positive voter experience than any electronic devices will.
Treatment, not tyranny. End the drug war and free our American POWs.
See my user info for links.
While manual counting may be reliable, it would take a pretty huge chunk of resources. That's just silly. Hundreds of people labouring for days to count things. And you need to oversee every part of the process to make sure no-one cheats. One of the attractions of electronic counting is that once the method has been scrutinised and approved by participants, you can (provided the _deployment_ has a secure procedure as well) know that exactly the same method will be deployed everywhere.
Here (Canberra Australia) we are going to be testing electronic voting. The code is GPL and available to anyone for validation, the process is transparent and anonymous and the security is physical (they treat the voting servers/stations just like sealed ballot boxes).
You won't get fair voting systems without good people, the systems should lt them exert more control over how the system works.
Xix.
"Everything is adjustable, provided you have the right tools"
Hell, I wouldn't trust any large scale software project I've ever worked on to count my vote.
I suppose you're a Microsoft employee?
An interesting waste of time and money on the part of Broward County, since it will never be implemented. The Florida Legislature in the last session mandated the use of optically scanned ballots by all the counties, and appropriated the money for each county to purchase optical scanners for each polling place. The machines they're buying have the ability to kick the ballot back at the voter if they've made a mistake. Write-ins and questionable ballots are dumped in a seperate hopper for later processing.
I was already sick years ago of companies/management that thinks that "ask the punk hackers to hack our system!" is a clever of determining system security. But, I suppose it's a heck of a lot cheaper than hiring professional security experts to architecture and code reviews, and also have the expertise to fix problems. Maybe some PR person somewhere also thinks this is good publicity, as well. (sigh)
We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
While an external attack is probably likely, it would have only limited success. The most likely perpetrators wouldn't be content to keep silent about it, and the worst that could happen is that an election is invalidated after the compromise is discovered.
The internal attack is where the real potential for mischief can occur. Florida should be investigating the safeguards that are designed prevent their voting adminstrators from screwing with the results.
Historically, it's been the people who have been trusted to hold fair elections that have done the most damage to the outcome.
I think the reason behind this is that they're enlisting a stereotype. Other articles on the subject talk about 'teen hackers' and 'whiz-kids'. It seems that the people planning this believe 'hacker' is another word for a punk kid who spends too much time online.
Doesn't anyone take that shit seriously enough to think that maybe, just maybe, voting systems should be consistent?
The differences in voting systems are considered a benefit: one compromise can't rig the whole system.
BS backatcha. How many candidates and issues are being decided by your imaginary hand-counted ballot? If you're an advocate of popular democracy, you probably admire California's "bedsheet ballots" with literally dozens of offices and propositions to vote on. No hand-counted ballot is going to handle those swiftly AND accurately.
We can reduce ideas to bits and people to genes, but "can" does not imply "should".
wasn't it decided by 7 votes?
Federal and provincial elections are organized and supervised by an independent electoral commission that operates at arms-length from the government. There are no partisans in charge of any aspect of the electoral process except scrutineers appointed by each political party to watch the votes being counted. These scrutineers can only challenge a ballot; they can not allow or disallow it since they are not employed by the independent electoral commission. In fact, they aren't even allowed to touch the ballot.
Now back to the technology we use. After the polls close, it takes about one hour to tally the ballots and submit the results. We have never had a final election result take more than a day in any provincial or federal election, nor has any election result been marred like the questionable result of your last presidential election. Each ballot counter is supplied with a chart of acceptable ballot markings. The only criteria is that the intent of the voter must be clear and that there are no personally identifiable marks on the ballot. Having personally been involved in this process, I can assure you that there is never any question as to the intent of the voter if the ballot has been marked correctly. No marks or two (or more) marks on the ballot disqualify it. As long as there is a mark in the circle then the intent is clear. Determining such things is much easier when a sentient creature (as opposed to a machine) is making this determination.
Of course all of this depends on having a truly independent electoral commission and standardized ballots...neither of which the US has. You Americans have a long way to go on the road to a real democracy.My cat's breath smells like cat food.--R. Wiggums
if (Gore > Bush)
printf("Gore wins\n");
else if (Bush > Gore)
printf("Gore wins\n");
1. the punchcards like to put a mark between two check boxes.
And if I know what your referring too, I think that they also put an arrow. The last option is always to ask the guy who is paid to anwser questions. He's there, if you have a question...then ask him...jeeze.
2. it is apparent that the general population is incredibly confused when it comes to using the systems (as simple as they are).
If your educated enough to understand why your voting for a person, then you should be able to do the things above. If you dont know why your voting for a person....then why are you voting? And I also take issue with you saying that the general population is incredibily confused as to how to use the ballot. Beyond the confusion in florida(which I'm still doubting, I think that it was brought up by the telemarketing campaign that was paid for by the DNC), I havnt heard of any other confusion however, I might be wrong so feel free to post some articles depicting the massive large-scale confustion you talk about.
-Bucky
"Will the last American to leave Miami please turn out the lights when you leave."
The other reason suspicion was cast on my home state is because our governor (Governor Jeb "Duh" Bush) was the candidate's brother.
Isnt aarp gonna get mad that they didnt ask the senior citizens to hack the system? You never know, one of them might have been at bletchley park working on the enigma cypher.
Some of the others posters are right; we need a simplier way to vote.
I propose giving each voter a numbered list of candidates. The voter would then write a single number at the bottom of the ballot indicating who they are voting for. Each digit of that number will be the multiplier for each term in a to-the-nth polynomial, where n is the number of digits in the submitted number minus 1. I say minus 1 because the last digit will set the base of the number system (say f would indicate a base 16 number). We can have almost an arbitrarily large system using the whole extended ASCII table for precision purposes. Each digit that is more than half of the largest value in the system will indicate a multiplier of (base-digit), which would allow for the voter to specify negative values.
So now we have an equation where we just plug in the candidate number and get a result; if it's greater than or equal to 0 then it is a positive vote.
What could be simpler than voting with a single number?
"Leave the strategizing to those of us with planet-sized brains." -Tycho
So you feel that it is less courageous and honorable to go to Vietnam as a journalist than to go AWOL from the National Guard after daddy's friends pushed you to the front of the waiting list? You have a strange set of values.
Would that be the five courses he failed at Vanderbilt?
Yes. So he took some courses he did not complete. Big deal. He proved his mettle at Harvard, graduating with honors, while Bush barely squeaked by at Yale with a "gentleman's C" GPA.
Bush won his country. You obviously don't understand the electoral system of your own country
No, Bush won the Electoral College and lost the country. Over 500,000 more American citizens voted for Gore than for Bush. More American citizens wanted Gore as their President and an antiquated, unbalanced system left over from the days when votes were carried in by horseback robbed the American people of their choice.
Had the election gone the other way, you'd have been screaming about how unfair the Electoral College was.
And what relation is between it and Florida?
I'm here a Florida too, and I wish I had mod points....
Jaysyn
There is a war going on for your mind.
17 USC Sec. 1201 makes it illegal to crack any mechanism that "controls access to a work". (minus exceptions made by the Librarian of Congress); copy protection is not specified.
Slashdot can be used as a voting mechanism. Everyone will be given moderator points and will vote for the few candidates who will present themselves with short description as answers to articles. I wonder what kind of results will be collected: Bill Clinton 5 Interesting, Al Gore 3 Flamebait, Bush -1 Troll.
You can't handle the truth.
Of course, if someone found an exploit, would they report it? Or simply leave it be, and use it during the election?
Much government software is produced under a contract in which the contractor holds ALL copyrights and the government is granted the rights to use the software. FOIA requests will have no effect, any more than a FOIA request could produce the source code to Windows just becuase the government uses it.
This is just great. You go to look at the descriptions and ideas of the canidates and find a page full of lies. After all, who else is there to correct the information? Just you, a voting switch and a pile of lies.
(Not that it isn't all those things now...)
Remember "Bring 'em on"? *sigh
Maybe, but I still think that voting software is the one example of software that would probably benefit from being closed source and taking the "security through obscurity" approach. Face it: this kind of software will only be used once every two or four years (I don't know how often you Americans vote, it sometimes seems as if there's someone to be voted into some office or other every year, if not more), no one, not malicious script kiddies, not dedicated hackers will get anywhere near the software, so provided the people in charge of it are trustworthy, there will never (almost, anyways) be a problem with security, as all people see is the buttons you push, not the underlying code.
...
Of course you could also argue that since it's really hard to actually get to the software and fuck with it, it doesn't matter that the source code is open for public scrutiny (malicious or not). So either way, it doesn't make much difference.
Maybe a better approach would be to actually "prove" that the software is faultless. A guy I know took a course in university where they were taught to prove the correctness and bug-free-ness of certain algorithms - wouldn't voting software be simple enough for it to be possible to do this? I don't know, maybe someone who does could shed some light on whether or not this is possible
News and bla for computer musicians: http://lomechanik.net/
DO NOT ARGUE THIS PLEASE!)?
Because, of course, you're god almighty, font of all wisdom and morality. Just out of curiosity, if we do disagree with you, oh wise one, will you accuse us of being stupid or evil?
Do you have ANY idea how fucking obnoxious and arrogant it is to expect someone not to disagree with you, you little twat?
- Present their credentials to the county commission and convince the commission that they do indeed want this person examining the system
- Tell the commission that they'll be unable to assist unless they have written assurances of immunity from prosecution for their participation in the test from the relevant local, county, state and federal officials (DAs & AGs).
While I don't expect that anyone would actually be prosecuted for participating unless they really pissed someone off (it'd be a PR nightmare - "County solicits hacker assistance, State prosecutes helpers!"), I kind of regard it as a "principle of the matter" thing and a way to get the point about silly laws across.For high school students, the risk of participating is being branded a "hacker" by your school - they're not interested in what you're doing (e.g. helping the county election board), they're going to screw you over because of the skill set you have.
Second, I'd be relatively unconcerned about the danger of someone hacking an individual voting machine - anyone wanting to significantly bias an election would be better off arranging some changes to the new tallying systems that will have to go along with the new voting machines.
