Slashdot Mirror

← Back to Stories (view on slashdot.org)

Florida County Asks Students To Crack Elections

Posted by ryuzaki0 on from the redesigning-the-design-phase dept.

imAck writes: "After the election fiasco last year in Florida, many have discussed the possibilities of using a computerized voting system to replace the old punch-card ballot system. Florida's Broward county is considering buying a $20 million dollar computerized touchscreen system to handle future elections. What makes the story interesting is how they are planning to test the system for security holes. The county plans on holding mock elections in high schools and at senior citizen communities. They are actually asking the students to try and hack into the system during the mock elections to learn of possible security issues." I wonder if Broward County would look into spending their money on hardware and supporting development of the GNU Project's existing electronic voting software.

14 of 370 comments (clear)

  1. Two problems by Fencepost · · Score: 4, Insightful
    First, anyone (especially high school students) who actually has the skills to productively participate in this should:
    • Present their credentials to the county commission and convince the commission that they do indeed want this person examining the system
    • Tell the commission that they'll be unable to assist unless they have written assurances of immunity from prosecution for their participation in the test from the relevant local, county, state and federal officials (DAs & AGs).
    While I don't expect that anyone would actually be prosecuted for participating unless they really pissed someone off (it'd be a PR nightmare - "County solicits hacker assistance, State prosecutes helpers!"), I kind of regard it as a "principle of the matter" thing and a way to get the point about silly laws across.

    For high school students, the risk of participating is being branded a "hacker" by your school - they're not interested in what you're doing (e.g. helping the county election board), they're going to screw you over because of the skill set you have.

    Second, I'd be relatively unconcerned about the danger of someone hacking an individual voting machine - anyone wanting to significantly bias an election would be better off arranging some changes to the new tallying systems that will have to go along with the new voting machines.

    For the individual voting machines, it'd be possible to do things like record votes both to disk and to a continuous paper tape (perhaps in a sealed unit). By putting timestamps on the tape every X minutes (15? 30?) and comparing those to the number of people who voted during each time period (as recorded by the elections staff) it would be possible to identify statistically anomalous patterns of extra or dropped votes.

    One problem with paper tape in particular is that there's at least a potential for abusing anonymity with anything that records votes sequentially, particularly if the local election staff has access to the recording media/paper tape. "Hmm, Bob was the third to last person to use that booth. I wonder who he voted for?"

    --
    fencepost
    just a little off
  2. Re:A danger by Tackhead · · Score: 5, Funny
    > Of course, if someone found an exploit, would they report it? Or simply leave it be, and use it during the election?

    When either Eric Raymond or Bill Gates is elected President, we'll know for sure.

  3. Could they at least publish the source by Khalid · · Score: 5, Insightful

    This will be the best guaranty that all the holes will be quickly found. Also I feel that it's the right of every citizen (or at least the knowledgeable ones) to know exactly what kind of system is used to gather their votes, this is a basic right.

  4. Re:Good to see that college education working for by diablovision · · Score: 5, Informative
    I thought I sensed a hint of sarcasm in your first sentence, but I guess you really believe what you are saying. Do you really think that this is such a wonderful security measure? A hacker challenge? How about a provably secure system, based on formal methods?

    Let's review why black-box testing is a weak form of testing:
    1. Just because no one finds an exploit doesn't mean the system is secure.
    2. If someone discovers a flaw, it may in fact be more lucrative for them to keep it a secret and exploit it later.

    If you were a malicious group wanting to cause havoc in America, do you think you would enter a "hacker challenge" to demonstrate flaws in a system, then reveal the flaws for a moderate compensation, or do you think you would wait quietly until the system was deployed, at which point you could massively influence the elections through the flaw you discovered?
    --
    120 characters isn't enough to explain it.
  5. Re:And then... by mmaddox · · Score: 5, Interesting

    Having worked for the Secretary of State here in Florida (and working on the first couple of election results systems for the Florida Dept. of State, Division of Elections), I feel confident saying that the problems in Florida are mostly due to sheer incompetence. The few people who actually know anything aren't compensated enough to stay on, and the rest rely on Peter Principle to stay in their positions. Problem is, this incompetence allows those who are truly evil to have free reign over the elections. It's not some big, carefully orchestrated plot, it's pure opportunism - wait around for a big enough screw up, and have your fun during the resulting confusion.

    --

    What'dya mean there's no BLINK tag!?

  6. Re:Some people love to make things complicated by Platinum+Dragon · · Score: 5, Informative

    You obviously didn't pay attention to our last election.

    No, but he might have paid attention to the Canadian election that took place in a single night, Nov. 27, while the US was still trying to decide what a dimpled chad signified, and whether a full recount was really worth it.

