Slashdot Mirror
Florida County Asks Students To Crack Elections
imAck writes: "After the election fiasco last year in Florida, many have discussed the possibilities of using a computerized voting system to replace the old punch-card ballot system. Florida's Broward county is considering buying a $20 million dollar computerized touchscreen system to handle future elections. What makes the story interesting is how they are planning to test the system for security holes.
The county plans on holding mock elections in high schools and at senior citizen communities. They are actually asking the students to try and hack into the system during the mock elections to learn of possible security issues." I wonder if Broward County would look into spending their money on hardware and supporting development of the GNU Project's existing electronic voting software.
Of course, if someone found an exploit, would they report it? Or simply leave it be, and use it during the election?
Maybe, but I still think that voting software is the one example of software that would probably benefit from being closed source and taking the "security through obscurity" approach. Face it: this kind of software will only be used once every two or four years (I don't know how often you Americans vote, it sometimes seems as if there's someone to be voted into some office or other every year, if not more), no one, not malicious script kiddies, not dedicated hackers will get anywhere near the software, so provided the people in charge of it are trustworthy, there will never (almost, anyways) be a problem with security, as all people see is the buttons you push, not the underlying code.
...
Of course you could also argue that since it's really hard to actually get to the software and fuck with it, it doesn't matter that the source code is open for public scrutiny (malicious or not). So either way, it doesn't make much difference.
Maybe a better approach would be to actually "prove" that the software is faultless. A guy I know took a course in university where they were taught to prove the correctness and bug-free-ness of certain algorithms - wouldn't voting software be simple enough for it to be possible to do this? I don't know, maybe someone who does could shed some light on whether or not this is possible
News and bla for computer musicians: http://lomechanik.net/
- Present their credentials to the county commission and convince the commission that they do indeed want this person examining the system
- Tell the commission that they'll be unable to assist unless they have written assurances of immunity from prosecution for their participation in the test from the relevant local, county, state and federal officials (DAs & AGs).
While I don't expect that anyone would actually be prosecuted for participating unless they really pissed someone off (it'd be a PR nightmare - "County solicits hacker assistance, State prosecutes helpers!"), I kind of regard it as a "principle of the matter" thing and a way to get the point about silly laws across.For high school students, the risk of participating is being branded a "hacker" by your school - they're not interested in what you're doing (e.g. helping the county election board), they're going to screw you over because of the skill set you have.
Second, I'd be relatively unconcerned about the danger of someone hacking an individual voting machine - anyone wanting to significantly bias an election would be better off arranging some changes to the new tallying systems that will have to go along with the new voting machines.
For the individual voting machines, it'd be possible to do things like record votes both to disk and to a continuous paper tape (perhaps in a sealed unit). By putting timestamps on the tape every X minutes (15? 30?) and comparing those to the number of people who voted during each time period (as recorded by the elections staff) it would be possible to identify statistically anomalous patterns of extra or dropped votes.
One problem with paper tape in particular is that there's at least a potential for abusing anonymity with anything that records votes sequentially, particularly if the local election staff has access to the recording media/paper tape. "Hmm, Bob was the third to last person to use that booth. I wonder who he voted for?"
fencepost
just a little off
Picture Dan Rather reporting the latest election return results: "And tonight we have the election returns for the state of Florida. Apparently 31337 hAx0r has won the election by an unprecendented landslide..."
*Condense fact from the vapor of nuance*
Well, gee whiz, we've had that for a long time. Just download the Slashdot source code, find the part that does those nifty polls, and boom! Instant electronic voting.
Donate background CPU time to fight cancer.
I am pretty sure that bush with his team of 313377 h4x0rs will be taking the next election in florida. Or he could just ask his brother.
"Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M
This will be the best guaranty that all the holes will be quickly found. Also I feel that it's the right of every citizen (or at least the knowledgeable ones) to know exactly what kind of system is used to gather their votes, this is a basic right.