For the individual voting machines, it'd be possible to do things like record votes both to disk and to a continuous paper tape (perhaps in a sealed unit). By putting timestamps on the tape every X minutes (15? 30?) and comparing those to the number of people who voted during each time period (as recorded by the elections staff) it would be possible to identify statistically anomalous patterns of extra or dropped votes.
One problem with paper tape in particular is that there's at least a potential for abusing anonymity with anything that records votes sequentially, particularly if the local election staff has access to the recording media/paper tape. "Hmm, Bob was the third to last person to use that booth. I wonder who he voted for?"
fencepost
just a little off
And BTW, I once voted in the tony Chicag-land suburb of Naperville and they have butterfly ballots too.
wow, this really cares em that this got modded up, this guy is asking people to launch a disctributed denian of service attack againt a company who he say(and we have no proof) screwed him over.
-- free as in swatantryam - not soujanyam.
Let me get this straight, they are going to spend $20 million on a system and their test plan for security is to invite some high-school kids to hack on it? Not to knock the abilities of kids in high school, but if it were me I would want a little more formal testing than that.
Are you kidding, weren't you paying attention in the last election:
if($gore > $bush)
{
echo "Bush Wins\n";
} elseif($bush > $gore) {
echo "Bush Wins\n";
} else {
recount_until_bush_wins();
}
I mean the Republicans paid a lot of good money for the last presidential election, otherwise whats Dubya doing in the whitehouse? Its not like he actually got the most votes or anything...
"The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
I still personally contend that using a pencil is still not a good idea given that pencil marks can be erased--fast way to fraud!
Using permanent ink stamps is way better because you cannot erase the mark, which means unambigious selection of choice on the voting ballot that can be read on both hand counts and machine counts.
Besides, they should have canned the punch card ballot at least ten years ago, because even back in the early 1990's several researchers complained about the problems with punched card ballots which can cause way too many errors in counts.
News flash: GNU software is open source.
WRONG! It's "free software!" Get it right or RMS will have to lead a coup!
Picture Dan Rather reporting the latest election return results: "And tonight we have the election returns for the state of Florida. Apparently 31337 hAx0r has won the election by an unprecendented landslide..."
*Condense fact from the vapor of nuance*
you took my "I" (SP)- In late breaking news, geeks threatening to make electronic voting system secure insist it was clear that a contributor "-intended-" for there to be an "I" in Florda. Swearing you could see "... an itty bitty little dimple of an "I"" one poster said "no one will notice anyway, this is Florida after all". BK425
Have printouts, ask people to check that the printout indicates their preferences, and maybe have some extra thing to double-verify it (e.g., a bubble to fill in that says "These are my voting preferences T/F.")?
It would be interesting if for no other reason to have two records of voting preferences.
Of course, then there's the issue of what happens when the two counts contradict one another. Do you go with the paper count or the computer count?
Probably the paper count. You're back to square one, but the voting process might have been easier.
What I don't understand is the security issue surrounding having the voting computerized. If the machines can be hacked, then doesn't that mean they are networked? And why the heck do you need to network them? If you're asking people to hack the system, you're already doing something you shouldn't be doing. Computerized voting should be for collecting votes, not tallying them.
"Gore won in the cities and states with the best-educated voters. Uneducated yahoos in the bible belt preferred Bush. "
So what ? You leftists are claiming to be so advanced and liberal yet have the same old tendency of ignoring input of people who you THINK are less inteligent than you are.
If the votes are h@x0red after the election, will it be possible to detect that fact? (I.e., there won't be any physical ballots to recount.) I dont know about the other ones, but if I remember right, each terminal prints out a paper trail after every vote so you could check them manually. If they had SS#'s or something, you could crosscheck them to see if the people were actually registered.
-Bucky
Now when politicans tamper with election results, there will be no paper ballots to go back and recount.
oh come on, we do it all the time in school. we call it a scantron. put a huge stack into the machine, minutes later, it's done.
It was me, I did it, I moved your cheese
Anyways, please join in and teach them a LESSON for SCREWING ME LIKE THIS!
Why the fuck should/would we care about YOU getting screwed?
The technology CAN work, if it's intelligently designed and a big part of that is a simplicity and redundancy of design.
-Coach-
Perhaps the world's greatest tragedy is that ignorance is not impotence.
DMCA makes it illegal to crack copy protection - not security (note: this is really stupid). Adobe is abusing it. Please stop talking about it. Thank you.
SIG: HUP
I have to use the ms-dos prompt a lot...it helps when you wanna type a:\>Format c:
-Bucky
Do you feel better now? The only the Federal Govt. would allow computerized elections is to put a Federal computer security and law enforcement agency in charge of it. Welcome to the CCCP where the secret police run the elections.
In order to use formal methods to prove something is secure, you have to find a way to represend all the possible variables. In even a system specifically designed for voting, this is likely an impossible task. Each component from the OS, as simple as it may be, to the device drivers that run the touch screen, would have to be designed with an extremely rigorous process to ensure that your formal methods would have any validity. I'm not saying that formal methods shouldn't play a role in the design of a secure system. I just don't think you're going to be able to really prove a system is secure. You can however do better than just throwing a system together and patching the security issues that come up in limited testing. If they want the system to be secure, the first thing they need to do is isolate the network, and strictly limit access. If it's attached to the internet then security will be a much greater risk.
But in NY they atleast check your signature against the signature you provided for your drivers license. Not that they care if they look the same, but they are there side-by-side!
Of course even if students were able to crack the voting system. I'm sure people will use the DMCA to prevent the publishing of their results. Or suspend them. Or possibly send them to jail.
Umm, it's well established in political science today that the less educated one is, the more likely he or she is to favor the Democratic Party. Go check out the demographic results from the election sometime at CNN. This is the main reason why the Gore team pushed so hard for recounts and judging the "intent" of miscast ballots, because they knew that it was more likely that Democratic voters would have messed up when voting. But hey, thanks for the bigoted comments, anyway.
Dear Student, Congratulations! You've just successfully cracked the Florida State election system. You are also requested to appear before the Greenwich County Circuit Court on July 7, 2002 for violations of the DMCA. Thankfully Yours, Your Governor
Is is, sort of, how the south'ners say things, but you really should spell it correctly!
Yeah, I'm sure the code to do nuclear simulations on the top (public) supercomputers in the world is laughably bad.
Actually, I was speaking of the DFAS accounting systems which, by the military's own admission, are bad at tracking things, and have caused the "loss" of billions of dollars worth of equipment. If the system allows that to happen, it's either poorly coded or poorly integrated.
The truth about Scientology, Xenu, and you: Operation Clambake
umm, why is this to bad? The fact that is it is written in java means they can run it on whatever hardware they have, with minimal hassel, because it is OS independant. Also, less security worries as java is inherently more secure.
-- free as in swatantryam - not soujanyam.
Damn Anonymous Coward. Your name's probably Chad.
LOAD "SIG",8,1
LOADING...
READY.
RUN
Just to say: I loved your sig. C64's and C128's still are my favorite older machines. Thanks for bringing back the memory.
GPL made simple: What was my stuff is now our stuff. If you improve our stuff, please keep it our stuff.
Absolutely correct on that last point from my point of view.
I am going to be a high school senior at Leland in San Jose this fall, one of those schools located in a neighborhood where every kid usually has their own computer at home and each is expected to go to college. There are always plenty who are looking to getting an EECS degree at Berkeley or some other school. For these much more upper-class students, almost 2000 strong, few know how to operate a computer. I would estimate that:
Only 4 have ever touched a *nix.
Only 3 would ever consider hacking given such an opportunity for learning.
Only 2 of those 3 would be able to use more than script kiddy tools to hack and have a good chance of suceeding (there are many more who would know how to find them because they already know what astalavista.box.sk is already)
I know this because I am essentially the technician for the whole school. There is another teacher who is essentially a jack-of-all-computer-trades and another two who understand at least the delete, reboot, reinstall procedures of Microsoft (but not as far as editing the registry or disabling bios functions). These teachers have a more important job to do- teach. This leaves the students to handle many of the problems, and as I am going into my final year, I need to find a replacement soon.
That in itself seems impossible unless a miracle occurs. I was picked by someone who graduated in 2000, and he was picked by someone from the class of 1998. So far I have found only one junior (who is too busy with extracurriculars), and one sophomore (who certainly understands the things he claims to knows, but has a long way to go before he could say, hack. The incoming freshmen are simply unknown as of now.
To ask high schoolers is simply impossible because few of the students will have had enough experience with computers, guaranteed. Those that have more, like me, still have to rely on other script kiddy programs on occasion.
Of course, one must look at the article to see what the system actually does. It only records information on computer disks, and I assume the makers are not stupid enough to transmit the data over the 'Net. It seems pretty impossible to cheat without stealing the disks or opening the machine with a screwdriver. These people are only trying to exploit the image of "computer-savvy" teenagers who supposedly were enough to create massive DOS attacks for one, which we all know required little skill relatively speaking.
They did that with some test Windows 2000 box, which nobody broke into as I recall. (Golly, Windows 2000 must be secure!)
As I recall, that win2k box kept crashing... or at least that was the rumor I heard.
Please choose your President from the following: * Republican * Democrat * Libetarian * Cowboy Neal
"This man hacked into our systems and he's well able to cause serious damage over computer networks. Just look at this: he cracked Florida's new ballot system!"
Don't help officals or suits, it gets you screwed big time. If you can code or hack or crack, keep it under the lid in the public and don't brag about it. It doesn't do any good to you.
Preserve old classics: copy your collection onto all hard drives.
I'm only half joking, sadly.
________________
Private Essayist
How do we know you don't work for their competition? Or maybe you could be a pissed-off ex-employee.
Ben "You have your mind on computers, it seems."
Is there any network connection to the outside world in this system? If not, then I don't see how this could be any less secure than other voting methods.
You can't be sure that 'the people in charge' are Trustworthy -- especially if they are the one well-known soft link in the security chain.
Social engineering is one of the most successful methods of getting into a system. It's one of the favorite methods of organizations like The CIA, The (former) KGB, The Mafia, and most con artists. Even if you're going for a hardeware solution, it's still gonna be easier if you can blackmail design info out of the people working on the system.
Free Software: Like love, it grows best when given away.
