Slashdot Mirror
Florida County Asks Students To Crack Elections
imAck writes: "After the election fiasco last year in Florida, many have discussed the possibilities of using a computerized voting system to replace the old punch-card ballot system. Florida's Broward county is considering buying a $20 million dollar computerized touchscreen system to handle future elections. What makes the story interesting is how they are planning to test the system for security holes.
The county plans on holding mock elections in high schools and at senior citizen communities. They are actually asking the students to try and hack into the system during the mock elections to learn of possible security issues." I wonder if Broward County would look into spending their money on hardware and supporting development of the GNU Project's existing electronic voting software.
Of course, if someone found an exploit, would they report it? Or simply leave it be, and use it during the election?
- Present their credentials to the county commission and convince the commission that they do indeed want this person examining the system
- Tell the commission that they'll be unable to assist unless they have written assurances of immunity from prosecution for their participation in the test from the relevant local, county, state and federal officials (DAs & AGs).
While I don't expect that anyone would actually be prosecuted for participating unless they really pissed someone off (it'd be a PR nightmare - "County solicits hacker assistance, State prosecutes helpers!"), I kind of regard it as a "principle of the matter" thing and a way to get the point about silly laws across.For high school students, the risk of participating is being branded a "hacker" by your school - they're not interested in what you're doing (e.g. helping the county election board), they're going to screw you over because of the skill set you have.
Second, I'd be relatively unconcerned about the danger of someone hacking an individual voting machine - anyone wanting to significantly bias an election would be better off arranging some changes to the new tallying systems that will have to go along with the new voting machines.
For the individual voting machines, it'd be possible to do things like record votes both to disk and to a continuous paper tape (perhaps in a sealed unit). By putting timestamps on the tape every X minutes (15? 30?) and comparing those to the number of people who voted during each time period (as recorded by the elections staff) it would be possible to identify statistically anomalous patterns of extra or dropped votes.
One problem with paper tape in particular is that there's at least a potential for abusing anonymity with anything that records votes sequentially, particularly if the local election staff has access to the recording media/paper tape. "Hmm, Bob was the third to last person to use that booth. I wonder who he voted for?"
fencepost
just a little off
This will be the best guaranty that all the holes will be quickly found. Also I feel that it's the right of every citizen (or at least the knowledgeable ones) to know exactly what kind of system is used to gather their votes, this is a basic right.
I beg to differ. In Florida, home of PBC's now widely infamous ``butterfly ballot'', we have 67 counties. Of those, one used an advanced system of ballots where people were issued pieces of paper with pre-printed candidate names upon entry to the polling place. The people who were issued the pieces of paper made marks beside those names which most pleased or least displeased them.
At the end of the day, in 11 precincts around the county, the pieces of paper were sorted and counted. First, the papers were sorted according to the selection in the first race, then counted. The papers were then sorted according to the selection in the second race, and again counted. This advanced procedure (known as ``tabulation'') was performed for each race on the ballot.
The number of voters per precinct worked out to about 500. Union County had its results reported before midnight. No one doubted the results: the counts were quite reasonably accurate.
In Volusia County, which used a similar system except that the pieces of paper were counted by machine, we had results but not the same week as the election. We also had about 500 voters per precinct. There were disputes about the accuracy of the results, though in the weeks following the election they were pretty well settled.
So tell me, if Union can correctly hand-count their ballots and be home before midnight, why should we believe your claim that it'd take too long? If they had results before the machine-count counties, why should we believe that machine counting is better and faster faster?
Consider also the problem of Dade County. If you were to provide a balloting method which did not leave countable pieces of paper, do you believe that there is any chance of honest results?
Tilt at windmills. Occasionally one will fall over out of sheer surprise.
The most important thing about electronic elections is not that Haxor Doods can't hack into these machines after they draw the curtain. What's important is that there still be a trail of paper ballots for later audits, in case the election officials are corrupt. If you're going to use these machines, make sure they print an unambiguous ballot that the voter sees and deposits in the box. That way any mishap can be corrected.
...are inside attacks. That is, not to garantee that the system is immune to crackers, but that it is immune to attacks by the government. Unfortunately, we don't have that second garantee here in Brazil, where we had an election with 100% of electronic ballots last year. The worse is that government won't allow researchers to audit those ballots.
Third (and here's where the paranoia shines through), what about the list of people who try to hack the voting system? Is it going to be destroyed after the test, or will it somehow wind up in the hands of some law enforcement agency to be used as as self-selected suspect list the next time something bad happens to a computer somewhere?
What an excellent idea! I wish that more companies/entities would utilize this excellent security measure. Imagine how much better M$ would be if they just took after Florda, and had a crack me IIS server. You know everyone would want to crack it, and some of the insecurities would get opened before they cause damage. Florda's new policy rules.
Am I alone in thinking that just a "touch the screen pick the President" thing is wasting the potential of a computerized voting center? For example, what if each candidate was allowed to submit a 1-page position paper that the voter could access when they're voting (hit "Details" or something?). I think that would be terrifically helpful in, say, local elections where you might not know the differences between the candidates or even what the office entails (WTF is a city controller?). Or what about having the booth voice-enabled for the vision impared (especially the elderly)? What about vote confirmation ("You have voted to xxx; press 'Change' to alter your ballot or 'Commit' to continue")? Can anyone think of other useful features? I mean, you want it to be clean and straight-forward, but why squander the potential?
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
High school students and retirees are good for usability testing, but anyone who thinks they'll be good for security testing is crazy.
N.B., I am not saying that no teenager (or retiree) can do good security testing work, but they're the exception. They'll be able to provide valuable usability feedback (e.g., no more butterfly ballots, or multiple selections made by shaky hands), but thinking it will say anything at all about security is a joke.
Good security testing requires a specific mindset and a good knowledge of previous attacks. This is rare, at any age, and requires the type of behavior that I'm sure the administrators will try to discourage. This sounds like a situation set up to guarantee a false sense of security.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
A cute little *nix variant with a 4 button keyboard.
Up, Down, Forward, Back.
You move the cursor to your choice and hit Forward. At the end you review your choices. Select any that you want to change and finish.
A green light appears on the desk of the silly little election monitor guys table. He waits for that person to leave and allows the next person to enter the booth and hits a button to accept the next poll after the person has been verified. Any person without proper ID or if they don't make it within the voting time period does not get to vote. They can go cry a river somewhere.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin