Slashdot Mirror
Florida County Asks Students To Crack Elections
imAck writes: "After the election fiasco last year in Florida, many have discussed the possibilities of using a computerized voting system to replace the old punch-card ballot system. Florida's Broward county is considering buying a $20 million dollar computerized touchscreen system to handle future elections. What makes the story interesting is how they are planning to test the system for security holes.
The county plans on holding mock elections in high schools and at senior citizen communities. They are actually asking the students to try and hack into the system during the mock elections to learn of possible security issues." I wonder if Broward County would look into spending their money on hardware and supporting development of the GNU Project's existing electronic voting software.
America isn't a democracy, it's a republic
Well, if you want to be anal, its a Constitutional Democratic Republic.
And FWIW, other state had equally bad voting problems -- its just that they didnt affect the outcome, as they did in Florida, so no one paid much attention to them...
Recursive: Adj. See Recursive.
Oh, there's worse things the Evil Agents could do with a list of people who have practice at hacking into voting systems. Far worse things...
Bullshit. First of all, there wouldn't be 200 million ballots; you're high by a factor of about 3. Second, a well designed hand counted system could be handled quite quickly. The problem with the Florida counting was that the ballots were designed to be read by machine, not by hand, so hand counting was difficult. That wouldn't need to be the case if you designed the ballots to be hand counted from the start.
A single person could easily count several thousand ballots per day, which is well more than the number of voters at most polling places. That means that you just have the election monitors bring their ballot boxes to a central location (which they'd have to do anyway) and then they'd spend an hour or two counting the votes. They already have people from both major parties there, so there would be built in protection against fraud. This would require more labor than the current system, but given the reduced cost of machines and ballots might even save money.
There's no point in questioning authority if you aren't going to listen to the answers.
So you Americans wanna record your votes on a potentially complex system, which will envariably be designed, developed and depolyed by the lowest bidder?
Now that'd be a fun house committee to sit in on...
And of course, next time, it won't be the Florida elections in dispute... Good ol' Californian brownouts will see to that.
Vs lbh pna ernq guvf, ybt bss abj. Tb bhgfvqr. Syl n xvgr.
Ballot boxes from opposition strongholds can fall off the back of a truck. The county court house can burn down after the desired results are reported.
Mea navis aericumbens anguillis abundat
As for bits of paper used for voting, has the idea of ballot stuffing not occured to anyone? Granted, punched chads may or may not have any protection against ballot stuffing (like printing a serial number at the moment of punch, or whatnot) but writing a number on a piece of paper, or checked boxes on a sheet of paper seems too prone to abuse to really be considered.
IP is just rude.
Is there any torture so subl
First hack: php spellcheck
All around hack: Jon Katz
Also I feel that it's the right of every citizen (or at least the knowledgeable ones) to know exactly what kind of system is used to gather their votes, this is a basic right.
You're one hundred percent correct, which is exactly why the day a federally-sponsored electronic voting system is announced, there will likely be several hundred FOIA requests fired off, mine included.
Speaking of which... Has anyone tried to do a FOIA request for mundane (ie, not carni^H^H^H^H^H DCS1000, Echelon, or nuclear simulation) government software? I'm sure some of it must be almost laughably bad. Taking it a step further... What about submitting a FOIA request for the source code to a government website, or network infrastructure, or anything else that while not "national security" may be potentially sensitive?
The truth about Scientology, Xenu, and you: Operation Clambake
won't we have use the phrase GNU/President?
Point being, the simple, nearly moron-proof system used in Canada just plain worked. The system you propose is even better, integrity-wise.
Anything is better than punchcard butterfly ballots that might be lined up properly being hit by a machine that might be working with candidates lined up in something resembling an organized fashion that hopefully won't be confused by most people.
*goes to shake head once again*
Someday, you're going to die. Get over it.
If the election officials bungle paper punch cards, imagine what they will do with computers.
Training people to do a proper job, with reasonably good materials, will go much further toward fostering a positive voter experience than any electronic devices will.
Treatment, not tyranny. End the drug war and free our American POWs.
See my user info for links.