Well, gee whiz, we've had that for a long time. Just download the Slashdot source code, find the part that does those nifty polls, and boom! Instant electronic voting.
Donate background CPU time to fight cancer.
Hey shithead
model of democracy = stupid mess
GET USE TO IT!
Florda County Asks Students To Crack Elections ^
Please identify another country in the world that could pick its leader in an election decided by 567 votes without having a civil war.
Most of the major courtries in Europe can barely host a soccer game without people killing each other.
You see, the more people there are (presuming they can all vote), the less value your vote has. And let's face it, most of the people here on Slashdot have more intelligence and are better suited to pick the next President than some redneck hick sitting in a cabin (or to be less extreme; next time you take a bus, look at the people around you. Now, how many of them would you want to have an influence on your future)?
So instead, the voting system should not only remain as it is, but in fact increase in complexity. The (cynical) way I see it, if you can gear the voting card so that anyone with less than a minimal amount of intelligence ends up voiding his vote (or perhaps voting for a 'red herring'), the more influence people with some intelligence can have.
You may argue that this view is exceedingly cynical. I would agree. But backtrack for a second, and remember that the vast majority of Americans (and people of all nations) are, to put it politely, morons. The greater up the intelligence scale you go, the fewer people you will find, and it's easy to see that a system which follows the collective will of dolts will not fuction well. (The main flaw with democracy, in my opinion.)
So if a computerised voting system is to be put in place, some sort of low-grade intelligence test would be really quite handy. I'm not saying that only geniuses should vote, but I'm sure you can all name people who you do not want deciding the future of the free world.
Of course, the tax burden to keep such a system in operation (along with all the spotty IT admins) is another matter entirely. But hey, I live in England, what do I care. (And presumably, with a two-party system you're damned if you do and damned if you don't.)
Security through promiscuity is no better than security through obscurity.
Since you took the time to click through to the article and took the time to post something (which is really nothing).
Where's Florda?
Beware the wood elf!!!
Oh please. It had nothing to do with the way the votes were taken, but it had everything to do with how close the election was. Most U.S. presidential winners are known before the polls in the midwest are even closed. That was impossible this time, while the Canadian election was a landslide. If the Canadian election had come down to a single riding, with only a few hundreds of votes making a difference, as the U.S. election eventually came down to a close result in a single state, do you really think that the close precincts wouldn't have been contested?
Yeah, Sr. was much better then Jr.!
Just because no one finds an exploit doesn't mean the system is secure.
That could be said about any method of testing. do you suggest we abandon all testing?
If someone discovers a flaw, it may in fact be more lucrative for them to keep it a secret and exploit it later.
Leaving an IIS server on the net for people to crack, along with adequete monitoring software promiscuously recording packets would catch most of the exploits. Besides, with a system like IIS, it's already possible to set up an IIS server on the net for people to crack anyway. It makes a lot more sense for Microsoft to be the ones doing it, so they at least have more of a shot of discovering the holes. The only real danger would be from employees with access to the logs of holes.
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
Sounds like they don't need a DDOS then. They have problems enough.
so they won't be able to answer any tickets at all -- it's no big loss, 'cause that's how they ALREADY are!
Sounds like they don't need a DDOS then. They have problems enough.
CI Hosting is using Pokemon graphics and characters illegally and in infringement of Nintendo's copyright
Sounds like they don't need a DDOS then. They have problems enough.
Why don't you sic a BSA audit on them and turn them all into free software converts while you're trolling. Do something constructive.
(1) Gore thinks he invented the internet
(2) Gore wakes up in the middle of the night and decides that we need to put a hundred million dollar satellite a million miles into space so "the childreeennn.." can see a pretty picture of the earth on the internet.
How the hell could anybody take Gore seriously. The guy makes Quayle look like a rocket scientist.
Visit this site, and learn some more information about voting, as well as some interesting con points about computerized voting.
...necks on the county, like the other vendors did? What did you expect? That the county conducted a detailed study of the best technologies?
The real failure of open source, no pushy quota clowns
Wonderfull idea. lets build a $20,000,000.00 computer system to avoid all those "paper" based miss-haps and then have it print out the votes on some paper. what an inovative answer to the missleading ballet markings... besides you know the dummmy's will just drop the print out and we will be right back where we started. (oh no! the toner is low)
Despite its age, still brings up some interesting points.
Elections require transparency and computerized voting with secret ballot does not lend itself to transparency. It's that simple.
Why this probably is just a PR move...
Guess again.
In any other country, a difference of 567 votes would have been adjudged a tie. I don't suppose the term "coalition" means much to an American.
...we call it the Slashdot approach.
And it was all counted by hand.
And forget arguing about population/voter size. It scales almost linearly.
Shut up, loser
Student: Here's how to crack the system... *detailed report*
Jeb Bush: Alright.. everyone got that? Good.. now kill the student.. and we can use this method when I'm up for reelection. Yay!
If you want to be seen, stand up. If you want to be heard, speak up. If you want to be respected, sit down and shut up.
- Are the voting booths on a network that can be reached from outside on election day?
- If the votes are h@x0red after the election, will it be possible to detect that fact? (I.e., there won't be any physical ballots to recount.)
- If the machines are rigged before the election, will it be possible to detect that fact?
IMO, the risks of computerized elections are not worth the payoff. Alas, the last election set up a situation where counties all over the nation will have an excuse to eagerly spend our tax dollars on snake-oil solutions.Sheesh, evil *and* a jerk. -- Jade
This reminds me of the Simpsons episode where the police department sent out mail telling wanted criminals they had won a free speedboat...
Well, in today's world we have the wonders of mass media and we have a highly educated population! Why do we still have a system where it is possible for the candidate with the most votes to lose the election?!
That is funny because for the most part I'm not a huge supporter of open source. But this is one case where I think it should be used. You would literally have millions of people checking out the code for the election software. I would venture to say that many of the people looking at it would be honest and report any security flaws.
:)
I'm not usually a promoter of open source, because I believe in the right for people to make money. If they want to do it via closed source software, good for them. If they think they can do it using open source software, good for them too. I don't think that either should be pushed on anyone, yet it should be the decision of the software maker. (See, RedHat and Microsoft can live in harmony.) There is no profit to be made from elections though, so make it open and make it safe.
Disclaimer: I'm very drunk right now. If this didn't make sense.. Oh well, go fuck yourselves!
...immediately, since they aren't sneaky, greedy, corrupters out to wreck the system. They just want to impress their buds and would-be girlfriends.
1) No matter what anybody says, it is a rigable system. Don't believe that'd happen? Well sorry, but the U.S. corporates & CIA will do anything to stop a party other than the Democrats and Republicans from holding power. If they think they can get away with it, they _will_ do it. Remember, Bill Gates rigged his school's computer system to place all the 'hot chicks' in the same classes as him.
2) Anonymity lost. One of the fundamentals of democracy is being able to vote anonymously. Electronic voting means all votes are recordable, regardless of what assurances the authorities may make. This is a threat to democracy. Sure, you might think it's not a problem now, but who knows what the situation will be like in as little as 15 years from now, and what might happen if you voted for the "Kill All Jews" party by mistake? There are countires (eg SINGAPORE) where the ruling party maintains power by having the population afraid to vote for other parties because they do not believe their votes are anonymous.
Not that I disagree with you, but do you have anything documented that shows information about counties that had lines all day and not everyone got to vote? If this is the case, then you're right, they need to add more voting polls as every deserves a fair single oppourtunity to vote, but so far I haven't heard of any documented cases of this actually happening. I've heard of areas where the polls flooded later in the day but nothing all day long.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
Are we supposed to be impressed by 20 million votes? multiply that by a factor of 10 and then come back. Exactly how closely have most countries elections been looked at anyway? The US system had no real problems until circumstances occured that required it to be thoroughly looked into. You truly believe that out of 20 million ballots every single one was marked and tabulated correctly?
I believe it was "up up down down left right left right a-b-a-b start." :)
Please, be serious. The drug of choice in South Florida schools is PCP.
Is it possible that systems other than the actual front-end voting system can be exploited? For example, what is limiting someone from placing multiple votes? (In Canada we are identified with a Social Insurance Number that is used to verify voting eligibility. I'm sure Americans have a similar personal identification structure) In this case, how secure is the database that houses all of these numbers. If someone was able to exploit this back-end system, could they not in theory have an unlimited number of votes?
Just my $0.02
Wow! Those are some pretty big presents!
Perfection must have some pretty rich folks, to get him presents big for all of us to have a presence there!
>Florida was the only state out of fifty that had
>serious problems with the election.
No, it was just one of the ones where the margin was small enough that making a big stink about it might just change the results. There were recounts elsewhere, and in other races, too, but Florida got most of the press.
There were plenty of problems, there always have been. But nobody pays attention to them most of the time because they are not believed to be enough to affect the outcome.
It doesn't matter, because the "democracy" it supports is a joke. It makes no difference if the republicans or the democrats get in. They both act the same, they both largely ignore public opinion, they are both in the pockets of corporations, pressure groups and the media. It doesn't matter who gets in. The whole system is rigged so the vote doesn't matter. That is why they don't need to spend money making the voting system secure. They might as well use /dev/random to select the next president from the binary choice they present us with.
I am pretty sure that bush with his team of 313377 h4x0rs will be taking the next election in florida. Or he could just ask his brother.
"Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M
Actually, whatever system florida buys probably IS copyrighted. So then any TPM meant to protect that system would be covered by dmca, and the Florida government...purchasing, not creating,...has no control over wether crackers are prosecuted for publishing their findings....
In other words...if they want to there is probably a way to cover it through the dmca.
You can (relatively) easily prove the correctness of your algorithm. It should be pretty trivial. Proving the correctness of the code that implements the algorithm is quite a bit more difficult, however.
I live in Indiana, and in both counties in which I've voted we used an electronic voting system. I presume it's pretty secure but have never really worried that much about it. I don't know where you'd begin trying to crack it - it accumulates votes electornically so as soon as the polls close the poll workers can query the device and get the counts. It also apparantly (judging from the sound) prints each ballot internally, which would be good in case someone managed to clear its memory (by zapping it with an electric shock or something).
