Slashdot Mirror
Online Voting In 2004 To Require Windows
letxa2000 writes "According to this article at CBS, a trial Internet voting system will be made available to 100,000 voters in 2004--particularly military and overseas U.S. citizens. As an American living overseas I think this is a step in the right direction. But the article also says 'Voters using SERVE can register to vote and cast their ballots from any computer using Microsoft Windows with Internet access.' Why the Windows requirement? Is that really going to make online voting secure?"
UPDATE candidates SET votes="0" WHERE name="Your Opposing Candidate";
Do you like German cars?
The reason just windows is because that as much as we hate it, we are in the minority of computer uses, they are not going to Bata test a new technology on a system that only a maximum of 5% of computer users will have (and yes I am being overly optimistic here) if this works for them the next platform will be Mac. Linux may never get it, unless more people use Linux, and I doubt that they would want to open up the code to the voting system that could create a large number of people trying to skew the results so that the results are not accurate.
""I think Internet voting is a good idea for this population if you can assure security, but I'm not confident that they can do that," said John Dunbar, a project manager at the Center for Public Integrity" -- this statement is what will not alone them to open up the source code, people will be just to afraid that people will mess with the results of the system.
They are already afraid that this could open up security problems for the results "Other computer security experts call the project an open invitation to election tampering."
I don't know if this will make voting secure, in fact I think it will open it up to attackers, but how are we going to convince the government of this, write to you legislator, and senator, I am sure there are some proactive Slashdot readers that know more about this issue that could try to enlighten the ruling parties. I don't know what the answer is, but at lest they are looking at moving the process forward.
Voting online seems like it would be a bad idea, no matter how many security measures are put in.
The internet is inherently insecure, and leaving the hands of the country to the internet could lead to a number of problems... I can see it now..
Huge office buildings in foreign "enemy" full of hackers skewing the voting system, or a number of different problems...
Can you IMAGINE the 'recount' scandals, et cetera, after the world's first vote with the internet as a voting measure?
Also, if you have someone's full info (Social, driver's license #, name, address, et cetera) how hard would it be to place your vote as someone else?
The whole thing just seems like a "bad idea"(tm) unless something was reworked to make it infaulable, which isn't really possible, anyways.
Excuse me, I don't mean to impose, but I am the ocean
Ladies and Gentlemen, It is my pleasure to introduce the new supreme ruler of the United States: William Gates!
Gates:"....exxxxxcellllent....."
Ok, so it's pandering that this will get modded as funny, but I'm a whore for good karma!
If they're testing the system with military voters, than using Windows is probably the only choice. There are a lot of bases where the desktop platform, by directive, is Windows. Running alternative software can be a violation of policy and mean Real Trouble(tm) for military members. They're not going to court martial anybody, but it can be a black eye on your record.
Why the Windows requirement?
Because your vote has to be sent to Redmond to be "verified" and rejected in the case of an "incorrect" vote.
Reliable, Great Value Hosting: $7.95/mo 2.4G/120G
for the WineHQ team to work on. ... which would probably make voting in *nix faster and less buggy than in windows.
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
Comment removed based on user account deletion
All those hermits who never leave the house are going to be able to vote. How long do you think it will be until they repeal the Sun?
I'll form my OWN solar system! With blackjack! And hookers!
Obivously the reason is because the voting software is written in VB.NET. Would you anything expect less from the U.S. Government?
The back end is probably on an arcane IBM AIX server.
Bill Gates by a landslide!
====
Crudely Drawn Games
Maybe they just meant that like a generic statement, and its not limited to windows but any station with internet access. They just assume you use windows. It doesn't say that its ONLY windows. It's like saying you can to point X using a car, but you can also take a flight or walk or... You get the point.
Trolls dont like to be Flamebait, because they burn so well. Protect our Troll heritage!
This is somewhat unrelated, but still an interesting comment on their page:
*Phew*...Of course they are only going to support Windows to begin with, its the largest market. They want to see if they can make it work there before they branch out. And for that matter, do we even know that it wont work with other systems? Just because alt OS's aren't supported, doesn't mean they wont work.
I have no comment on the usage of Windows in this manner; the security of that operating system has been analysed to death and we all know what the outcome was.
I have a much bigger fundamental problem with this non-accountable electronic voting process that does not produce a verifiable paper ballot for each vote cast. Aside from any nefarious purposes in the design, having any system where the voting power is aggregated and sorted electronically - and nearly instantly (relatively speaking) - will prove too tempting for someone to sabotage.
I would think that at the very least, one should implement an electronic voting system on a transparent, open operating system, just for plain accountability.
And now its time to open the robot polls... and the robot results are in.
If Jesus wants me it knows where to find me.
Perhaps it's a plot by the big corporations to make sure that no devious Open Source loving communist hippies can vote.
</>
<even more so>
A friend of mine suggested tonight that since American power extends so far around the world, it would only be fair to let everyone vote in US elections, not just US citizens.
</>
Beep beep.
They are concerned about building something that works solidly and since Microsoft dominates the desktop market, it is a no brainer to target Windows IE as the single allowable browser to vote with.
Many of us know what a bitch it is to develop a code and feature intensive site that works correctly for all browsers.
It also cuts down on support issues. I have met people who are unsure of what platform they are running. "What kind of computer am I using? It says 'power' here near a button. Is that right?"
World first, eh?
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
There isn't enough detail in the article to say whether "running Microsoft Windows" is actually a requirement, or just cluelessness on the part of the article's author. If it's a Web-based system (which, again, the article doesn't say one way or the other) then it shouldn't matter.
Well, you know
I did mean a vote that would actually change something big.. not if you prefer CowboyNeal as a love slave or your OS X box..
Excuse me, I don't mean to impose, but I am the ocean
The keyword is "can" not "must." It's like saying, 'Bobby and Mary-Sue can drive to the grocery store using a Toyota Tundra with 4-wheel drive.' That doesn't neccessarily mean it's required, it's simply a recommendation. Come on, read your own quote for god-sake!