While manual counting may be reliable, it would take a pretty huge chunk of resources. That's just silly. Hundreds of people labouring for days to count things. And you need to oversee every part of the process to make sure no-one cheats. One of the attractions of electronic counting is that once the method has been scrutinised and approved by participants, you can (provided the _deployment_ has a secure procedure as well) know that exactly the same method will be deployed everywhere.
Here (Canberra Australia) we are going to be testing electronic voting. The code is GPL and available to anyone for validation, the process is transparent and anonymous and the security is physical (they treat the voting servers/stations just like sealed ballot boxes).
You won't get fair voting systems without good people, the systems should lt them exert more control over how the system works.
Xix.
"Everything is adjustable, provided you have the right tools"
I think the reason behind this is that they're enlisting a stereotype. Other articles on the subject talk about 'teen hackers' and 'whiz-kids'. It seems that the people planning this believe 'hacker' is another word for a punk kid who spends too much time online.
Doesn't anyone take that shit seriously enough to think that maybe, just maybe, voting systems should be consistent?
The differences in voting systems are considered a benefit: one compromise can't rig the whole system.
"Will the last American to leave Miami please turn out the lights when you leave."
The other reason suspicion was cast on my home state is because our governor (Governor Jeb "Duh" Bush) was the candidate's brother.
So you feel that it is less courageous and honorable to go to Vietnam as a journalist than to go AWOL from the National Guard after daddy's friends pushed you to the front of the waiting list? You have a strange set of values.
Would that be the five courses he failed at Vanderbilt?
Yes. So he took some courses he did not complete. Big deal. He proved his mettle at Harvard, graduating with honors, while Bush barely squeaked by at Yale with a "gentleman's C" GPA.
Bush won his country. You obviously don't understand the electoral system of your own country
No, Bush won the Electoral College and lost the country. Over 500,000 more American citizens voted for Gore than for Bush. More American citizens wanted Gore as their President and an antiquated, unbalanced system left over from the days when votes were carried in by horseback robbed the American people of their choice.
Had the election gone the other way, you'd have been screaming about how unfair the Electoral College was.
Slashdot can be used as a voting mechanism. Everyone will be given moderator points and will vote for the few candidates who will present themselves with short description as answers to articles. I wonder what kind of results will be collected: Bill Clinton 5 Interesting, Al Gore 3 Flamebait, Bush -1 Troll.
You can't handle the truth.
Of course, if someone found an exploit, would they report it? Or simply leave it be, and use it during the election?
Much government software is produced under a contract in which the contractor holds ALL copyrights and the government is granted the rights to use the software. FOIA requests will have no effect, any more than a FOIA request could produce the source code to Windows just becuase the government uses it.
Maybe, but I still think that voting software is the one example of software that would probably benefit from being closed source and taking the "security through obscurity" approach. Face it: this kind of software will only be used once every two or four years (I don't know how often you Americans vote, it sometimes seems as if there's someone to be voted into some office or other every year, if not more), no one, not malicious script kiddies, not dedicated hackers will get anywhere near the software, so provided the people in charge of it are trustworthy, there will never (almost, anyways) be a problem with security, as all people see is the buttons you push, not the underlying code.
...
Of course you could also argue that since it's really hard to actually get to the software and fuck with it, it doesn't matter that the source code is open for public scrutiny (malicious or not). So either way, it doesn't make much difference.
Maybe a better approach would be to actually "prove" that the software is faultless. A guy I know took a course in university where they were taught to prove the correctness and bug-free-ness of certain algorithms - wouldn't voting software be simple enough for it to be possible to do this? I don't know, maybe someone who does could shed some light on whether or not this is possible
News and bla for computer musicians: http://lomechanik.net/
- Present their credentials to the county commission and convince the commission that they do indeed want this person examining the system
- Tell the commission that they'll be unable to assist unless they have written assurances of immunity from prosecution for their participation in the test from the relevant local, county, state and federal officials (DAs & AGs).
While I don't expect that anyone would actually be prosecuted for participating unless they really pissed someone off (it'd be a PR nightmare - "County solicits hacker assistance, State prosecutes helpers!"), I kind of regard it as a "principle of the matter" thing and a way to get the point about silly laws across.For high school students, the risk of participating is being branded a "hacker" by your school - they're not interested in what you're doing (e.g. helping the county election board), they're going to screw you over because of the skill set you have.