I'm not sure a touch screen is a good idea, though. These "Microvote" machines have a paper ballot inside, so there's no concern of someone wandering in early on and swapping "Mickey Mouse" for "Donald Duck" on the screen. Also, every touch screen I've ever seen has gotten finger print smudges quite badly. Toward the end of the day you could see who'd gotten the most votes by which buttons had the most smudges. And someone who was really into it might be able to scan fingerprints and figure out who voted for whom.
I've also voted once with a paper ballot (absentee because I was going to be out of town on election day and we had a hotly contended mayoral election -- we had higher turnout for that election than we get for Presidential elections!). I have no idea how secure that was either, but I did seal my ballot in an envelope with no identifying marks, which I then put inside the absentee ballot envelope which had my voter ID, etc. so they could let the poll workers know I'd voted and couldn't vote on election day.
And yes, it does seem every time you turn around we're electing somebody for something. :) We have congressional elections every two years (1/3 of them each time, serving for a 6 year term), and Presidential elections every 4 years. Of course, there's also state and local elections -- even the dog catcher is an elected position around here!
On a related note, I'm not as concerned as some by the low voter turnout in America. I think our next Presidential election will have a higher than normal turnout, as people who don't vote because they don't think their vote will make any difference turn out, but in general Americans who don't vote don't vote because they don't care: our system works and the differences between the candidates are relatively minor. Nobody is going to try to repeal the 1st or 4th Amendments, for instance. There are no Hitlers up for election in America. :)
Yeah, it's really Florida's fault that all those old people were too senile to vote for the person they wanted. It sure was fun watching them cry on the morning talk shows, though!
Why exactly are they having kids try to hack into this again? It seems rather redundant to me. Any system used for something like this shouldn't require testing for security, it should be _proven_ to be secure (ie: written in ADA, if it comes to that).
I don't know about everyone else, but I'm nervous that this is going to be a solution written by crappy government contractors in VB and SQL server (or PHP and MySQL, for that matter), without any of the rigor associated with Real Security.
I'm not sure what you can mathematically prove about a real-world system like this. What havoc can I cause by dropping a pencil stub in the printer that creates the paper record of votes? What if I pull THIS plug at THAT time? (And, hmm, what if I then stick that plug into my laptop?) Or what if I adjust the vertical on the display to hide the bottom candidate from that sweet, but mentally fragile grandmother behind me in line? What happens to a touch screen if I stick a little piece of gum on it? Can I somehow damage the touch sensors without making this fact evident? Exactly how much fun can I have with a strong magnet? In short, I'm not sure that formal methods buy you much in such an informal environment.
The problem isn't just security risks, but also
logic bugs in the software. I would want to see
a lot of test plans that show that the software
works as stated before we use it.
when i was a senior in high scholl (1988), we voted for our class president on apple ][s. i really wanted this one guy to win. it was easy:
1. stop the voting program
2. $votevalue=$votevalue+250
3. continue the program
needless to say, he won by a landslide. the school was upset because this guy was a nobody, but won class president.
i let him know after he won (and reminded him at our 10 year reunion). whew, those were the days...
Dude, the free software community would be lucky if they could scrape up a buck-fifty amongst themselves.
How the hell could anybody take Gore seriously. The guy makes Quayle look like a rocket scientist.
First, familiarize yourself with the question-mark(?). It is utile.
Not even God Himself could make Quayle look like a rocket scientist. Anyone who thinks Latin is spoken in Latin America is a flat-out dumb motherfucker. If you could let go of the ideology teat for a second and educate yourself, you'd know that already.
Are you a FReeper or a stupid piece of shit? Remember, the two are by no means mutually exclusive, so feel free to say "Both!" if that's the case.
Hopefully that will improve spelling
And lead to a greater use of punctuation by posters.
psxndc
The emacs religion: to be saved, control excess.
Well, you're talking about the elected government of a state famous for driving with the left blinker on. Incompetence is a given.
Woot w00t w007.
This will be the best guaranty that all the holes will be quickly found. Also I feel that it's the right of every citizen (or at least the knowledgeable ones) to know exactly what kind of system is used to gather their votes, this is a basic right.
...might have paid attention to the Canadian election that took place in...
Yeah? Well, FsCK YOU CANADIANS, anyways.
It's the average idiot user that manages to foul up a system in ways the designer never considered. Like coating the voting buttons with peanut butter, or saying "these shows suck" when given a touch screen display. Make something idiot proof and the universe will only build a better idiot.
Rhymes that keep their secrets will unfold behind the clouds.There upon the rainbow is the answer to a neverending story
567 votes? and the rest! When 1/2 the country couldn't be bothered to get off their asses to vote anyway, The 567 number is merely a shaggy dog. The solution was always to redo the election, the cost, well its only tax payers money and the Government wastes so much anyway, and since so many were so apathetic, then they deserve to pay for it. Strange how apathy by 1/2 the country and a deliberate overly complicated voting system allows such a result. If voting is so important, make it complusory, what a shock if people have to be forced to vote once every four years, the political parties couldn't pander and target specific interest groups, they would have to try and satisfy everyone. I realise it is a fantasy, no political party would want that, they would scream that it was against the Constitution, because they might not obtain the power they crave.
You must be another one of those perfect spellers. Oh my god, we are in the presents of perfection.
And next, this may even happen in Florida.
Well, if you have any understanding of the U.S. Constitution, you'd understand that voting methods for federal elections are determined by each state. In fact, the federal government doesn't have the authority to require a consistent state-wide voting system. It's called federalism.
However, the situation in Florida was unacceptable. That's what happens when you elect representatives with minimal consideration of their competance and understanding of basic governmental principals. (This one will give me more Social Security money, I'll vote for him. Ugh)
Exceprt from source:
if($voteType == "REPUBLICAN") {
$voteType == "SOCIALIST";
}
Don't you have that backwards? Every single time they had a recount, Bush still came out ahead. In fact, pretty much the only "count" Bush lost over that time period came from the 7 Democrats and 0 Republicans on the Florida Supreme Court.
I have to agree. Personally I can't think of a better system then a piece of paper and a pencil (scantron-esque). It's not subject to power blackouts, nor can it be hacked by a bunch of script kiddies. Plus there is the benefit of having a paper record that can be refered to later. Chads can fall off from handling - a pencil mark can't (since the pencils in the voting booths don't have erasers, any erased marks would indicate a ballot that has been tampered with). True the ballots can be misplaced or miraculously found, or even the dead can vote(just ask Mayor Daley or LBJ) but personally I feel better with having a paper ballot that I mark myself. Low tech is the way to go.
Mister Black
You are standing in an open field west of a white house, with a boarded front door. There is a small mailbox here.
The most important thing about electronic elections is not that Haxor Doods can't hack into these machines after they draw the curtain. What's important is that there still be a trail of paper ballots for later audits, in case the election officials are corrupt. If you're going to use these machines, make sure they print an unambiguous ballot that the voter sees and deposits in the box. That way any mishap can be corrected.
Let's review why black-box testing is a weak form of testing:
If you were a malicious group wanting to cause havoc in America, do you think you would enter a "hacker challenge" to demonstrate flaws in a system, then reveal the flaws for a moderate compensation, or do you think you would wait quietly until the system was deployed, at which point you could massively influence the elections through the flaw you discovered?
120 characters isn't enough to explain it.
Rebecca Mercuri's "Why it won't work" statement on online voting.
A feeling of having made the same mistake before: Deja Foobar
Ummmm... yeah, let's make the voting lines longer...
Or, we could hand out a little pamphlet serving the same purpose while people would stand in line. Granted, that wouldn't make use of this "wonderful technology", but it wouldn't make voting take orders of magnitude longer.
Only problem is that DMCA applies to copyrighted works. Unless you're Katherine Harris and authoring your own election results, DMCA doesn't apply.
The truth about Scientology, Xenu, and you: Operation Clambake
The cracking challenge is absolute propaganda and bullshit. The real danger is elections rigged and stolen by criminals like Freida Harris and her hirelings, who will have physical access to the insides of those black boxes. The real intent of the challenge, is to increase confidence that no one will be able to crack these boxes and demonstrate that their software counts votes erroneously. On purpose.
The machines approved for use in Florida produce no paper output. All votes cast are electronic fictions subject to no kind of verification, ever, under any circumstance: A crooked election official's wettest dream come true. At least in Florida, the democratic proces is over, dead and buried, as of now. And BTW the software is proprietary closed source, made by contractors hired by the dominant political party.
99 buckets of bits on the wall...
take one down and pass it around, 99 buckets of bits on the wall
Incorrect; it had partly to do with the closeness, partly to do with how the votes were taken. The fact that the "dimpled/hanging chad" business took place at all shows the machines being used in that particular area were, well, crap. The tightness of the vote didn't help one iota, but using a voting system slightly less prone to ambiguity or confusion (I must repeat, the layout of the ballots in question was far more complicated than it had any right to be) might have aided the count and led to slightly less controversy. Hell, the perception that Bush was "chosen" by the Supreme Court, a perception with a bit of basis in reality, might not exist had the ballots and voting machines not been so badly designed as to force counters to waste time looking at the ballots seven ways from Sunday to determine the silly crap Republicrats were asking them to look for.
If the Canadian election had come down to a single riding, with only a few hundreds of votes making a difference, as the U.S. election eventually came down to a close result in a single state, do you really think that the close precincts wouldn't have been contested?
Oh, I'm sure there would be contested precincts. I'm also pretty sure the mess wouldn't have dragged on for over a month, and it wouldn't have become utterly absurd to any and all observers, partly thanks to the ballot and machine design. Determining whether a circle on one side of a ballot is marked seems to be a far less complicated process than trying to guess whether an indentation in a piece of cardpaper indicates "voter intent". In fact, the instructions given to voters here were clear, simple, and provided in large print for the nearsighted (guilty):
No muss, no fuss. Sure, an unscrupulous poll worker could somehow break into the ballot box after polls close, but I'm pretty sure Elections Canada employees hang over their shoulders from the time the polls close to the time the last ballot is counted, whenever that is.
What happened in Florida was a disaster, about as bad as it gets. What makes it worse is that the disaster could have been prevented had the people who chose that type of ballot begged for something a little less prone to error. Or even, - *gasp* - a consistent, simple system was decided upon across an entire state.