Did anyone else notice that cute little logo had a Mac one-button mouse for the nose?
Yo mama so fake, she failed the Turing Test.
Using an online voting system to elect representatives is probably not the best idea. If it does happen i hope it maintains the highest level of security so the integridy of the votes is accurate. I think there's a better use of such a system. A representative democracy is scales because it's not simple to collect votes from a huge population of people on every key issue. An online voting system now allows the empowerment of individuals to declare their votes on key issues. In the end an online voting system may allow access to all citzens of the state to vote on ISSUES! rather than pray that their representative can secure their values.
Why the Windows requirement?
Maybe because the VAST majority of individualsuse MS Windows. You ASSume that it is just a HTTP connection with SSL so any OS should suffice. Look at the F.A.Q.. It says that "required software is downloaded automatically as needed when you access various parts of the SERVE website. Possibly, the voting software uses their own encryption and will be delivered as an ActiveX or some other format. Could they have written the software so it could work on other OS. Sure but it's a trial run! Their is no right to Vote from a Linux box.
Microsoft is a good true blue American company. We limit voting to US citizens, those who have vowed allegiance to the USA. Therefore, why should we allow the use of software developed by foreign nationals and powers, some of them which may be tied with questionable organizations? We shouldn't misunderestimate them.
Thank you and God bless America.
George W. Bush
President, United States of America
You fools! Surely the computers will be exploited for this! This could lead to something completely unprecedented like one man being backed by the majority of American voters for the presidency and then the other man winning, as crazy as that example is!
Why could they not make it platform independent?... sheesh... it's not like you can't get a C-compiler for just about any platform ever made. Somebody more elite in the security department care to enlighten me about a legitimate reason for choosing a single platform? Anyone?
I RTFA, but didn't see anything about open source code... they can't seriously be relying on security through obscurity...
SOMEBODY needs to audit this, and I'm not talking about a secret "trust-us-it's-good" non-independent audit.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
In the end, the members of the electoral college can vote any way they please.
Landslide wins / losses will become buffer overflow wins and losses.
Actually, from what I understand, there's nothing to prevent anyone from using a non-Microsoft OS to vote using this system. The only requirement is SSL 3.0, which is supported by browsers on MacOS and UNIX.
The real reason they say Windows is due to support. They don't want questions flooding in about problems that might emerge from using another operating system. Given that this is a government operation, they simply don't have the time to answer the question of 50,000 clueless n00bs calling up and asking "Where's my start button?"
Can any online voting system be hacked? Yes. Should that be a reason to avoid it?
Hell No! People talk about security and online voting as if that because thesystem is corruptible it is not acceptable. Those with this view are not living
in the real world. The current meatspace voting system in just as corruptible by anything: from paid repeat voters(which we have here in Chicago), to old crappy machines and even making sure that every vote in counted(as long as it's in my parties county B.S.)
Some random thoughts:
I think this might work better in a country like Australia, which has mandatory voting. In Aus, if you don't vote, down the track, someone comes looking for you ( with a Boot^Wfine ). You then at least know your vote wasn't counted. But where there is no physical ballot ( and nobody to come and tell you if your ballot attempt was unsuccessful ), I feel a lot of people would feel uneasy about the "reality" of their vote.
YLFIOne god, one market, one truth, one consumer.
run it under knoppix.
Nah. They'll just not bother counting the votes again.
Online voting could totally redefine write-in candidates. In the past you were either psychotic, disillusioned, or mistaken in writing-in a candidate.
Now with the Internet you could have hundreds of thousands voting for retarted candidates like "Rocket J. Squirrel","Jack Black", and "George W. Bush"
Could this negate the party system? People typically voted for a Dem or GOP'er simply because they were the two names on the ballot that were at the top, but now people could organize real grassroots campaigns, skipping the primaries, and just promote themselves on message boards and other mediums (slashdot front page story, anybody?)
In all seriousness, national online voting could take the old political system and stand it on its head...I'd go for it just to see what happens.
Globalist poster child is more like it.
Netscape was engineered by Americans.
Why not netscape?
But this is a horrible nightmare. There ought to be a law against it, it's pretty much the only way your going to stop it. No matter what platform this runs on, it's a mute point, there are going to be folks that tamper with it. I Like Linux, but it really is a mute point, I don't want windows or linux, or any other OS running to allow voting. There is NO amount of data that is going to satisfy proof of not skewing the results. We do not need this crap. Paper is fine. The vetrans overseas can MAIL the damned ballots.
Well, I dare the position that the internet can be made a lot more secure than a regular hole-puncher voting-machine ever will.
... suffice to say that Gore and Bush quarreled over these machines quite a bit.
... paper-based, internet based, the issue here is of course with trust. Whether you or my mom would trust internet voting more than paper voting is another matter entirely and lends itself to a much larger discussion about referendum validity, but mathematically it is indeed harder to fake a Diffie key-exchange than it is to throw in a few extra paper votes in the bag when counting.
In some countries/referendums you tick a box; with more than one tick the vote is void. What's to prevent someone from ticking an already ticked vote when counting them up. Redundacy, of course, but Mr. Smith walking around, making sure that 15 other Mr. Smiths don't void the votes they have been given is hardly what I would call a secure system.
In other countries/referendums you use a hole puncher. I mean, I hardly even need to comment on a hole puncher
In Denmark, where I've lived, you need to brind ID to the voting booths (often a passport). You go down, get counted (yes, Mr. So'n'So have votes) and tick your box. Nothing prevents me from giving my passport (or whatever other means of ID that is deemed fitting) to someone else and let them vote in my name.
Contrast to internet voting, where a full ID check can be done once (i.e. you go down to your city hall, you bring ID, they check your ID, they double-check your ID, they check your picture etc.) and then, once, they issue you a voting key (say, an in-expensive USB dongle) with a private-public keyset. With this dongle there's a mathematically much smaller chance of fraud than there ever will be with paper-based referendums.