Second, I'd be relatively unconcerned about the danger of someone hacking an individual voting machine - anyone wanting to significantly bias an election would be better off arranging some changes to the new tallying systems that will have to go along with the new voting machines.
For the individual voting machines, it'd be possible to do things like record votes both to disk and to a continuous paper tape (perhaps in a sealed unit). By putting timestamps on the tape every X minutes (15? 30?) and comparing those to the number of people who voted during each time period (as recorded by the elections staff) it would be possible to identify statistically anomalous patterns of extra or dropped votes.
One problem with paper tape in particular is that there's at least a potential for abusing anonymity with anything that records votes sequentially, particularly if the local election staff has access to the recording media/paper tape. "Hmm, Bob was the third to last person to use that booth. I wonder who he voted for?"
fencepost
just a little off
Picture Dan Rather reporting the latest election return results: "And tonight we have the election returns for the state of Florida. Apparently 31337 hAx0r has won the election by an unprecendented landslide..."
*Condense fact from the vapor of nuance*
DMCA makes it illegal to crack copy protection - not security (note: this is really stupid). Adobe is abusing it. Please stop talking about it. Thank you.
SIG: HUP
Do you feel better now? The only the Federal Govt. would allow computerized elections is to put a Federal computer security and law enforcement agency in charge of it. Welcome to the CCCP where the secret police run the elections.
In order to use formal methods to prove something is secure, you have to find a way to represend all the possible variables. In even a system specifically designed for voting, this is likely an impossible task. Each component from the OS, as simple as it may be, to the device drivers that run the touch screen, would have to be designed with an extremely rigorous process to ensure that your formal methods would have any validity. I'm not saying that formal methods shouldn't play a role in the design of a secure system. I just don't think you're going to be able to really prove a system is secure. You can however do better than just throwing a system together and patching the security issues that come up in limited testing. If they want the system to be secure, the first thing they need to do is isolate the network, and strictly limit access. If it's attached to the internet then security will be a much greater risk.
Yeah, I'm sure the code to do nuclear simulations on the top (public) supercomputers in the world is laughably bad.
Actually, I was speaking of the DFAS accounting systems which, by the military's own admission, are bad at tracking things, and have caused the "loss" of billions of dollars worth of equipment. If the system allows that to happen, it's either poorly coded or poorly integrated.
The truth about Scientology, Xenu, and you: Operation Clambake
umm, why is this to bad? The fact that is it is written in java means they can run it on whatever hardware they have, with minimal hassel, because it is OS independant. Also, less security worries as java is inherently more secure.
-- free as in swatantryam - not soujanyam.
Damn Anonymous Coward. Your name's probably Chad.
LOAD "SIG",8,1
LOADING...
READY.
RUN
"This man hacked into our systems and he's well able to cause serious damage over computer networks. Just look at this: he cracked Florida's new ballot system!"
Don't help officals or suits, it gets you screwed big time. If you can code or hack or crack, keep it under the lid in the public and don't brag about it. It doesn't do any good to you.
Preserve old classics: copy your collection onto all hard drives.
You can't be sure that 'the people in charge' are Trustworthy -- especially if they are the one well-known soft link in the security chain.
Social engineering is one of the most successful methods of getting into a system. It's one of the favorite methods of organizations like The CIA, The (former) KGB, The Mafia, and most con artists. Even if you're going for a hardeware solution, it's still gonna be easier if you can blackmail design info out of the people working on the system.
Free Software: Like love, it grows best when given away.
Well, gee whiz, we've had that for a long time. Just download the Slashdot source code, find the part that does those nifty polls, and boom! Instant electronic voting.
Donate background CPU time to fight cancer.
And it was all counted by hand.
And forget arguing about population/voter size. It scales almost linearly.
- Are the voting booths on a network that can be reached from outside on election day?
- If the votes are h@x0red after the election, will it be possible to detect that fact? (I.e., there won't be any physical ballots to recount.)
- If the machines are rigged before the election, will it be possible to detect that fact?