Yes, I'm pretty bitter about the whole mess. It was just plain jaw-dropping, and the way it was concluded probably wasn't the best solution, or even one of the better ones.
Simple solution: Next time, do it right. As another poster (or two, or three) have mentioned: KISS.
Someday, you're going to die. Get over it.
(nt)
Having worked for the Secretary of State here in Florida (and working on the first couple of election results systems for the Florida Dept. of State, Division of Elections), I feel confident saying that the problems in Florida are mostly due to sheer incompetence. The few people who actually know anything aren't compensated enough to stay on, and the rest rely on Peter Principle to stay in their positions. Problem is, this incompetence allows those who are truly evil to have free reign over the elections. It's not some big, carefully orchestrated plot, it's pure opportunism - wait around for a big enough screw up, and have your fun during the resulting confusion.
What'dya mean there's no BLINK tag!?
High school students and retirees are good for usability testing, but anyone who thinks they'll be good for security testing is crazy.
These two age groups are the actual voters themselves... they will be the ones physically voting at the polls. I guess the idea is if teenagers can figure it out, and the seniors can figure it out, then 30 - 50 year olds can figure it out. This is an excellent test to perform in tandem with your security test.
The hacker group is a separate group who may or may not be actually voting in the mock elections.
"You mean you know how to hack?" said the Principal.
"Yes." said the 15 year old boy.
"Suspend him indefinately!" said the school board.
f($voteType == "REPUBLICAN") {
$voteType == "CORPORATE_MULTINATIONALS";
}
That's nonsense. This could have gone down to any, even the smallest, of the 50 states. Every state has vote counting problems. It seems strange that we're only applying fire protection to the one place that's already burned down.
Donate background CPU time to fight cancer.
how about OS/2? It's the most secure OS, given that only like 0.5% of the population use it.
Electronic voting booths are a downright bad idea. There is a nearly endless list of ways they could be compromised unless a significant amount of redundancy in the form of paper trail is used. But then what has been gained?
As for this particular implementation, seems to me the touch screen is a pretty weak link. Touch screens use thin resistive or capacitative matrices over the regular screen. Because of this, sensitive electronics are fully exposed for public modification. One could, for instance, cut out part of the touch grid with a razor blade to disable it or apply a second thin plastic layer over the screen that would redirect touch signals to a certain section. Such a hack would require significant criminal sophistication, but it is possible. One possible workaround would be to randomize the location of voting choices on the screen.
One can copyright the presentation of a compilation of facts, even if not the facts themselves. Someone has to be the official sayer of "X won by #### votes", et cetera, and the state owns those words since it paid for them (whether or not it knew the content in advance). Likewise, the election ballots themselves are copyrighted.
Now, this does get tricky since the thing one wishes to change - the election results, prior to publication - are merely a compilation of facts, not a published work. But watch for some corporation to put in a "pay per view" system of this data (which may stay in place even though the data is supposed to be public domain, up to a point: "reasonable access fees" are allowed, which some judge may well believe to be nonzero even for electronic media where it can be proven that the per-access costs are way less than a penny each). Then the DMCA becomes an issue.
I prefer the old one, myself...
Not in the constitution. It's the Chinese crack of the audioanimatronic Al Gore that did it.
The Independent: Reverend Spooner Arrested in Friar Tuck Incident - ISIHAC, Historical Headlines
I can see it now ... complete with pop-up Pepsi and Coke adds between candidate screens. And someone marketing drone would just *have* to use it. "Do you prefer Ivory, Dawn, or Cascade for your dishwashing needs? Please select your preference before continuing." "Thank you. Your next choice of candidates are..."
Yeah. Great.
Very simple, machine-readable...
I think the best method is very simple: have 8.5" x 11" sized ballots that use ink stamps to select the choices on the election ballots.
Such a ballot is readable by both machine and hand counts, saving a lot of hassle.
Open-source the software, sure; but for God's sake, not Linux!! I love Linux, but do you seriously think that voting machines should run a full, multi-purpose OS? A simple, single-purpose system would work perfectly for this; putting it together with Linux, FreeBSD, Windows or any such OS would make them vastly more complicated to put together, slower, and add more holes to exploit.
"Science is a way of trying not to fool yourself." -Richard Feynman
Spell check is always a good idea...
Sadly, a lot of them are going to show up.
Unfortunately, the USA style of government is not the parliamentary system that is used in much of the world.
Besides, a parlimentary representative republic might not work here in the USA because we'll end up with just as many political parties as Italy--and you know how stable that government is.
The differences in voting systems are considered a benefit: one compromise can't rig the whole system.
How the heck do you nationally compromise a piece of paper with "BUSH" and "GORE" written on them, with a big empty checkbox next to each?
NO CARRIER
They actually did have something to that effect before Windows 2000 came out. They said it was never taken down or cracked so look how much good that would do.
My sig of choice is Marlboro
"the political parties couldn't pander and target specific interest groups, they would have to try and satisfy everyone" OMG!!!!!!!! a government of the people for the people? Not just for the corporations, the military and interest groups? It could never be allowed, its the path to anarchy and reds under the bed and god forbid, if the politicans had to consider everyone and not just those who pay them, the mind boggles!
Or can the owner of coprighted material grant an exption to the DMCA
Also note the EDD initiatives forming here and here.
Steve Magruder, Metro Foodist
And it took 2 hours to count all 12 votes.....
this one's easy...
1. Have the various and sundry GNU/orgs start a "Paypal" account.
2. use every fear and paranoia-based marketing device known to man to scare as many GNU/OSPF devotees deposit as much money as possible to the Paypal account
3. use the money to create a major lobbying effort to have GNU recognized as a major donor to both wings of Republi-crat Party
4. threaten to withdraw your financial support from the Repuli-crat Party if the election doesn't turn out the way you want it to, selectively donate to critical races across the country to both wings of the Republi-crat Party, punishing them when they ignore you, rewarding them when you get legislation "your way"..
5. DONE!
worked for JFK, worked for "W", works for most of the Fortune 500 corporations
MITNICK'S LAW (sorry, kev): "Social Engineering beats physical and digital security 90+% of the time."
Ten quid, she's so easy to blind. And not a word is spoken...
Shoot, they can't even get their spell checker to work, how they expect to break into "Florda" election computers?
The circumvention must be unauthorized.
Gee, guess Dr. Felten should've just gone ahead and presented in his first go 'round, when the RIAA sent him a nastygram outlining the DMCA.
Vote counts are facts, which cannot be copyrighted.
And legal opinions are public record, which also can't be copyrighted, but damned if that doesn't stop Lexis/Nexis from going after anyone and everyone who looks like they might derail the gravy train.
It could also get Sklyarov off the hook if a significant number of classic (i.e. pre-1923) books are published in eBook form.
That would be BEAUTIFUL, but sadly, it's not the case. Amazon couldn't find enough people to con into buying encrypted ebooks for texts that Project Gutenberg makes available for free. Hell, not even AOL, with its seemingly bottomless well of cluebies could pull that one off.
The truth about Scientology, Xenu, and you: Operation Clambake
That's nice, but Bush also graduated from Harvard Business School, while not flunking out of any of his college stints like Gore did. Don't forget that Gore also dropped out of law school, those graduate courses you mentioned, too.
Gore had a bodyguard to follow him around and protect him in Vietnam. There are the names of around 55,000 people on a wall in D.C. who probably wish they had the same treatment.
Yeah, we saw all those edumacated Gore voters the day after the election, tearing up about how their edumacated minds somehow weren't able cast their votes correctly. Those states that Gore carried were mainly due to those oh-so-highly educated voters that Jesse Jackson coaxed out of the inner city homeless shelters with promises of bigger handouts.
As was already noted, people from your home state know you a lot better than the entire country does. And they knew that the Sore Loserman was a schmuck.
I did. Canadian election happened on November 27 (several weeks after US) and we knew the results the next morning (several weeks before US). The entire country used paper ballots which you mark with pencil and drop in the box. No pregnant chads. No butterfly ballots. No punchcards. No nonsense.
___
If you think big enough, you'll never have to do it.
Why would they fix the bugs? They'd probably arrest the sanctioned would be hackers for DMCA violations, ship 'em off and say woooooooooooo hooooooooooo, we have a working product ;)
I am Lord Snowbeam. Heed my call!
Unfortunately, this includes dead people, convicted felons still in prison, and a host of other people legally not allowed to vote. I'm sure the Republican party employed similar if not the same tactics too, but you shouldn't hang on to such numbers as tried and true fact. The election is over loser. Bush is President. Don't like it? Why don't you leave the country like Baldwin? Oh yeah, you liberal zealots are a bunch of FUD mongers who make idle promises that you have no intention of fulfilling. Losers.
> We have congressional elections every two years > (1/3 of them each time, serving for a 6 year
> term),
True for the Senate. Since every state has
two at-large senators and terms are staggered
so that the senators from the same state are
never up for reelection in the same year, that
means you vote for a senator in two out of every
three two-year election cycles. The entire House
of Representatives, of course, goes to the
voters every cycle, so you always vote for a
candidate for your district every cycle.
Chris Mattern
America isn't a democracy, it's a republic.
Florida was the only state out of fifty that had serious problems with the election. Many other states used a punch card ballot and had no troubles whatsoever.
Florida's filled with the incompetent, the elderly and folks who refuse to learn English. Now that communism is barely a threat we should secede it to Cuba.
Read the article and see where to grab the source yourself.
We're talking about the political process here. We all know that Microsoft has the cash to lobby for this sort of thing in Congress. Other companies, like SGI, Apple, Intel, etc., have the funds to spread their influence on the software.
Linux and it's community, in a way, represents the independant, unbiased view in the matter. Almost like it's own 3 party system. Kinda poetic, actually. Linux has only what money it's users can muster and the flag of the GNU to wave. It has the least lobby power, yet promises to be a cost effective choice in software. It's more secure than Windows probably ever will be, that's for sure...
Microsoft isn't in trouble with the Justice Department's Anti-Trust Devision for nothing. And Apple is just getting it's act together after a long lull. Linux sits there, in the system's face, screaming to be tried...