Sure, everything can be hacked
Ohio, Florida... eh... Need I remind people that most every state they plan on testing this in are key swing states? Sure, it says a "handful of counties" -- but let's be realistic, pick the most key counties for your candidate, alter the votes enough, swing the state in favor of whomever votes. With black box voting (with no auditable source), this is entirely possible.
Long live paper ballots!
Great... so they're securing the hell out of the server which accepts the vote. No problem there. How about the client machines? What if I were to write a worm program which spread innocuously through emails with the sole purpose of modifying the user's web browser.
i ewpqkd
i ewpqkd
Once the protocol is understood, this shouldn't be too difficult to do. Likely it'll be on a secure site, maybe password protected. Doesn't matter. The modified web browser waits until the user visits http://vote.us.gov or wherever, watches the variables being passed, and simply modifies them. Instead of:
name=John+Smith
secretcode=K38DJSH38
password=a
vote=Al+Gore
It changes it to:
name=John+Smith
secretcode=K38DJSH38
password=a
vote=George+W.+Bush
Securing the server is all well and good, but they'll need to think really hard about securing the client side as well. Hint: the choice of who to vote for should also be encoded and (preferably) signed against the user's information. So the vote shouldn't be for "Al Gore" but for a signed and encrypted string which represents Al Gore, making it impossible to derive the signed and encrypted string for "George W. Bush".
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
I'll trust my vote to humans rather than a system that requires the voters to use Windows.
Gabriel Ricard
Internet Explorer
"Can you IMAGINE the 'recount' scandals, et cetera, after the world's first vote with the internet as a voting measure?"
Well you see the thing is this years local elections in my constituency you could vote either
by going to a polling booth like normal or via SMS
(text message) from a mobile phone or via your web browser.
Sheffield (england) evoting report page not read the report myself however it just proves that this actually took place...
- Iain
Maybe of some relevance: How To Rig An Election In The United States Inside A U.S. Election Vote Counting Program Bald-Faced Lies About Black Box Voting Machines
Interesting, but I think they're making a little too big a hoopla of it. Or?
Belief is the currency of delusion.
Anyways Java should be the standard for voting on any os.
Wouldn't surprise me if M$oft has something to do with this.
To hell with that. I'd hate Microsoft even if they were as secure as OpenBSD. Simple reason being that they're like Bell was (wait... is) -- a corporation which is in a position where you have to pay them to use basic infrastructure (eg the .DOC stranglehold, that UK government site requiring MSIE, and now this).
When you have to pay for a particular product to go about your participation in society (as it's heading with Microsoft) then you're not purchasing a service, you're paying a tax. I pay taxes to my government, not to some fucking bloated private leech that serves a different nation to my own. This is for a very simple reason -- I'm paying tax to an entity that is not accountable to ME. I'm not an American, but wasn't one of the major reasons for the foundation of your state a little something called "No taxation without representation"? Then put your money where your mouth is eh
Sounds fishy, I'm sure I saw an MS Executive on Accenture's board ;-).
Intrestingly enough this has already happened.
In England of all places, in my constituency you could vote via normal means, by a e-voting booth,
by SMS (text messag) or via your web browser at home or anywhere with an internet connection.
Everything went fairly smoothly. Here is the local government report:
Sheffield (england) evoting report page not read the report myself however it just proves that this actually took place...
- Iain
The military uses fairly sophisticated smart cards (CAC - Common Access Cards) that, if they tied it into the voting system, would cover the necessary PKI issues.
Bark less. Wag more.
Microsoft is a good true bluebloodnobull American company type thang. We limit electionizing to US citizens, those who have swearified allegiancy to the USA. Thereforce, why should we permittify the use of computer magic developed by foreign wizards and sorcorers, some of them which may be tied with al Quaestionable organizatiables? We shouldn't misunderestimatify them.
Now where's my Goddamn Coke.
oh brave new world, that has such people in it!
I meant HERE
Some of the comments put in this article are totalally sensationalist infering that because any system can be cracked then this will be prime target. I give to them for using cracked instead of hacked. Anyway I think the author plainly erred in making statement that windows is required. I think what they ment to say is Interent Explorer or just any browser with ssl support. Army already has a service wide web portal where all you need is ssl browser to access sensitive personal data such as payment records and security clearenses. SSL is secure enough for such purposes and this author is plain wrong i think.
Imagine if they had to say every os you could use...
.. and .. and ..
You can use windows and linux and macos and macosX and beos and your wap phone and
I think a lot of companies as a defacto announcement Say Windows... Cause well... majority of people in the world run windows.
The otherside is, it could be for tech support reason. They don't want to have to hire uptine people to support god knows what.
oogly boogly!
As the article says, quoting a security expert, online voting "opens up a whole host of opportunities for voter coercion and voter fraud".
I agree. Online voting is not secure. Is RL voting secure? No. There are many examples of tampering, fraud, recounts, etc. etc.
Maybe online voting is _more_ secure than RL voting, if the system is implemented in a sane and secure way.
And then again, maybe it isn't. But I think it is about time such a system is put into place. It _will_ have flaws in the first iteration, but eventually it will (hopefully) get there.
Perhaps it will even drag some useful security innovations along with it. Time will tell.
That the Courts say MS illegally used IE to monopolize the Browser market.. then they go back and make it a requirement to vote.
However I'm sure in whomever's ignorance that wrote the requirement it's more of a baseline of what you need. Unless it's some ActiveX voting booth which will be the next great virus..
voting.klez.E
What if they are using i.e. and have java-script disabled, or whatever.
Then check the form data's consistency at the server too. The client-side checks are just there to cut down on perceived latency in an interactive form.
Will I retire or break 10K?
George W. is making election stealing an art. First it was the ballots in Florida, and now a Windows(easily hacked) only voting system. That's democracy for ya.
Also think of the common jow blow six pack... If they toned it to say "A browser which support 128Bit SSL encryption" How many phones calls would all be getting "Son, do I have 128Bit whos-a-whatsa?!"