    In my opinion (you didn't ask, but you're getting it anyway:), every vote should have been counted, and if there was any ambiguity in the vote, toss it. Lesson learned; don't use overly complicated voting systems. Seriously, what's the problem with having the names lined up on one side, and the marking points on the other? Who the drizzling shit came up with those 50 000 different voting systems, anyway? Doesn't anyone take that shit seriously enough to think that maybe, just maybe, voting systems should be consistent?

    Sorry for the rant; I just can't figure out how the country that's supposed to be a model of democracy gets itself in such a stupid mess in the first place.

    *walks away shaking head*

    --

    Someday, you're going to die. Get over it.
  7. I cracked it by bwt · · Score: 4, Funny

    I just cracked the voting system they are proposing to use. Unfortunately, because of the DMCA, I cannot share the technical details, other than to say that it does involve a double application of the rot-13 technology.

  8. Not all kids are computer geniuses... by stefanlasiewski · · Score: 4, Funny
    The county plans on holding mock elections in high schools and at senior citizen communities. They are actually asking the students to try and hack into the system during the mock elections to learn of possible security

    Grownup: "Hey you! You're a teenager, you must know something about these copmuter-ma-thingies. You listen to MP3's, that means you're a computer-hacka ... whatchamacallit ... hacker. Right?"

    Kid: "Uh yeah, sure. I guess so"

    Grownup: "Great! Great! Try to hack into this computer and ruin the election".

    Kid (Avid reader of Pointy Haired Weekly for Teens) logs into computer, discovers that there is no C:\ prompt, and give up.

    Kid: "Well sir, this computer is unhackable."

    Grownup: "Yes! Yes! We are secure! SECURE! We'll see if those half-blind, senile senior citizens can screw up the *next* election!" ...

    Why not make this contest open to the public ?

    --
    "Can of worms? The can is open... the worms are everywhere."
  9. Re:A danger by ackthpt · · Score: 5, Funny
    A danger only in the sense that the surest way to crack it is for whichever side has appointed the most justices, to appeal to the Supreme Court and have the results tossed out on some grounds, such as there being no hard copy, or could have been faked, or there was a smudge on the screen which made 'B-u-c-h-a-n-a-n' look like 'G-o-r-e'

    Pregnant pixels, anyone?

    --

    A feeling of having made the same mistake before: Deja Foobar
  10. Some people love to make things complicated by Anonymous Coward · · Score: 5, Funny

    What is it with American elections? Isn't ticking the box on a voting slip good enough? It seems to be good enough for just about every other 1st world country. Is there some farcical requirement in the constitution that elections be complicated, weird and produce dubious results?

    This is just like that episode of "The Simpsons" where they're holding a referendum by blowing out candles, flushing toilets, droping pebbles in jars, pulling on one-armed bandits and other such nonsense. Now we introduce computers. Hell, I wouldn't trust any large scale software project I've ever worked on to count my vote.

    One word, KISS.

  11. My Paranoid Response by Mignon · · Score: 5, Insightful
    First of all, how do the county officials plan to get immunity from prosecution for violating the DMCA for all participants in this test? Second, how do the officials plan to limit the scope of what is allowable hacking? If, for example, someone manages to subvert the results with some social hacking, does that count against the test system (or does the hacker get thrown in jail?)

    Third (and here's where the paranoia shines through), what about the list of people who try to hack the voting system? Is it going to be destroyed after the test, or will it somehow wind up in the hands of some law enforcement agency to be used as as self-selected suspect list the next time something bad happens to a computer somewhere?

  12. Optical Scanning Already Works Better by tbmaddux · · Score: 5, Interesting
    Caltech and MIT have studied voting technology. Their report released last month found that hand-counting and optically scanned paper had the lowest counts of unmarked, uncounted, and spoiled ballots in presidential, Senate and governor elections over the last 12 years. And over the same time period, electronic voting systems were the second worst!

    Who needs hackers if the electronic systems already suck?

    --
    Can't you see that everyone is buying station wagons?
  13. The election results by DuncanMurray · · Score: 5, Funny

    And the new President is...


    Cowboy Neal??

    --
    I'll think of a funny sig later on
  14. A little off topic, but... by Skyshadow · · Score: 5, Insightful

    Am I alone in thinking that just a "touch the screen pick the President" thing is wasting the potential of a computerized voting center? For example, what if each candidate was allowed to submit a 1-page position paper that the voter could access when they're voting (hit "Details" or something?). I think that would be terrifically helpful in, say, local elections where you might not know the differences between the candidates or even what the office entails (WTF is a city controller?). Or what about having the booth voice-enabled for the vision impared (especially the elderly)? What about vote confirmation ("You have voted to xxx; press 'Change' to alter your ballot or 'Commit' to continue")? Can anyone think of other useful features? I mean, you want it to be clean and straight-forward, but why squander the potential?

    --
    Every year during my review, I just pray the words "slashdot.org" aren't mentioned.