And to you Anon. Cowards: I'll be the first to admit that what I say is often wrong. I do not mind being corrected, that's all part of the learning process for me. But to berate me behind the Alan Smithee banner is true ignorance. If you must correct me, please do so respectfully. I'm always open to constructive criticism. Otherwise, I speak my mind...
Blog Prophyts - Right On, Man
Too bad it is written in java.
It was a state in Australia; Victoria IIRC.
IMHO paper ballots and (shock, horror) *real* *people* counting them is the best system.
Pretend that something especially witty is here. Thanks.
You obviously didn't pay attention to our last election.
No, but he might have paid attention to the Canadian election that took place in a single night, Nov. 27, while the US was still trying to decide what a dimpled chad signified, and whether a full recount was really worth it.
In my opinion (you didn't ask, but you're getting it anyway:), every vote should have been counted, and if there was any ambiguity in the vote, toss it. Lesson learned; don't use overly complicated voting systems. Seriously, what's the problem with having the names lined up on one side, and the marking points on the other? Who the drizzling shit came up with those 50 000 different voting systems, anyway? Doesn't anyone take that shit seriously enough to think that maybe, just maybe, voting systems should be consistent?
Sorry for the rant; I just can't figure out how the country that's supposed to be a model of democracy gets itself in such a stupid mess in the first place.
*walks away shaking head*
Someday, you're going to die. Get over it.
...are inside attacks. That is, not to garantee that the system is immune to crackers, but that it is immune to attacks by the government. Unfortunately, we don't have that second garantee here in Brazil, where we had an election with 100% of electronic ballots last year. The worse is that government won't allow researchers to audit those ballots.
Well, the difference was the Canadian election wasn't nearly as close as the U.S. election. In fact, it wasn't close at all.
The problem with the U.S. election was, as John Allen Paulos pointed out, the margin of victory was smaller than the margin of error. Of course, the margin of error was larger than it needed to be because of the use of obsolete voting machines. Hence, the introduction of this computer voting system. The idea is to make the margin of error smaller, so close elections like the last are handled better.
you're a fucking idiot.
Florda County Asks Students To Crack Elections
If these students are from the same educational system that produced timothy, I don't think the software authors have to worry about their voteware getting used properly in the first place, much less cracked.
I live here :)
I'm transferring into a public school too, I wonder if we will be allowed to try this out?
's McFatter Vocational/Technical magnet. email me. :)
No one ever says, 'I can't read that ASCII E-mail you sent me.'
That...
l
1. the responsible parties in FL think that this is a remotely good idea, and
2. the responsible parties in FL think that "electronic" voting is feasible.
Don't these people consult experts that know about such things, and have informed opinions? Or do they just listen to brain-dead consultants.
Check out a Crypto-Gram article for a better explanation than I can provide:
http://www.counterpane.com/crypto-gram-0012.htm
Where is this mythical and mysterious land of Florda? I shall like to visit it someday!
________________________________________________
"He who votes counts for nothing, he who counts the votes counts for everything."
Unless you're Katherine Harris and authoring your own election results
She might as well have.. Florida was so crocked that any little hesitance or slip she might have shown to the Gore camp, the Gore lawyers, or the Broward County election committee could have very well written it in her bosses favor. Her boss being, of course, Jeb Bush.
.sig: Now legally binding!
They just want to bust all these kids under the DMCA!
Can't. DMCA's anti-circumvention provision has two standards:- The circumvention must be unauthorized. If you have the authority to authorize something, and you encourage somebody to do it, it's no longer "unauthorized."
- The measure must protect a work covered under copyright. Vote counts are facts, which cannot be copyrighted. By the way, this has implications for anybody who wants to put silent movies published before 1923[?] on DVD with CSS, as a single CSS encrypted public domain title would be justification for "this software is designed to decrypt public domain DVD content; use as directed." It could also get Sklyarov off the hook if a significant number of classic (i.e. pre-1923) books are published in eBook form.
If you want legal advice, talk to your attorney.Will I retire or break 10K?
Unfortunately, I wouldn't trust ballots filled out in pencil due to the fact the marks can be erased.
I think the best solution is to use a paper ballot where you select the choice by using a small ink stamp. Unambiguous, and best of all the filled-out ballot can be easily read by both machine and visual inspection.
Besides, like TV adds inform a voter better than a one-page position paper...
Oh my god, isn't this a steaming pile of bullshit.
Gore graduated from Harvard with honors in 1969. George W. Bush graduated from Yale in 1968 with a GPA he said could be described as a "gentleman's C."
Gore dropped or failed out of not one but two graduate schools.
Al Gore enlisted and served in Vietnam through 1971. George Bush joined the Texas National Guard -- getting pushed ahead of a waiting list of about 500.
Al served as a military journalist in the Vietnam war--not a soldier. He had bodyguards (not the norm for journalists) arranged for him by his senator father so he'd never be in harm's way.
After Gore returned from Vietnam, he took graduate courses at Vanderbilt while simultaneously holding a job as a newspaper reporter.
Would that be the five courses he failed at Vanderbilt?
Considering that Bush lost his home country,
Bush won his country. You obviously don't understand the electoral system of your own country, and why it is the way it is. The electoral college exists because the USA is representative republic of semi-autonomous states. The electoral college serves to increase the relative power of small states, thus preventing them from being ignored in the presidential election.
Uneducated yahoos in the bible belt preferred Bush.
And homeless drug addicts preferred Gore (especially the ones Democratic supporters bribed on election day with free packs of cigarettes and rides to the polls). What's your point?
There's a difference between a recount, and a great big argument as to what *precisely* defines a "vote". In all Canadian elections, the defining question is "Is the voter's intent clear?" If there's a checkmark, an x, a little squiggle, or anything else in one box, it is clear. If two boxes are marked, it's tossed. End confusion. (I'm not sure how "candidate's name is circled" is treated.)
If a tree falls on an anonymous coward yelling 'first post' in the forest, does anybody hear?
What's the difference?
In Canada we had our election on Nov 27. Voters from a population of 30 million used a pencil to mark a paper ballot that was then hand counted and re-counted for accuracy. We had the results the same evening. We had no need for obtuse voting/counting machines in a process this simple.
However, in Canada our education system produces 4th graders who can read and do arithmetic, so maybe this wouldn't work in America after all.
Well there are two problems here:
1. the punchcards like to put a mark between two check boxes.
2. it is apparent that the general population is incredibly confused when it comes to using the systems (as simple as they are).
KISSing can never be simple enough.
Actually, 'on-line voting' was used in the last appointment
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
In my opinion (you didn't ask, but you're getting it anyway:), every vote should have been counted, and if there was any ambiguity in the vote, toss it. Lesson learned; don't use overly complicated voting systems.
Here's my opinion. Every vote was counted, and they did toss the ones in which there was ambiguity. There were some problems with the voting system in Florida. I saw the ballot and relly don't think it was really confusing. VOters do have a responsibility to take a little bit of time to make sure they understand what they are doing. If they couldn't look over the ballot carefully, then their right to vote wasn't that important to them. A different system will just result in different mistakes.
There was another problem that did concern me. There were punch card machines that hadn't had the chads cleaned out of them for years. It is likely that because these were full, the chads did not completely detach on some people's cards. That was due to unacceptable incompetence by the people in the local elections offices. They are supposed to ensure that the voting equipment was in good working order. They didn't do their jobs. However, that fact was mostly ignored, and those people weren't held responsible for their mistakes. Why? It just didn't make as good of a news story as the system being out to disenfranchise minority voters. The system needs fixing, but it's not going to be fixed until there's some accountability for the local elections officials who didn't perform their responsibilities.
Ok, I've heard enough of the whining about some successful hacker getting beaten with the DMCA as a result. IIRC the "C" in DMCA stands for copywrite. In order to be liable under the DMCA you'd have to defeat the encryption scheme protecting access to a copywritten work. And I've yet to hear anyone argue that an anonymous (and "mock") vote is granted a copywrite. The DMCA simply wouldn't apply in this instance.
Except you actually have 45 differenct circles. President, congressman, senator, state rep and state senator, mayor, city council, school board, property appraiser, election supervisor, judicial retention, popular referendums...
During the WWII, the Germans had a seriously robust cryptographic engine in the Enigma, but it was weaknesses in its application (i.e. the way it was used/abused) that allowed so many messages to be decrypted.
If you were a malicious group wanting to cause havoc in America, do you think you would enter a "hacker challenge" to demonstrate flaws in a system, then reveal the flaws for a moderate compensation, or do you think you would wait quietly until the system was deployed, at which point you could massively influence the elections through the flaw you discovered?
Well, if I were like most malicious groups in America, I'd try to keep it a secret but then find that most of my members were bragging about how they were going to "mess up this next election real good." Several would probably even put up web pages to this effect.
Look what happened to Dmitry!
"Have you Meta Moderated the Presidential Election Today?"
How are you? I send you this vote to get your advice.
Having a high IQ, and working and associating with others who also do, has lead me to sometimes expect too much from people. Sorry. I'll break down the reasoning further for you:
If you were building an automobile manufacturing plant, where would you build it? Where you could find qualified workers. If you build a top-notch university, would you build it where the average IQ was 95 and the average education was 10th grade? Of course not. That's why Alabama, West Virginia, and Arkansas do not have Ivy League schools.
An Ivy League university employs many of the top minds in the world. Thus, those people will immigrate into the state housing the University. They will bring spouses and children, who will be, on average, more intelligent and better-educated than the average person.
Many people, after getting out of college, settle down to live and work near where they went to school. That's why you will find a proliferation of high-tech businesses near MIT, for example. This tends to further increase the overall intelligence and education of the population in those areas.
To show the validity of this, let's look at an analysis of the numbers from the 2000 Census:
Percentage of residents with BA or higher degrees:
States with Ivy League schools: 28.96%
States w/o Ivy League schools: 24.38%
Looks like my reasoning is pretty sound.
By the way, I discovered an error in my original message. I attributed Rhode Island to both Gore and Bush. Rhode Island was the only state with an Ivy League school won by Bush.
This is probably one of the cases where security through obscurity is warranted.