It's easier to say Windows Running IE... then everyone goes.. Ohh.. I gots that... I guess me can vote online!!!
oogly boogly!
I'm sure we've got some guys here who have written thesises about how a secure voting system might work and how it should be implemented.
How about submitting some essentials.
sounds like some bullshit to me...
As for security, hmph. It's hard to think of a computer company with a worse record. I imagine someone will make a "I vote you" virus that votes early and often for everyone.
Friends don't help friends install M$ junk.
d33r \/0t3r:
3y3 0wn j00r \/0+3Z, ph00lZ!
Da Supr3/\/\3Z
There is a chance that www.winehq.org will be able to run the program so linux users will be able to vote.
I agree. As Bruce Schneier and other security experts have pointed out, it is extremely difficult to devise an implementation which meets all of the following desirable qualities for an online voting system.
1) Only authorized voters can vote
2) No double voting
3) Secret ballet
4) No one can duplicate another's vote
5) No one can change another's vote without discovery
6) Every voter can be sure their vote was counted
The protocols are well known, although some of them are very complicated for large elections. It is the implementation that is fraught with danger.
Electronic voting is a supremely bad idea. There are so many opportunities for things to go wrong by accident or malice that just cataloging them would take pages. Compared to electronic voting systems, the current systems (like punch cards) are much less troublesome - hanging chads not withstanding.
We make it TOO easy for fraud as it is. Where I live, you don't even need a picture ID to vote, you just walk up and give your name, they check you off a list, and hand you a paper ballot. The South is famous for "Election Halloween", where massive numbers of the dead rise to vote.
I don't WANT it to be made easier to vote. I only want the people that actually care what's going on. People talk about what a shame it is that more Americans don't vote. Maybe it is, but dragging them to vote, for real or virtually, isn't going to make them GOOD voters. I like it that you have to register, and show up to the polls. You'll do all that if you CARE about issues. I don't want to make it easier for just any schmo to cast a vote that day without having to think about the issues or candidates.
Life is hard, and the world is cruel
As for "Why Windows", the SERVE web site says, "All required software is downloaded automatically as needed when you access various parts of the SERVE website." That seems to indicate some kind of embedded web application. I'd guess this application is native code, since Windows no longer comes with Java, and there's no mention of a Java download.
Or it might be that whoever wrote the FAQ page doesn't know much about the app, and is tapdancing around the details. Certainly it would make sense to implement this app entirely on the server. If that's the case, then it's reasonable to ask why other platforms with compliant servers aren't acceptable.
The answer to that would be QA. On a project like this, they have to carefully test the app, and even with their current limitations they have 4 different browser-platform combinations (IE and Netscape, Pre-NT and NT Windows) to test.
This points up a big problem with web applications. Most of us would like to see web developers code to a standard, not to a browser. Until they do, browser implementers has no incentive to support standards, and all that cool stuff in HTML4 and cSS2 is just so much noise.
(And yes, Internet Explorer -- except for the Mac version -- is particularly bad. But all browsers have serious compliance issues, so we can't put all the blame on Mister Bill.)
But why should web developers bother? Even if they're aware of the importance of standards -- and most appear not to be -- it doesn't save them from the need to test their apps on every browser-platform combination they claim to support. So what does compliance buy them, except extra work?
Sure thing, software freedom is the last freedom you wory about when you sign your life away to the military.
That does not keep the software company making the software from using commonly accepted standards. Using some kind of ActiveX toy is a sure way to make your program not work right next year. Only an idiot would force them to use M$ junk.
Friends don't help friends install M$ junk.
Personally I don't see them just giving out the software. I would see the first couple of elections be military only. Then slowly move it out to the public. They are stupid to try it with the general public first, give the military a crack at it first, you have a more secure environment. And they are the ones that need it the most.
Let me take this opportunity to plug one of my favorite OSS providers - Codeweavers Use IE 6 natively...
Security.. yeah... whee. We all know it's impossible to write secure software for windows, and that software for every other system is automatically secure, so why doesn't the government realize it?
If you were the government, and you wanted this developed, what would your requirements be?
- Works on every computer on earth? Unreasonable
- Conforms to some HTML standard so it can be used on everything? What if that can't be done with the right functionality?
- Works in Windows, Linux, and MacOS? Three times the coding, three times the chance of mistake. Choosing windows as a target for the first incarnation is realistic.
what exactly is SERVE? is it a website? a program? an authentication scheme? I browsed over the article looking for that, and didn't see it.
So why is Windows a requirement- client side software? if so, why does it matter what browser you use? it's obviously not a vb app that calls IE, because they say it works with netscape 6+ as well.
If it's browser independent(straight html) then it should work on any system. I don't think netscape uses vbscript, so I don't think that would be a hinderance either.
Perhaps they just listed windows because they didn't want people with an old Tandy or 386 trying it. Perhaps they didn't mean to offend the linux and Mac users, they were just ignorant of their existence.
If someone is bored, they could try contacting the creators of this project and see if they could get mozilla and opera added to that list of broswers, as well as linux.
Actually, perhaps the mozilla team could petition to have themselves added to the list if they meet all of the requirements. It would be good publicity to say "yes, we're government certified to handle your votes, and we have a better track record than IE. try us."
Looking for Book Reviews? Check out Literary Escapism.
The reason they are going to electronic voting is to save money. What would be the point in making things secure if you miss out on the whole 'cheap' thing in the process?
autopr0n is like, down and stuff.
Exclusively, in fact, to all other OS's.
I'm goint to play "Devil's Advocate" here and note that the article says "Windows users *can*..." not "Windows users *must*..."
So where is the "requirement" here? I've yet to see any protocol (on a public network at least) that can't be used (reverse-engineered?) by anyone so inclined.
Granted, the wording underlies a basic assumption that computer usage equals Windows usage; at best this is an accurate reflection of market conditions. At worst, it is a blatant plug for somebody's sales Dept. Either way, it's an obvious bias and should be taken with a grain of salt. I can only *hope* that the relevant security is up to par.