IMO, the risks of computerized elections are not worth the payoff. Alas, the last election set up a situation where counties all over the nation will have an excuse to eagerly spend our tax dollars on snake-oil solutions.Sheesh, evil *and* a jerk. -- Jade
Not that I disagree with you, but do you have anything documented that shows information about counties that had lines all day and not everyone got to vote? If this is the case, then you're right, they need to add more voting polls as every deserves a fair single oppourtunity to vote, but so far I haven't heard of any documented cases of this actually happening. I've heard of areas where the polls flooded later in the day but nothing all day long.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
I am pretty sure that bush with his team of 313377 h4x0rs will be taking the next election in florida. Or he could just ask his brother.
"Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M
Why exactly are they having kids try to hack into this again? It seems rather redundant to me. Any system used for something like this shouldn't require testing for security, it should be _proven_ to be secure (ie: written in ADA, if it comes to that).
I don't know about everyone else, but I'm nervous that this is going to be a solution written by crappy government contractors in VB and SQL server (or PHP and MySQL, for that matter), without any of the rigor associated with Real Security.
I'm not sure what you can mathematically prove about a real-world system like this. What havoc can I cause by dropping a pencil stub in the printer that creates the paper record of votes? What if I pull THIS plug at THAT time? (And, hmm, what if I then stick that plug into my laptop?) Or what if I adjust the vertical on the display to hide the bottom candidate from that sweet, but mentally fragile grandmother behind me in line? What happens to a touch screen if I stick a little piece of gum on it? Can I somehow damage the touch sensors without making this fact evident? Exactly how much fun can I have with a strong magnet? In short, I'm not sure that formal methods buy you much in such an informal environment.
Hopefully that will improve spelling
And lead to a greater use of punctuation by posters.
This will be the best guaranty that all the holes will be quickly found. Also I feel that it's the right of every citizen (or at least the knowledgeable ones) to know exactly what kind of system is used to gather their votes, this is a basic right.
And next, this may even happen in Florida.
The most important thing about electronic elections is not that Haxor Doods can't hack into these machines after they draw the curtain. What's important is that there still be a trail of paper ballots for later audits, in case the election officials are corrupt. If you're going to use these machines, make sure they print an unambiguous ballot that the voter sees and deposits in the box. That way any mishap can be corrected.
Let's review why black-box testing is a weak form of testing:
If you were a malicious group wanting to cause havoc in America, do you think you would enter a "hacker challenge" to demonstrate flaws in a system, then reveal the flaws for a moderate compensation, or do you think you would wait quietly until the system was deployed, at which point you could massively influence the elections through the flaw you discovered?
120 characters isn't enough to explain it.
Rebecca Mercuri's "Why it won't work" statement on online voting.
A feeling of having made the same mistake before: Deja Foobar
Incorrect; it had partly to do with the closeness, partly to do with how the votes were taken. The fact that the "dimpled/hanging chad" business took place at all shows the machines being used in that particular area were, well, crap. The tightness of the vote didn't help one iota, but using a voting system slightly less prone to ambiguity or confusion (I must repeat, the layout of the ballots in question was far more complicated than it had any right to be) might have aided the count and led to slightly less controversy. Hell, the perception that Bush was "chosen" by the Supreme Court, a perception with a bit of basis in reality, might not exist had the ballots and voting machines not been so badly designed as to force counters to waste time looking at the ballots seven ways from Sunday to determine the silly crap Republicrats were asking them to look for.
If the Canadian election had come down to a single riding, with only a few hundreds of votes making a difference, as the U.S. election eventually came down to a close result in a single state, do you really think that the close precincts wouldn't have been contested?
Oh, I'm sure there would be contested precincts. I'm also pretty sure the mess wouldn't have dragged on for over a month, and it wouldn't have become utterly absurd to any and all observers, partly thanks to the ballot and machine design. Determining whether a circle on one side of a ballot is marked seems to be a far less complicated process than trying to guess whether an indentation in a piece of cardpaper indicates "voter intent". In fact, the instructions given to voters here were clear, simple, and provided in large print for the nearsighted (guilty):
No muss, no fuss. Sure, an unscrupulous poll worker could somehow break into the ballot box after polls close, but I'm pretty sure Elections Canada employees hang over their shoulders from the time the polls close to the time the last ballot is counted, whenever that is.