If STO were used, potential crackers would only have a limited amount of time to crack a remote system without having a copy or a dummy box to test. As it is, people have less of a motive to report exploits; at least with Apache or Sendmail, people report stuff because they don't want their own machine hacked. There's none of that motive here.
The only thing that I've promised is to fight harder next election to make sure Boy George follows in his daddy's footsteps and goes out a one-term loser. Given what Bush has been doing to the economy (seen the stock market, layoff numbers, or gas prices since he took office?), I probably won't have to work too hard to convince people to send Boy George back to Texas.
P.S. It must suck to have lost the Senate because your party was so far out in right field that even one of its own members was ashamed to be associated with the GOP (Jim Jeffords).
A pen then.
Choose One:
Cheap $3.00 Crack
The Good Shizzit(TM)
Any sufficiently well-organized community is indistinguishable from Government.
It is a classical mistake to have a competition with big prizes for cracking any crypto or similar system, and then assume that if nobody succeeded, it must be safe. Money is, after all, the only real motivator in the world, right?
Well, lets say Brandon K Cracker managed to find a way to circumvent the voting system. Let's assume there was a cash-prize of $10k for cracking it. Would he disclose his success in cracking the system?
The answer is that he most likely would, if (and only if) the value he got out of doing so now would be greater than the value he would get out of disclosing it when Florida already uses the system.
There are lots of people in the world that would pay very handsomely to influence or DoS elections, even in a small country. And when its the american elections, they would pay even better.
Then there's always the possibility that for Brandon money isn't the Grand Only Force that some people think it to be for everybody. Maybe he is in fact politically or religiously a very engaged boy, he might see the potential to use his knowledge for making sure that <insert nasty organization here> wins the next election.
So using this kind of testing to verify security of any system is always a mistake, at least if it is given any large value in the final evaluation.
But of course it doesn't hurt as a part of a much larger evaluation. Some "honest" boy might find a big hole and report it. And, if not else, it is a great way to do "monkey testing" to see if the system crashes under load.
Just don't trust it.
Hundreds of would be hackers rounded up in computer sting!
The Kruger Dunning explains most post on
I just cracked the voting system they are proposing to use. Unfortunately, because of the DMCA, I cannot share the technical details, other than to say that it does involve a double application of the rot-13 technology.
But florida is america's wang!
Grownup: "Hey you! You're a teenager, you must know something about these copmuter-ma-thingies. You listen to MP3's, that means you're a computer-hacka ... whatchamacallit ... hacker. Right?"
Kid: "Uh yeah, sure. I guess so"
Grownup: "Great! Great! Try to hack into this computer and ruin the election".
Kid (Avid reader of Pointy Haired Weekly for Teens) logs into computer, discovers that there is no C:\ prompt, and give up.
Kid: "Well sir, this computer is unhackable."
Grownup: "Yes! Yes! We are secure! SECURE! We'll see if those half-blind, senile senior citizens can screw up the *next* election!" ...
Why not make this contest open to the public ?
"Can of worms? The can is open... the worms are everywhere."
They just want to bust all these kids under the DMCA! Don't do it!
Wow, talk about the dumbest analysis ever. So the intelligence of people who voted in a particular state is judged by the number of Ivy League schools in that state. Way to go, Champ.
... and Slashdot community asks Slashdot editors to stop smoking crack while posting news. Hopefully that will improve spelling
Make It Secret . Free JavaScript implementation of AES for your browser
The government is offering this little test of their system under the assumption that no one will be able to break in; that way they'll be able to proudly announce to the papers that they've created a voting system that even the evil scrip kiddie teenagers couldn't hack. If someone with a decent bit of skill in the field manages to hack the voting system, however, the whole thing will fall quietly out of view; and the person responsible for the hack will most likely be reprimanded, fined, or jailed. It's happened before, and it'll happen again.
...they crack into it send them to prison! I feel that five years in prison is a slap on the hand in the Sklyarov case.
What is it with American elections? Isn't ticking the box on a voting slip good enough? It seems to be good enough for just about every other 1st world country. Is there some farcical requirement in the constitution that elections be complicated, weird and produce dubious results?
This is just like that episode of "The Simpsons" where they're holding a referendum by blowing out candles, flushing toilets, droping pebbles in jars, pulling on one-armed bandits and other such nonsense. Now we introduce computers. Hell, I wouldn't trust any large scale software project I've ever worked on to count my vote.
One word, KISS.
Third (and here's where the paranoia shines through), what about the list of people who try to hack the voting system? Is it going to be destroyed after the test, or will it somehow wind up in the hands of some law enforcement agency to be used as as self-selected suspect list the next time something bad happens to a computer somewhere?
I guess to the extent that their software will be build upon known components (with known root kits) this probably isn't a bad idea. But I fail (as others have noted here) how weaknesses in the software itself will be discovered unless a few White Hat crackers are hired.
Katherine Harris: Someone set up us the booth.
Jeb Bush: We get signal.
Katherine Harris: Main Screen turn on.
Teenager: How are you gentlemen?
Teenager: All your votes are belong to us!
The money isn't in the initial sale of the voting equipment, but rather the power to FIX ELECTIONS!
I read a report saying no major reforms were needed. write your representative and tell them *NO* to CORPORATE CONTROLLED VOTING APARATUS.
You'd think after going through college a body would be able to spell the name of a state. Then again, you can't get a spell checker if you can't spell "spel chekker."
Everytime you look at porn a devil gets their horns.
Yeah, I live in Flor'da. Home of Dave Barry and the killer mosquitoes.
One thing I've always wondered is just how bad are other cities' politicians. Our local news is filled the the stories of corrupt politicians, shady business deals, good ole boy networks, and suchlike.
Some are humorous. A local councilman, known for a vicious crusade to eliminate strip clubs and adult establishments, was caught in one of them doing things he shouldn't be doing.
Some are not so humorous: prison sentences, drug abuse, under the table payments, etc.. It's become so "normal" that I no longer am shocked.
I wonder what other middle sized cities are like? Do you have convicts voting? How many of your locally elected officials have served prison terms? The Miami School Board is something of a joke -- spend millions beyond the assessed value on a piece property without looking at the site; then turn around and realize that millions more are needed to make the SWAMP LAND safe to build on (most of Miami was once swamp). Oh, the seller and the buyers had previous relationships.
So, it's the million monkey approach to security testing, eh?
Makes sense to me.
"Ford! There's an infinite number of monkeys outside who want to talk to us about this script for Hamlet they've worked out."
The following is Simple and Works... simple.
I worked as a polling agent during a recent Canadian election. It couldn't be simpler. Person comes in, they hand you there ID and voter card. You check their name off a list. IF they are not on the list, you tell them to go over to the registration table. You hand them a folded vote card. They go behind a booth and check in some way a little circle next to the name of the candidate. (yes some did manage to mess this up) They then fold this again so nobody can see what they checked. It is then put in a box by them, the polling agent does not touch the ballet. After the polls close the box is opened and the ballets are sorted into piles. These are then checked by another person. The piles are counted and the number of votes for each cadidate are put in a document. The votes are counted again. If a vote is questionable its simply not counted and is put in another pile. Each pile of votes are put in a seperate envolope to be sent someplace. How can you possibly screw this up? Other than having a whole bunch of corrupt people counting the votes. This would take an awful lot to actually change anything as nobody has more than a few hundred to count.
Someones Quote:
An optimist believes we live in the best world possible; a pessimist fears this is true.
Now, I am not a Java programmer by any strech of the imagination, but why would you actually want a non-processor specific voting program. (As in the GNU Internet Voting software.) Then you could always have a security flaw in the OS, the Runtime, or the program... as opposed to just the kernal and program... unless you implement the program in the kernal.. but anyway... Didn't I read here on Slashdot that Australia, or New Zealand, is going to attempt implimentation of Debian with Open source programs being used as the voting system. I would actually prefer having open source software being used in a voting enviornment because of the ultimate checks and balances that such software would recieve. My bet is that any voting program used by the US government in one form or another would be meticulously picked apart by security experts and kernal hackers. Why are they having hight school user's attempt to break into the system. I am not doubting that this is a good idea for a start, but why just hight school children? I know I did learn a lot about security and hacking in high school, but my knowledge then pales in comparison to today. Is it that the Government feels as if they can "keep a lid" on security holes better if the holes are discovered by a student that they can "coerce" into not publicly stating the defect in the software? I would also like to see Broward county release the software to allow security experts who are not involved at all in the government in Florida look at the system and asses the possibility of danger from it. Maybe I am being a little "1984"ish, but seriously, look at how Adobe reacted when someone said, "hey, your encryption isn't nearly as good as you proclaim it is". They throw him in Jail. Although I do realize that this has nothing to do with the DMCA, governments do act like large corporations in a lot of ways. I would like to see this looked at line by line by security experts, simply because this is our truest freedom. If our right to vote is easily deemed irrelevant by someone rooting the box, what is that to say about our government?
Blah Blah Blah.
this is already done. Except they mail it to each voter's house. Everyone gets a description of everybody on their district's ballot.
The descriptions need to be more helpful though. Usually it's a form they filled out telling where they went to school and maybe some positions if you're lucky. They should each be given a question like, "in 500 words, what is the difference between you and your opponent?" and "what is your philosophy of government?"
Vidi, Vici, Veni
But probably they should stress test it as well as this site may be experience worse than Slashdot effect...
--
Error 500: Internal sig error
What an excellent idea! I wish that more companies/entities would utilize this excellent security measure. Imagine how much better M$ would be if they just took after Florda, and had a crack me IIS server. You know everyone would want to crack it, and some of the insecurities would get opened before they cause damage. Florda's new policy rules.
Aside from the fact that it looks as if Florida already has a voting system lined up for them, I would guess that they might be pretty open to an open source/"free" solution after their cheerful response to Linux in their local governments...
Will Florida be the place to look to for new angles on technology or continue just to be the place where everyone's (grand)parents live?
prosebeforehos.com
...since they can already deliver their own state by hand, they will use the information gained to use the Internet to remotely subvert the Constitution in other states.