Of course, I'm just playing "Devil's Advocate". And the devil is in the details.
C|N>K
Don't worry, we're way ahead of you on this.
I thought the government didn't like Microsoft.
In that case
1. online banking
2. online creadit card purchases
3. any kind online payments
all bad ideas ?
Obscurity is almost *never* helpful in designing a secure system, because any system that relies on keeping the details of its workings secret is going to be vulnerable to anybody that *does* learn those workings. Just as importantly, if the system is open to public scrutiny, it can be checked for flaws, whereas if it is kept secret security holes that were missed by the developers can be left wide open.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
The new poll tax.
Dawn of the Dead
The mathematics are impeccable, but the human factor and the environment always constitute the weak point in any secure system.
We can use cryptographic constructs such as blinding and cut-and-choose to allow the right people to vote once and only once while preserving their anonymity. The problem lies at the point where the user selects the candidate and hits ``Submit''. If a rogue program is able to gain control of the system (trojan, virus, time bomb, etc.), then the program can simply substitute the user's selection for another one at the time of the vote submission. All the mathematics will work beautifully... to select the wrong candidate.
I am a believer in the power of technology, but I cannot place any faith in the viability of such a system. Unfortunately, a perfect Palladium-style environment is the only thing that may be able to fix the vulnerability I just described. Giving the keys to my hardware to a ``trusted'' third party is the last thing I will submit to, and any ``trusted computing'' implementation is bound to be flawed anyway.
An unjust law is no law at all. - St. Augustine
Yeah I didn't read the article, so sue me. No, btw, don't. Anyway, why is it so hard to port it to Linux or something else?
...it's been done.
Attack its weak point for massive damage!
I've enjoyed a secure online connection with my bank for years now, and it has remained non-platform specific.
Any chance I can vote, online, from overseas, via my bank?
This should work in mysql as well. The quotes around the values are frequently used to stop SQL injection exploits, I believe.
Almost at the bottom of the comments list, and the parent is the first sensible post I've read.
ClutterMe.com - easiest site creation on the Net. Just click and type.
There is nothing in the article which suggests that Windows is a requirement. It just says that you can access it from any Windows box with internet access. That means that Windows is sufficient, but it doesn't say it's necessary .
What they're trying to address in the article is that since most people use Windows, then most people are going to want to know that they can access it from their home computers.
It's like telling people they can get somewhere in a Ford. That doesn't mean they can't get there in a Chevy or a Nissan.
To me, that says that Linux and Mac users won't have a problem. As long as it's done completely through the browser, and Netscape/Mozilla is acceptable, OS won't matter at all.
Think about it. How many hardware products list Windows as a requirement, when it'll work perfectly fine in Linux?
I think it's just a dumb assumption that everyone who has a computer will be running some sort of Windows, and the browsers listed wouldn't be available on Win 3.1, you get what I'm saying?
We all know Republicans can't hack.
Requiring Windows for voting is soooo unamerican and unpatriotic!
Oh, wait, no it isn't. stupid me.
"Is that really going to make online voting secure?"
As if any other security mattered . . .
Sdelat' Ameriku velikoy Snova!
Why the Windows requirement? Is that really going to make online voting secure?"
BR> Srcurity is not the issue, all kidding aside.
the issue is the implications of a MS sanctioned election.
On Wall Street they say "buy low, sell high" On the pad we say, "buy high, sell high" Isn't that somehow better?
Why the Windows requirement? Is that really going to make online voting secure?
If it's over the internet, just SSL the connect to a secure server/db system and let the voting commence!
Then it's just a matter of browser compatibility and for something as simple as voting and FORM and POST, that's not that tough. Hell, it wouldn't be that hard to dynamically generate the form based on location and registered party using PHP. Building the database to enable all this is really the big task.
But there's no reason it should be Windows only.
So if Dubya (or McCain, if Republicans will try to put a less-hated candidate forward) won't win, it will be blamed on hackers/crackers/terrorists/pirates/communists/lib erals from the target of the month country and followed with Dubya remaining the president and leading a war against supposed enemies of democratic voting.
Brilliant.
Contrary to the popular belief, there indeed is no God.
You know, there's just no substitute for a properly trained pollworker and a real paper ballot. Most people live within walking distance of a polling station. Take your commitment to democracy seriously; get up early enough to show in person; stand in line; and make your opinion count. It's easy.
This is my post. There are many others like it. If you don't like what you read here, go try one of the others.
If the Voting Central Server runs Windows Server 2003 and that the system requires .NET, we are doomed!!!
Anyone else notice the picture in the article shows an Apple 1-button mouse, even though the article claims the voting system will only work under Windows?
Vote for Pedro
Latest stats say that only around 45% of American Citizens of voting age actually vote. Although lack of security on windows begs for party fraud, I think we're missing an even bigger problem. If a foreign country were to get all the information from even 5% out of the 55% that doesn't vote, they could swing the election to the candidate of their choice.
These numbers are misleading because it doesn't say exactly what states aren't voting but it's a possibility.
...will quite probably never be removed from power
Surprisingly, this doesn't appear to be mentioned, unless it's below my threshold.
In any case, my concern is slightly more basic than technological security issues. Has anyone considered that this system will likely track who voted for whom, and that that information will possibly be accessable by a third party?
Granted, with any luck it will simply involve deleting a voting ID from a list, and putting the vote in a separate list, but there's no guarantee that's going to happen, is there?
SERVE, a rewrite by Database Technology, Florida?
One must never forget that even before the 2000 U.S. election took place, tens of thousands of legal voters were illegally purged from the voting rolls by the Florida State Department, run by Katherine Harris under the aegis of Jeb Bush's government.
A Database Technologies/Choicepoint Vice President has testified under oath TWICE that his company informed the State of Florida of the extent to which legal voters would be purged from the voting rolls, yet the Florida State Department decided to go ahead in any case.