What happened in Florida was a disaster, about as bad as it gets. What makes it worse is that the disaster could have been prevented had the people who chose that type of ballot begged for something a little less prone to error. Or even, - *gasp* - a consistent, simple system was decided upon across an entire state.
Yes, I'm pretty bitter about the whole mess. It was just plain jaw-dropping, and the way it was concluded probably wasn't the best solution, or even one of the better ones.
Simple solution: Next time, do it right. As another poster (or two, or three) have mentioned: KISS.
Someday, you're going to die. Get over it.
Having worked for the Secretary of State here in Florida (and working on the first couple of election results systems for the Florida Dept. of State, Division of Elections), I feel confident saying that the problems in Florida are mostly due to sheer incompetence. The few people who actually know anything aren't compensated enough to stay on, and the rest rely on Peter Principle to stay in their positions. Problem is, this incompetence allows those who are truly evil to have free reign over the elections. It's not some big, carefully orchestrated plot, it's pure opportunism - wait around for a big enough screw up, and have your fun during the resulting confusion.
What'dya mean there's no BLINK tag!?
High school students and retirees are good for usability testing, but anyone who thinks they'll be good for security testing is crazy.
These two age groups are the actual voters themselves... they will be the ones physically voting at the polls. I guess the idea is if teenagers can figure it out, and the seniors can figure it out, then 30 - 50 year olds can figure it out. This is an excellent test to perform in tandem with your security test.
The hacker group is a separate group who may or may not be actually voting in the mock elections.
That's nonsense. This could have gone down to any, even the smallest, of the 50 states. Every state has vote counting problems. It seems strange that we're only applying fire protection to the one place that's already burned down.
Donate background CPU time to fight cancer.
One can copyright the presentation of a compilation of facts, even if not the facts themselves. Someone has to be the official sayer of "X won by #### votes", et cetera, and the state owns those words since it paid for them (whether or not it knew the content in advance). Likewise, the election ballots themselves are copyrighted.
Now, this does get tricky since the thing one wishes to change - the election results, prior to publication - are merely a compilation of facts, not a published work. But watch for some corporation to put in a "pay per view" system of this data (which may stay in place even though the data is supposed to be public domain, up to a point: "reasonable access fees" are allowed, which some judge may well believe to be nonzero even for electronic media where it can be proven that the per-access costs are way less than a penny each). Then the DMCA becomes an issue.
The differences in voting systems are considered a benefit: one compromise can't rig the whole system.
How the heck do you nationally compromise a piece of paper with "BUSH" and "GORE" written on them, with a big empty checkbox next to each?
NO CARRIER
Also note the EDD initiatives forming here and here.
Steve Magruder, Metro Foodist
The circumvention must be unauthorized.
Gee, guess Dr. Felten should've just gone ahead and presented in his first go 'round, when the RIAA sent him a nastygram outlining the DMCA.
Vote counts are facts, which cannot be copyrighted.
And legal opinions are public record, which also can't be copyrighted, but damned if that doesn't stop Lexis/Nexis from going after anyone and everyone who looks like they might derail the gravy train.
It could also get Sklyarov off the hook if a significant number of classic (i.e. pre-1923) books are published in eBook form.
That would be BEAUTIFUL, but sadly, it's not the case. Amazon couldn't find enough people to con into buying encrypted ebooks for texts that Project Gutenberg makes available for free. Hell, not even AOL, with its seemingly bottomless well of cluebies could pull that one off.
The truth about Scientology, Xenu, and you: Operation Clambake
I did. Canadian election happened on November 27 (several weeks after US) and we knew the results the next morning (several weeks before US). The entire country used paper ballots which you mark with pencil and drop in the box. No pregnant chads. No butterfly ballots. No punchcards. No nonsense.
___
If you think big enough, you'll never have to do it.
You obviously didn't pay attention to our last election.
No, but he might have paid attention to the Canadian election that took place in a single night, Nov. 27, while the US was still trying to decide what a dimpled chad signified, and whether a full recount was really worth it.