--Blair
[sarcasm]That's why Bush did so well in areas with the most-educated populations.[/sarcasm]
Let's look at states that have Ivy League Schools (Brown, Columbia, Cornell, Dartmouth, Harvard, Princeton, the University of Pennsylvania, and Yale). Gore won Massachusetts (MIT and Harvard), Connecticut (Yale), Rhode Island (Brown University), New York (Columbia, Cornell), New Jersey (Princeton), and Pennsylvania (University of Pennsylvania).
Bush, on the other hand, won only a single state that had an Ivy League school -- Rhode Island (Brown). Of course Bush also carried intellectual meccas like Alabama, West Virginia, and South Carolina.
Oh, no. Not with my handwriting.
For the surrealism of it, I'd give out crayons instead.
If you're making your decision on who to vote for while standing in the voting booth, do us all a favor and don't vote at all.
If this is going to work, it has to be totally idiot proof. Nothing fancy at all. I do agree with the vote confirmation part. Based on my experiences with misaligned (or just sucky) touchscreens, this is a must.
load "linux",8,1
This does help eliminate the miscount problem, but one could still stuff the ballot box, but then I'm not sure if they're looking to authenticate as well. Also consider running out of toner, or dirt.. printing isn't perfect either.
"Of all days, the day on which one has not laughed is the most surely the one wasted." -Sebastian Roch Nicol
Pencil can be erased.. hehe =)
"Of all days, the day on which one has not laughed is the most surely the one wasted." -Sebastian Roch Nicol
Who needs hackers if the electronic systems already suck?
Can't you see that everyone is buying station wagons?
I think a modified way of doing this would be to have the touch screen system print out the vote record on a card, that was then turned in (in a little blinder envelope) to the vote counting staff. The cards could be quickly counted my optical machine (with mechanical creation of votes, should have a VERY low failure rate) and provide the benefit of giving the voter a chance to review their card for inaccuracies.
A bunch of students all at their voting computers.
"Pssst... which guy did you fill in for the question 1?"
"Are you kidding? I'm not gonna cheat for you!"
"Come on, everybody's doing it... even the candidates!"
The next comment I write will be ready soon, but subscribers can beat the rush and see it early!
Gore? You mean that guy who flunked out of freakin' Vanderbilt Divinity School? (F's in five of the eight classes he took over three semesters). Then again, if a majority of the people who know Gore best, the residents of his own state of Tennessee, hadn't voted for his opponent, then yes, he really would be president right now. D'oh! :)
And the new President is...
Cowboy Neal??
I'll think of a funny sig later on
So am I to understand that these machines will be connected to the Internet? Or are they giving them physical access to the boxen? and a keyboard? Or maybe they will stumble across a remote shell by touching the screen to vote for the wrong guy a certain number of times?
Why in the world would you even risk having something like this connected to a public network? Store everything locally and have the precinct elections commisioner call in the results, then verify them later when the machines are collected.
load "linux",8,1
Your other comment regarding making it in the voting period is also interesting. In many voting districts people had been lined up all day to vote and did not make it before the office closed. I find this a problem.
Duncan Watson
'Nuff said.
BTW, I'm having trouble finding Florda on my world map.
The best way to accelerate a windows box is at 9.8 meters per second square.
if(gore > bush) {
printf("Gore wins\n");
}
elseif(bush > gore) {
printf("Bush wins\n");
}
else {
recount();
}
Am I alone in thinking that just a "touch the screen pick the President" thing is wasting the potential of a computerized voting center? For example, what if each candidate was allowed to submit a 1-page position paper that the voter could access when they're voting (hit "Details" or something?). I think that would be terrifically helpful in, say, local elections where you might not know the differences between the candidates or even what the office entails (WTF is a city controller?). Or what about having the booth voice-enabled for the vision impared (especially the elderly)? What about vote confirmation ("You have voted to xxx; press 'Change' to alter your ballot or 'Commit' to continue")? Can anyone think of other useful features? I mean, you want it to be clean and straight-forward, but why squander the potential?
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
All the Florida election data is gone forever incase you didn't know. All the computer files were erased esaping any sort of review.
c hi -0108010285aug01.story?coll=chi%2Dnews%2Dhed
http://www.chicagotribune.com/news/nationworld/
But, PLEASE at least report them to Nintendo, because they ARE using Nintendo's IP illegally
Which Pokemon is it? I don't follow the show.
Give each voter a simple ballot paper and a pencil.
Get rid of all hole punches, chads, butterfly ballots, etc etc etc.
Remember the KISS principal at all times.
Sounds like a setup, to me...
t_t_b
I'm on PJ's "enemies" list! Are you?
Florda? What is that...some sort of state near Florida?
If enough people attack the elections, it won't matter if some of them are just trying to find exploits to keep secret and hoard. Any security defect that's reported by an honest person immediately neutralizes the fact that a dishonest person found the same thing and kept it a secret, because it will be fixed once it's reported. So as long as more people are reporting bugs than are hoarding, this has a net benefit. The problem is, if the system is poorly designed and has enough defects, inevitably some will slip through the cracks and get caught only by blackhats. So, while this please-hack-me strategy has benefits, it is not, by itself, enough to prove the system.
It's rare that you're presented with a knob whose only two positions are Make History and Flee Your Glorious Destiny.
High school students and retirees are good for usability testing, but anyone who thinks they'll be good for security testing is crazy.
N.B., I am not saying that no teenager (or retiree) can do good security testing work, but they're the exception. They'll be able to provide valuable usability feedback (e.g., no more butterfly ballots, or multiple selections made by shaky hands), but thinking it will say anything at all about security is a joke.
Good security testing requires a specific mindset and a good knowledge of previous attacks. This is rare, at any age, and requires the type of behavior that I'm sure the administrators will try to discourage. This sounds like a situation set up to guarantee a false sense of security.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
What moron decided this was a good idea? Kids need to be taught that hacking is wrong and that they need to respect the law at all times. Even if it's authorized it doesn't make it any more right. It's just introducing kids to hacking and allowing them to gain skills from doing so... criminal skills. I know it's unpopular here to discourage hacking but flaunting the law like the DMCA is a terrible thing to do. Do we want to put more kids in prison (prison is appropriate for hacking and intellectual property violations... DO NOT ARGUE THIS PLEASE!)? So I say once again... STOP ENCOURAGING OUR KIDS TO BECOME CRIMINALS!
Hacked by Chinese!
It takes on a whole new meaning...
I don't hate GNU software. Hell, it's great stuff. What I do get tired of, however, is everyone insisting GNU be used for everything. The truth of the matter is, as much as GNU zealots and RMS will argue otherwise, I would be honestly scared to have open source voting software run an election in this country. Because I KNOW that someone would hack it and add in half a million write in votes for Fidel Castro. This is not to say that a closed source voting system would be impregnable, but I do believe there is something to be said for security through obscurity, especially for something with actual importance.
Not exactly "cracking" the system, but a covert way to wax a few thousand votes.
A cute little *nix variant with a 4 button keyboard.
Up, Down, Forward, Back.
You move the cursor to your choice and hit Forward. At the end you review your choices. Select any that you want to change and finish.
A green light appears on the desk of the silly little election monitor guys table. He waits for that person to leave and allows the next person to enter the booth and hits a button to accept the next poll after the person has been verified. Any person without proper ID or if they don't make it within the voting time period does not get to vote. They can go cry a river somewhere.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
OK fine, you don't have to do the "DOS attack" if you don't want. But, PLEASE at least report them to Nintendo, because they ARE using Nintendo's IP illegally, regardless of whether they screwed me or not!!!!
Will you crack it?
People will be trying to crack elections.state.florida.us, so they'll miss the real server at elections.state.florda.us. That's thinking ahead!
They did that with some test Windows 2000 box, which nobody broke into as I recall. (Golly, Windows 2000 must be secure!) However, Windows 2000 started getting cracked once Microsoft started shipping the negligent bloatware (yup, still have not fixed that virus-bearing document format). This is due to crackers getting to sit a Windows 2000 box down, rip it apart, and otherwise get their hands on it, rather than poking sticks at an ivory tower somewhere.
Plus, with the recent SMDI thingy, I think some folks would be wary to take up a corporations offer "hack this, please, we won't beat you up with the DMCA. honest."
What strikes me is all the systems I've seen give no record to the _voter_ as to what their selections were. Once you've walked away from the voting booth, you really only have your own recollection of who you voted for (and this recollection may not be true in some cases)
So: receipts!
Heck, lottery tickets have barcoded information or whatnot on them. As a previous poster suggested, print something like these out from the voting machine so the voter has a record of who they voted for. They look at it, it's wrong - blammo! Bring it to one of the people in the front to correct or whatever.
Perhaps a better idea: there should be some unambiguous way to a voter to see who they voted for, regardless of the system. Granted, we expect that people should have enough sense to look at what holes they punched, or switches they pulled, etc. But that's no excuse for poor usability in the voting scheme.
We push for usability in our software, why not the process by which we elect those who represent us?
Hack the Vote? Not in Broward
By William Welsh,
Staff Writer
Officials in Florida's Broward County were scrambling Aug. 17 to put to rest a rumor that the county would allow high school students to try to breach the security of election computers in a mock election.
The idea surfaced at a meeting of the Broward County Commission Aug. 16, in which County Commission Chairman John Rodstrom suggested that computer savvy kids might get to hack their way into the election system, reported the Associated Press.
"That is not going to happen," Bob Cantrell, director of intergovernmental affairs for the Broward Supervisor of Elections, told Washington Technology.
Not all people are out to cheat,decieve or steal. A hack could be just a another challenge. Not every computer enthuisist or professional has some sleazy intent in mind. They're are people who like to share their knowledge and teh the improvment of all concerned here in this world.
Just imagine the accuracy improvement over the last (globally interesting) Florida elections.
# Vote "George W Bush"Are you sure? [ Y/N ] # Y
Are you really really sure? [ Y/N ] # N
# Vote "Al Gore"
Are you sure? [ Y/N ] # Y
Are you really
voting slip seg-fault, core dump has begun
this is a dangerous issue. Currently those little pencils that a lot of voting systems use don't have erasers for a purpose. If you can't put an X in the right box the first time, well then...
Giving voters a confirmation prompt like "Are you sure you want to vote for Bush" might prompt multiple confirmation prompts i.e. "Are you really sure..." and it could very well turn into a video terminal with Regis saying "Is that your final Vote?"