Further, exonerated felons who had served their time and had their citizenship rights restored in other states were illegally required to apply for clemency in Florida, to Jeb Bush's Clemency office.
This was not the standard practice and was illegal, as several court cases made clear, cases of which Jeb Bush could not have been ignorant as they happened in his own state and ruled on his practice. Much of this can be found in Gregory Palast's great investigative journalistic work, and we've compiled a complete list here.
If you don't like to read, I suggest you at least view Palast's BBC Newsnight broadcast, which ran nationally in Britain. While the national mainstream news carried this story in England, U.S. news consumers are, in the case of the vast majority, completely in the dark.
The story was reiterated in the Nation by the Pulitzer Prize Winning journalist John Lantigua here.
Hmm, I wonder who gets to see the serlogs.2 8.20.20.0 https://www.votomautic.com/votedem.asp1 https://www.votomautic.com/votegreen.asp0 .20 https://www.votomautic.com/votegreen.asp3 .1 https://www.votomautic.com/votegreen.asp
77.203.20.1 https://www.votomautic.com/votebush?times=1000
1
206.20.0.
206.20.
206.20.
"Hmm, I think that subnet isn't voting correctly. They must be hackers. We should block them from our server." (Webmaster)
Worse yet when Microsoft SQL crashes they could claim the voting software doesn't require a back-end. Sounds like a most terrible idea.
Wil Wheaton is the ultimate karma whore. anything he ever posts is always modded +5 regardless... wish I was on some sci-fi television show so i could be a hero to millions of internet geeks... nice lame hackerspeak there...
my cousin thinks you are hot
I dont.
Um, the issue is about what client machines online voters would be using. The voting apparently would be browser-based, so it really shouldn't matter which server is being used, much less which OS on the client, or which web browser. We're talking about a government system here, so anything that gets beyond the pilot program from the military should be browser- and OS- agnostic. Citizens shouldn't be required to use Windows to get government services.
I know a lot of people will respond to flame me, saying that couldn't ever happen because Muslims don't have computers or some racist garbage like that, but it's just not true. I think there are a lot of "hackers" out there who would be more than willing to help them. Remember, Linux is a european operating system. A lot of 'them' have it in for us...
...yadayadayada. Yeah, Guido van Rossum and Linus and Alan Cox are all in a big K-O-N-spiracy to bring down the U.S. And SuSE is a German company and Mandrake is a French company; boy, we know how much they dislike us. Puh-leez. If Francophobia or Europhobia is driving software decisions in our government, something is seriously wrong.
I gotta go with Microsoft security on this one
An oxymoron if I ever heard one. There's a much greater chance of an exploit happening with Windows/IE than there is with any other combination of OS and browser. It's a fact.
Always look on the briight side of life! (whistle, whistle)
Apparently, there is a scientifically sound way of doing e-voting, although it would require someone much better versed in math than I, to confirm this. I once heard Vince Rijmen (of AES "Rijndael" fame) describe ways to ensure some essential, and apparently contradictory, guarantees in e-voting (it was in an EU country, so pls forgive the EU-centricity - I have a history, you insensitive clod.. :-) ):
/.ers will draw Vince into an online discussion about this, so we can all find out whether he really has this magical solution, or he was just advertising his new company. Make it an "Ask /.", for example.
Authentication: Assuring that one votes oneself, that one's vote is not falsified, and that one has voted, at all. (some EU countries have mandatory voting)
Anonimity: Assuring that it is impossible for a third party to determine who I've voted for.
Correctability: assuring that I can modify my vote for a certain period after it has been cast (because there is no oversight in voting at home, I could have been coerced to vote a certain way, e.g. by someone coming into my home and holding a gun against my head, and should be able to correct this).
Vince described how he and his fellows at Cryptomathic found ways to project some basic mathematical techniques onto PKI, to ensure all of the above, and therefore allow for mathematically provable e-voting. Essentially making the voting process much more certain and transparant than was ever possible using conventional techniques.
I was solemnly impressed. It sounded too good to be true. I sincerely hope some of you mathematically unchallenged
What we're all forgetting is that the real problem is voter apathy. Let's face it, when what? 20 percent (and that's probably a gross overestimation -- I don't remember the numbers) of eligible voters ACTUALLY register and vote, this is at the very least, an attempt to get those lazy armchair whiners out there to go and pick a candidate, instead of sleeping in on election day and then spending the next four years griping because they don't like who the /voters/ actually chose.
Oh, yes, and let's not forget that this will make it easier for the disabled and elderly to get out and have their say. Yes, I do resent the fact that it's build on Windows as opposed to putting the effort into making it platform-ubiquitous -- But let's concentrate on the possible benefits, too.
If firefighters fight fire, and crimefighters fight crime, what do freedom fighters fight? - George Carlin
for the virus/spyware/worm/... that infects Windows machines and patches the election program to vote for the candidate of the spyware author's choice. Remember the 2000 election 100,000 overseas votes could make the difference ....
Are you telling me that I'm going to have to go down to city hall to use online voting?? Seems like the main advantage of voting over the Internet (for military personnel or others outside the country) was just made moot by your idea.
The Red Pill
I don't care if anyone found out who I voted for, hint: It isn't going to be Bush
Hey! We get both CNN and Fox News over here too!
"wouldn't know enough"... <mumbles under breath>
[jole]
It used to be that women were not allowed not vote. It used to be that black people were not allowed to vote. For women, it was because they were not men and thus did not necessarily share the viewpoints of those in power who benefited from male voters. For blacks, it was because they were not white and thus did not necessarily share the viewpoints of those in power who benefitted from white voters.
While not as definitively prohibitive, this is the same as voter segregation. Unless you are willing to spend the money to use Windows, you are not permitted to vote in this fashion. What if you use a Macintosh? What if you run an open source operating system? If you are not in a particular class of citizens, your ability to vote is limited. Certainly if traditional voting is available to you there is really no problem, but that's not an option, you are being prohibited.