In my opinion (you didn't ask, but you're getting it anyway:), every vote should have been counted, and if there was any ambiguity in the vote, toss it. Lesson learned; don't use overly complicated voting systems. Seriously, what's the problem with having the names lined up on one side, and the marking points on the other? Who the drizzling shit came up with those 50 000 different voting systems, anyway? Doesn't anyone take that shit seriously enough to think that maybe, just maybe, voting systems should be consistent?
Sorry for the rant; I just can't figure out how the country that's supposed to be a model of democracy gets itself in such a stupid mess in the first place.
*walks away shaking head*
Someday, you're going to die. Get over it.
...are inside attacks. That is, not to garantee that the system is immune to crackers, but that it is immune to attacks by the government. Unfortunately, we don't have that second garantee here in Brazil, where we had an election with 100% of electronic ballots last year. The worse is that government won't allow researchers to audit those ballots.
That...
l
1. the responsible parties in FL think that this is a remotely good idea, and
2. the responsible parties in FL think that "electronic" voting is feasible.
Don't these people consult experts that know about such things, and have informed opinions? Or do they just listen to brain-dead consultants.
Check out a Crypto-Gram article for a better explanation than I can provide:
http://www.counterpane.com/crypto-gram-0012.htm
Unless you're Katherine Harris and authoring your own election results
She might as well have.. Florida was so crocked that any little hesitance or slip she might have shown to the Gore camp, the Gore lawyers, or the Broward County election committee could have very well written it in her bosses favor. Her boss being, of course, Jeb Bush.
.sig: Now legally binding!
Oh my god, isn't this a steaming pile of bullshit.
Gore graduated from Harvard with honors in 1969. George W. Bush graduated from Yale in 1968 with a GPA he said could be described as a "gentleman's C."
Gore dropped or failed out of not one but two graduate schools.
Al Gore enlisted and served in Vietnam through 1971. George Bush joined the Texas National Guard -- getting pushed ahead of a waiting list of about 500.
Al served as a military journalist in the Vietnam war--not a soldier. He had bodyguards (not the norm for journalists) arranged for him by his senator father so he'd never be in harm's way.
After Gore returned from Vietnam, he took graduate courses at Vanderbilt while simultaneously holding a job as a newspaper reporter.
Would that be the five courses he failed at Vanderbilt?
Considering that Bush lost his home country,
Bush won his country. You obviously don't understand the electoral system of your own country, and why it is the way it is. The electoral college exists because the USA is representative republic of semi-autonomous states. The electoral college serves to increase the relative power of small states, thus preventing them from being ignored in the presidential election.
Uneducated yahoos in the bible belt preferred Bush.
And homeless drug addicts preferred Gore (especially the ones Democratic supporters bribed on election day with free packs of cigarettes and rides to the polls). What's your point?
There's a difference between a recount, and a great big argument as to what *precisely* defines a "vote". In all Canadian elections, the defining question is "Is the voter's intent clear?" If there's a checkmark, an x, a little squiggle, or anything else in one box, it is clear. If two boxes are marked, it's tossed. End confusion. (I'm not sure how "candidate's name is circled" is treated.)
If a tree falls on an anonymous coward yelling 'first post' in the forest, does anybody hear?
Well there are two problems here:
1. the punchcards like to put a mark between two check boxes.
2. it is apparent that the general population is incredibly confused when it comes to using the systems (as simple as they are).
KISSing can never be simple enough.
In my opinion (you didn't ask, but you're getting it anyway:), every vote should have been counted, and if there was any ambiguity in the vote, toss it. Lesson learned; don't use overly complicated voting systems.
Here's my opinion. Every vote was counted, and they did toss the ones in which there was ambiguity. There were some problems with the voting system in Florida. I saw the ballot and relly don't think it was really confusing. VOters do have a responsibility to take a little bit of time to make sure they understand what they are doing. If they couldn't look over the ballot carefully, then their right to vote wasn't that important to them. A different system will just result in different mistakes.
There was another problem that did concern me. There were punch card machines that hadn't had the chads cleaned out of them for years. It is likely that because these were full, the chads did not completely detach on some people's cards. That was due to unacceptable incompetence by the people in the local elections offices. They are supposed to ensure that the voting equipment was in good working order. They didn't do their jobs. However, that fact was mostly ignored, and those people weren't held responsible for their mistakes. Why? It just didn't make as good of a news story as the system being out to disenfranchise minority voters. The system needs fixing, but it's not going to be fixed until there's some accountability for the local elections officials who didn't perform their responsibilities.