I beg to differ. In Florida, home of PBC's now widely infamous ``butterfly ballot'', we have 67 counties. Of those, one used an advanced system of ballots where people were issued pieces of paper with pre-printed candidate names upon entry to the polling place. The people who were issued the pieces of paper made marks beside those names which most pleased or least displeased them.
At the end of the day, in 11 precincts around the county, the pieces of paper were sorted and counted. First, the papers were sorted according to the selection in the first race, then counted. The papers were then sorted according to the selection in the second race, and again counted. This advanced procedure (known as ``tabulation'') was performed for each race on the ballot.
The number of voters per precinct worked out to about 500. Union County had its results reported before midnight. No one doubted the results: the counts were quite reasonably accurate.
In Volusia County, which used a similar system except that the pieces of paper were counted by machine, we had results but not the same week as the election. We also had about 500 voters per precinct. There were disputes about the accuracy of the results, though in the weeks following the election they were pretty well settled.
So tell me, if Union can correctly hand-count their ballots and be home before midnight, why should we believe your claim that it'd take too long? If they had results before the machine-count counties, why should we believe that machine counting is better and faster faster?
Consider also the problem of Dade County. If you were to provide a balloting method which did not leave countable pieces of paper, do you believe that there is any chance of honest results?
Tilt at windmills. Occasionally one will fall over out of sheer surprise.
The most important thing about electronic elections is not that Haxor Doods can't hack into these machines after they draw the curtain. What's important is that there still be a trail of paper ballots for later audits, in case the election officials are corrupt. If you're going to use these machines, make sure they print an unambiguous ballot that the voter sees and deposits in the box. That way any mishap can be corrected.
Let's review why black-box testing is a weak form of testing:
If you were a malicious group wanting to cause havoc in America, do you think you would enter a "hacker challenge" to demonstrate flaws in a system, then reveal the flaws for a moderate compensation, or do you think you would wait quietly until the system was deployed, at which point you could massively influence the elections through the flaw you discovered?
120 characters isn't enough to explain it.
Having worked for the Secretary of State here in Florida (and working on the first couple of election results systems for the Florida Dept. of State, Division of Elections), I feel confident saying that the problems in Florida are mostly due to sheer incompetence. The few people who actually know anything aren't compensated enough to stay on, and the rest rely on Peter Principle to stay in their positions. Problem is, this incompetence allows those who are truly evil to have free reign over the elections. It's not some big, carefully orchestrated plot, it's pure opportunism - wait around for a big enough screw up, and have your fun during the resulting confusion.
What'dya mean there's no BLINK tag!?
Also note the EDD initiatives forming here and here.
Steve Magruder, Metro Foodist
I did. Canadian election happened on November 27 (several weeks after US) and we knew the results the next morning (several weeks before US). The entire country used paper ballots which you mark with pencil and drop in the box. No pregnant chads. No butterfly ballots. No punchcards. No nonsense.
___
If you think big enough, you'll never have to do it.
You obviously didn't pay attention to our last election.
No, but he might have paid attention to the Canadian election that took place in a single night, Nov. 27, while the US was still trying to decide what a dimpled chad signified, and whether a full recount was really worth it.
In my opinion (you didn't ask, but you're getting it anyway:), every vote should have been counted, and if there was any ambiguity in the vote, toss it. Lesson learned; don't use overly complicated voting systems. Seriously, what's the problem with having the names lined up on one side, and the marking points on the other? Who the drizzling shit came up with those 50 000 different voting systems, anyway? Doesn't anyone take that shit seriously enough to think that maybe, just maybe, voting systems should be consistent?
Sorry for the rant; I just can't figure out how the country that's supposed to be a model of democracy gets itself in such a stupid mess in the first place.
*walks away shaking head*
Someday, you're going to die. Get over it.
...are inside attacks. That is, not to garantee that the system is immune to crackers, but that it is immune to attacks by the government. Unfortunately, we don't have that second garantee here in Brazil, where we had an election with 100% of electronic ballots last year. The worse is that government won't allow researchers to audit those ballots.
How are you? I send you this vote to get your advice.