So the serious issue here not that Windows is secure or any other nonsense. The problem is that people who are influenced by Microsoft have thus dictated that those who do not use Microsoft products are not permitted to vote in this fashion. That's a serious problem because whoever directed these development efforts (and of course, whoever directed her) therefore has strong influence on how candidates will be elected.
I would wager that this could be very popular (though I personally prefer pulling the lever with the satisfying kerchunk to cast my vote). As a result, certain parties will have unfair advantages for reasons which should be obvious to most people who read Slashdot. (Of course, I am willing to outline a scenario or two for the uninitiated.)
Maybe someone should write a HOW-TO in the future outlining how this software may be used with Wine on OSS machines. Of course, options on the Macintosh are limited even further.
Join Tor today!
I got the following unexpected response when trying to retrieve <http://slashdot.org>:
:)
403 Forbidden
Is this what one would call... uh... "site design by obscurity?"
I think letting people vote online is stupid too many people (everyone) have access from uncontrolled locations (everywhere). If voting is to be done electronicly is should be done on a private network where you would still be required to go to the polls and instead of a silly punch card there is a computer for you to vote on. This way if anyone wanted to mount an attack they would have to launch it from the polling place (assuming the physical layer is secure) and the pcs their could be dumbed down enough (no cd/floppy drive, touch screen only) to make it next to impossible for a person to hack without drawing attention to themselves.
If you want to use your computer to exercise your right to vote, you must purchase a product from one particular company.
And it's not the browser, either, as you can use Mozilla (Netscape 6x) as long as you're on Microsoft.
I guess it wont make much difference to our servicemen, as they will probably be using Windows anyway, but what about overseas citizens? Do they just change thier user-agent string?
Read, L
Security through obscurity is like hiding a key under the doormat. You think you're o.k. because the key is hidden, and you don't see the key yourself when you go out and wander around your door. Plus so many people do it (you assume) and you never hear them talk about break-ins.
But reality is that the mat will really stop nobody who wants to enter your house from getting the key. The only people your key-hiding will stop is people who didn't want to enter in the first place anyway, the other people will for sure check under the mat, flowerpot, etc...
Security through obscurity gives a false sense of security, making the implementer lax. That is one of the many reasons why obscurity is actually counterproductive for security. In practice obscurity has already has lead to many, many security failures.
That is what is means. Translation: if you have 'security through obscurity', the best you can do is assume your worst enemies already know all the details and the worst you can do is assume that it will help you in anything at all.
Obscurity does not help towards security. Obscurity is just what it is, obscurity, but a searchlight will make it vanish completely.
Use real security.
--- Hindsight is 20/20, but walking backwards is not the answer.
Online voting is being incouraged
Maybe so, but it is being encouraged because of cost, as aut0pron states above.
Eve Fairbanks says I drive a hybrid!LOL
Chads/Dimples in Florida, Microsoft Windows overseas ...
Looks like Bush wants to make sure he can steal^H^H^H^H^H - I mean - win the election again.
Luckily he's such a brilliant man that nobody will catch on to his plan.
All of those things do not have to be
1) secret
2) once-only
3) if you pay for someone else, it's YOUR bankaccount
an electronic voting system without biometric verification wouldn't cut it, imho
No, in that case I haven't explained myself well enough. What I am saying is that you have to go down to get a private-public keyset *once* and then you can vote online for the next many referendums/elections.
But...but...but...how can SERVE be Windows-only when the graphic in the article clearly shows a Macintosh mouse?? I don't understand.
"... insert the Windows NT Workstation 4.0 compact disc with your computer turned off." - NT installation manual
Since Windows easily has more than 50% of the mass market, this won't be a problem. If you happen to fall into the 50% of the population that does vote and doesn't have access to a Windows box (hint: see local library) you're probably a Linux zealot. And being a Linux zealot means you're a communist. So really, you shouldn't be voting anyway.
I think our government has made an excellent decision.
Ben
Work Safe Porn
Isn't this against what democracy stands for? In a democracy everybody has the equal right to vote, regardless of income and computing platform.
What's so bad about being lazy? What if there was a war and nobody showed up?
Sorry, but the popularity argument doesn't wash, when they could just write the client app in Java, and have it run on pretty much any browser, not just the predominant, usecureable desktop OS.
This is fishy as hell.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Check here for details.
It seems the Windows requirement is arbitrary.
Read, L
Internet voting will help buy elections. Anyone
can vote for you. You can decide to sell your
vote or you identity is used to vote for you.
And this is jsut another way to keep the people who will vote for oss solutions out of the mix. If you use linux exclusively you can't vote. Then if we can't get our votes in, only people who don't have a clue will be voting. It's all a conspiracy I tell you!!
In a surprising turnaround, a new candidate who calls himself l33td00d has won the election, accumulating 10 trillion votes in a matter of seconds.
I made a PHP/MySQL library that prevents SQL injection & makes coding easier!
Okay, sure, one option would be to design a proprietary voting system, intended to be secure against all current and future viruses and worms. This would be incredibly tedious and probably fail because it isn't very practical to assume that everyone's workstation is secure, or to attempt to make it secure. Even if this is possible on a single platform (Windows), it would be impossible to achieve with a cross-platform solution.
Here's another option. Make a boot floppy with a scaled-down operating system on it (Linux would work) and drivers for most ethernet boards, modems, and keyboards. Granted, this might take a couple floppies, or a boot floppy with a driver CD. But this would be much more secure--and compatible-- than other solutions. The software could easily be ported from x86 to alpha, ppc, sparc, etc. without much hassle (except bootloaders).
I'd like to hear some criticism of this implementation.
Why is Windows a requirement? And Explorer?
Learn to use the cookies.
I am a Mac user and prefer Safari, Camino, Links, iCab. Thus no way I could vote. Why are the Mac / Linux / other OS than windows and Other Browser than Explorer users seen as B-citizens?