"Have you Meta Moderated the Presidential Election Today?"
How are you? I send you this vote to get your advice.
Having a high IQ, and working and associating with others who also do, has lead me to sometimes expect too much from people. Sorry. I'll break down the reasoning further for you:
If you were building an automobile manufacturing plant, where would you build it? Where you could find qualified workers. If you build a top-notch university, would you build it where the average IQ was 95 and the average education was 10th grade? Of course not. That's why Alabama, West Virginia, and Arkansas do not have Ivy League schools.
An Ivy League university employs many of the top minds in the world. Thus, those people will immigrate into the state housing the University. They will bring spouses and children, who will be, on average, more intelligent and better-educated than the average person.
Many people, after getting out of college, settle down to live and work near where they went to school. That's why you will find a proliferation of high-tech businesses near MIT, for example. This tends to further increase the overall intelligence and education of the population in those areas.
To show the validity of this, let's look at an analysis of the numbers from the 2000 Census:
Percentage of residents with BA or higher degrees:
States with Ivy League schools: 28.96%
States w/o Ivy League schools: 24.38%
Looks like my reasoning is pretty sound.
By the way, I discovered an error in my original message. I attributed Rhode Island to both Gore and Bush. Rhode Island was the only state with an Ivy League school won by Bush.
A pen then.
Choose One:
Cheap $3.00 Crack
The Good Shizzit(TM)
Any sufficiently well-organized community is indistinguishable from Government.
It is a classical mistake to have a competition with big prizes for cracking any crypto or similar system, and then assume that if nobody succeeded, it must be safe. Money is, after all, the only real motivator in the world, right?
Well, lets say Brandon K Cracker managed to find a way to circumvent the voting system. Let's assume there was a cash-prize of $10k for cracking it. Would he disclose his success in cracking the system?
The answer is that he most likely would, if (and only if) the value he got out of doing so now would be greater than the value he would get out of disclosing it when Florida already uses the system.
There are lots of people in the world that would pay very handsomely to influence or DoS elections, even in a small country. And when its the american elections, they would pay even better.
Then there's always the possibility that for Brandon money isn't the Grand Only Force that some people think it to be for everybody. Maybe he is in fact politically or religiously a very engaged boy, he might see the potential to use his knowledge for making sure that <insert nasty organization here> wins the next election.
So using this kind of testing to verify security of any system is always a mistake, at least if it is given any large value in the final evaluation.
But of course it doesn't hurt as a part of a much larger evaluation. Some "honest" boy might find a big hole and report it. And, if not else, it is a great way to do "monkey testing" to see if the system crashes under load.
Just don't trust it.
Hundreds of would be hackers rounded up in computer sting!
The Kruger Dunning explains most post on
I just cracked the voting system they are proposing to use. Unfortunately, because of the DMCA, I cannot share the technical details, other than to say that it does involve a double application of the rot-13 technology.
Grownup: "Hey you! You're a teenager, you must know something about these copmuter-ma-thingies. You listen to MP3's, that means you're a computer-hacka ... whatchamacallit ... hacker. Right?"
Kid: "Uh yeah, sure. I guess so"
Grownup: "Great! Great! Try to hack into this computer and ruin the election".
Kid (Avid reader of Pointy Haired Weekly for Teens) logs into computer, discovers that there is no C:\ prompt, and give up.
Kid: "Well sir, this computer is unhackable."
Grownup: "Yes! Yes! We are secure! SECURE! We'll see if those half-blind, senile senior citizens can screw up the *next* election!" ...
Why not make this contest open to the public ?
"Can of worms? The can is open... the worms are everywhere."
What is it with American elections? Isn't ticking the box on a voting slip good enough? It seems to be good enough for just about every other 1st world country. Is there some farcical requirement in the constitution that elections be complicated, weird and produce dubious results?
This is just like that episode of "The Simpsons" where they're holding a referendum by blowing out candles, flushing toilets, droping pebbles in jars, pulling on one-armed bandits and other such nonsense. Now we introduce computers. Hell, I wouldn't trust any large scale software project I've ever worked on to count my vote.