I just cracked the voting system they are proposing to use. Unfortunately, because of the DMCA, I cannot share the technical details, other than to say that it does involve a double application of the rot-13 technology.
Grownup: "Hey you! You're a teenager, you must know something about these copmuter-ma-thingies. You listen to MP3's, that means you're a computer-hacka ... whatchamacallit ... hacker. Right?"
Kid: "Uh yeah, sure. I guess so"
Grownup: "Great! Great! Try to hack into this computer and ruin the election".
Kid (Avid reader of Pointy Haired Weekly for Teens) logs into computer, discovers that there is no C:\ prompt, and give up.
Kid: "Well sir, this computer is unhackable."
Grownup: "Yes! Yes! We are secure! SECURE! We'll see if those half-blind, senile senior citizens can screw up the *next* election!" ...
Why not make this contest open to the public ?
"Can of worms? The can is open... the worms are everywhere."
What is it with American elections? Isn't ticking the box on a voting slip good enough? It seems to be good enough for just about every other 1st world country. Is there some farcical requirement in the constitution that elections be complicated, weird and produce dubious results?
This is just like that episode of "The Simpsons" where they're holding a referendum by blowing out candles, flushing toilets, droping pebbles in jars, pulling on one-armed bandits and other such nonsense. Now we introduce computers. Hell, I wouldn't trust any large scale software project I've ever worked on to count my vote.
One word, KISS.
Third (and here's where the paranoia shines through), what about the list of people who try to hack the voting system? Is it going to be destroyed after the test, or will it somehow wind up in the hands of some law enforcement agency to be used as as self-selected suspect list the next time something bad happens to a computer somewhere?
Who needs hackers if the electronic systems already suck?
Can't you see that everyone is buying station wagons?
And the new President is...
Cowboy Neal??
I'll think of a funny sig later on
Am I alone in thinking that just a "touch the screen pick the President" thing is wasting the potential of a computerized voting center? For example, what if each candidate was allowed to submit a 1-page position paper that the voter could access when they're voting (hit "Details" or something?). I think that would be terrifically helpful in, say, local elections where you might not know the differences between the candidates or even what the office entails (WTF is a city controller?). Or what about having the booth voice-enabled for the vision impared (especially the elderly)? What about vote confirmation ("You have voted to xxx; press 'Change' to alter your ballot or 'Commit' to continue")? Can anyone think of other useful features? I mean, you want it to be clean and straight-forward, but why squander the potential?
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
High school students and retirees are good for usability testing, but anyone who thinks they'll be good for security testing is crazy.
N.B., I am not saying that no teenager (or retiree) can do good security testing work, but they're the exception. They'll be able to provide valuable usability feedback (e.g., no more butterfly ballots, or multiple selections made by shaky hands), but thinking it will say anything at all about security is a joke.
Good security testing requires a specific mindset and a good knowledge of previous attacks. This is rare, at any age, and requires the type of behavior that I'm sure the administrators will try to discourage. This sounds like a situation set up to guarantee a false sense of security.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
A cute little *nix variant with a 4 button keyboard.
Up, Down, Forward, Back.
You move the cursor to your choice and hit Forward. At the end you review your choices. Select any that you want to change and finish.
A green light appears on the desk of the silly little election monitor guys table. He waits for that person to leave and allows the next person to enter the booth and hits a button to accept the next poll after the person has been verified. Any person without proper ID or if they don't make it within the voting time period does not get to vote. They can go cry a river somewhere.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
They did that with some test Windows 2000 box, which nobody broke into as I recall. (Golly, Windows 2000 must be secure!) However, Windows 2000 started getting cracked once Microsoft started shipping the negligent bloatware (yup, still have not fixed that virus-bearing document format). This is due to crackers getting to sit a Windows 2000 box down, rip it apart, and otherwise get their hands on it, rather than poking sticks at an ivory tower somewhere.
Plus, with the recent SMDI thingy, I think some folks would be wary to take up a corporations offer "hack this, please, we won't beat you up with the DMCA. honest."