One word, KISS.
Third (and here's where the paranoia shines through), what about the list of people who try to hack the voting system? Is it going to be destroyed after the test, or will it somehow wind up in the hands of some law enforcement agency to be used as as self-selected suspect list the next time something bad happens to a computer somewhere?
this is already done. Except they mail it to each voter's house. Everyone gets a description of everybody on their district's ballot.
The descriptions need to be more helpful though. Usually it's a form they filled out telling where they went to school and maybe some positions if you're lucky. They should each be given a question like, "in 500 words, what is the difference between you and your opponent?" and "what is your philosophy of government?"
Vidi, Vici, Veni
What an excellent idea! I wish that more companies/entities would utilize this excellent security measure. Imagine how much better M$ would be if they just took after Florda, and had a crack me IIS server. You know everyone would want to crack it, and some of the insecurities would get opened before they cause damage. Florda's new policy rules.
...since they can already deliver their own state by hand, they will use the information gained to use the Internet to remotely subvert the Constitution in other states.
--Blair
Who needs hackers if the electronic systems already suck?
Can't you see that everyone is buying station wagons?
And the new President is...
Cowboy Neal??
I'll think of a funny sig later on
BTW, I'm having trouble finding Florda on my world map.
The best way to accelerate a windows box is at 9.8 meters per second square.
By using java in this election thing, the people running the vote can have it run in a sandbox to help keep hackers out. By using the java security model to impose policy restrictions on code at run-time, it keeps results from being tampered with or viewed before the ballot is complete.
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
if(gore > bush) {
printf("Gore wins\n");
}
elseif(bush > gore) {
printf("Bush wins\n");
}
else {
recount();
}
Am I alone in thinking that just a "touch the screen pick the President" thing is wasting the potential of a computerized voting center? For example, what if each candidate was allowed to submit a 1-page position paper that the voter could access when they're voting (hit "Details" or something?). I think that would be terrifically helpful in, say, local elections where you might not know the differences between the candidates or even what the office entails (WTF is a city controller?). Or what about having the booth voice-enabled for the vision impared (especially the elderly)? What about vote confirmation ("You have voted to xxx; press 'Change' to alter your ballot or 'Commit' to continue")? Can anyone think of other useful features? I mean, you want it to be clean and straight-forward, but why squander the potential?
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
Give each voter a simple ballot paper and a pencil.
Get rid of all hole punches, chads, butterfly ballots, etc etc etc.
Remember the KISS principal at all times.
High school students and retirees are good for usability testing, but anyone who thinks they'll be good for security testing is crazy.
N.B., I am not saying that no teenager (or retiree) can do good security testing work, but they're the exception. They'll be able to provide valuable usability feedback (e.g., no more butterfly ballots, or multiple selections made by shaky hands), but thinking it will say anything at all about security is a joke.
Good security testing requires a specific mindset and a good knowledge of previous attacks. This is rare, at any age, and requires the type of behavior that I'm sure the administrators will try to discourage. This sounds like a situation set up to guarantee a false sense of security.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
A cute little *nix variant with a 4 button keyboard.
Up, Down, Forward, Back.
You move the cursor to your choice and hit Forward. At the end you review your choices. Select any that you want to change and finish.
A green light appears on the desk of the silly little election monitor guys table. He waits for that person to leave and allows the next person to enter the booth and hits a button to accept the next poll after the person has been verified. Any person without proper ID or if they don't make it within the voting time period does not get to vote. They can go cry a river somewhere.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
People will be trying to crack elections.state.florida.us, so they'll miss the real server at elections.state.florda.us. That's thinking ahead!
They did that with some test Windows 2000 box, which nobody broke into as I recall. (Golly, Windows 2000 must be secure!) However, Windows 2000 started getting cracked once Microsoft started shipping the negligent bloatware (yup, still have not fixed that virus-bearing document format). This is due to crackers getting to sit a Windows 2000 box down, rip it apart, and otherwise get their hands on it, rather than poking sticks at an ivory tower somewhere.
Plus, with the recent SMDI thingy, I think some folks would be wary to take up a corporations offer "hack this, please, we won't beat you up with the DMCA. honest."