Now you can have a happy blue donkey on your desktop, it can do all the neat stuff that your monkey can do! But, in addittion it can also vote for you!!
for you! do you want to install?
[yes] [yes] [hell yes] [always yes!] [maby some other time]
Is it a good idea for them to be using client software? By doing so, you are giving hackers a large amount of bitcode to play with and find exploitations with. It seems to me that it would make a lot more sense to use SSL over HTTP as this has been highly tested for security all over the internet for years. Any program that they develope will be very green and unpredictable.
"Why the Windows requirement?
They wanted to use a stable, reliable, and secure operating system to ensure that all American voters have equal and unhindered access to their right to vote.
Unfortunately, they couldn't think of anything, so they just chose Windows.
-- "Government is the great fiction through which everybody endeavors to live at the expense of everybody else."
Explorer is bad, but for Mac it's even worse. It's the worst browser on Mac platform.
I can see one problem with any online system thats gonna be hard to solve.
Dallas (and probably a lot of other places as well) has a problem with what are called "Vote Brokers". There are people who go around neighborhoods right after the absentee ballots have arrived in the mail. They prey mainly on lonely, elderly people.. offer to "help" them with their absentee ballot. Of course, the "help" is to make sure that the candidate they represent is voted for. Failing that, they'll offer to mail the ballot, then just trash votes that aren't for their candidate. If the person insists on mailing it themselves, they'll just go by later and steal the ballot out of their mailbox.
The Dallas Observer ran a couple of stories on this about a year ago. Stories about brokers showing up at the absentee vote counting headquarters on the last day with sacks and sacks of ballots. Of course, the brokers claim they're just helping the old folks exercize their right to vote, and they don't influence anything, and you can't prove it anyway.
Internet voting is just going to make this even easier. Now the broker will show up with a shiny new laptop that most of these people won't understand and will be intimidated by. Hell, you could even run some official-looking trojan software on the laptop and just steal peoples voter information for use later.
I am NOT a man!
I am a free number!
Just when they could have convinced thousands of somewhat informed voters to NOT go to a physical voting location, and instead to trust technology, they mess it up by getting the less moderate technology-oriented voters riled up with the mention of Microsoft.
Regardless though, I'm sure the status of such votes would be used in much the same manner as write-in votes... only meaningful if the result of the "real" vote comes into question.
Ryan Fenton
And the big problem with HTML compatibility isn't extensions. The problem is that early versions of HTML were deliberately vague about exactly how tags should be interpretated. B-L and company thought of the web purely as a way of sharing content, and didn't anticipate that presentation would be such a big deal. But it is a big deal, and web developers use all kind of tricks to make pages look exactly the way they should. (Slashdot is a case in point.) Getting developers to stop using these tricks is difficult. Especially when the main alternatives (HTML4 and CSS2) have so little support by browser vendors.
Many thanks to the publicity centered around innumerous incidents of identity theft and Microsoft's intentions to simplify such tasks by 'adopting technological innovations'... It seems that online voting would at least secure the votes of those parties who share common business interests.
They're just trying to get rid of anyone who won't vote for Bush in the election. Think about who uses these OS's and the slight political slant of their user bases...
Mac - political tilt to Green or Dem.
Unix var - tilt to Libertarian, Green, Etc.
It's like conservatives and the environment -- take a look at where the liberals are and where it would be flooded if the oceans rise. You'll have to ask yourself, "Are they trying to kill off the opposition?"
The availability of a plethora of GNU-on-a-disk live-cdroms and bootable floppies almost completely nullifies the "installed base" argument used to develop public software for MS Windows.
I for one would feel a lot more secure in our democratic system if electronic voting involved me sticking in a CD-rom and booting it up. That CD-rom ought to contain:
1) A live graphical operating system like the Knoppix incarnation of KDE+Gnu/Linux
2) Searcheable, Crosslinked PDFs and/or html versions of the voting guide and any supporting text, multimedia, etc. that the supporters of candidates and/or ballot propositions want to put on it --- after all, this is a CD and can hold more than the usual voting pamphlet.
3) A digital signature and self-test for its MD5 that can be used to verify that the CD is authentic at time of voting.
4) Restricted access to the internet --- just to the websites of the voting authority and to an official site that can host errata and/or other connections to the voter's guide information.
5) Sandboxed access to the rest of the net --- no flash, activeX, java, javascript, cookies, etc. This will allow the user to check third-party websites that want to give candidate slates, voting recommendations, etc...
The beauty of Free Software is that most everything needed to create the above is freely available and free to have its software examined by concerned citizens.
Using their existing operating system seems like a very bad idea in comparison.
First off, isn't the last OS they would want to use because it IS so insecure?
More importantly cant they go about it a different way. Making it a mult-platform application, or use JAVA or something!!!!
I have some understanding of why it would be for windows. Windows is used for a lot of the software the military uses, granted I still love to read about the destroyer that had to be towed back cause NT crashed and they couldn't start it up again.
But regardless, we live in society that constantly prints up in 10 million different languages for everyone in our country, yet refuses to code to the 4 or 5 different major OS's out there. Is it me or there something either very wrong with this, or more likely having a republican president in the office, very suspicious!!!
"Slashdot, where telling the truth is overrated but lying is insightful."
This discussion does have a huge flame factor, doesn't it? I'm getting pretty discouraged by the declining maturity level in the Slashdot community. Though it would also have helped if Timothy had taken the time to look up some more informative links, thus giving people something to think about before they jerked their knees.
Aside from the obvious security concerns, do you really want to make it easier for people who can't be bothered to get up off their asses and drive three blocks once every two years to have a say in the way this country is headed?
"Other than that, Mrs. Lincoln, how was the play?"
If you don't like that this will be Windows-only, go to http://www.serveusa.gov/public/aca.aspx and click on "Contact Us." If they get 10,000 emails from slashdotters, they might think twice, and it will take 3 minutes of your time.
The voting owns YOU!
It will be much more convenient for wealthy computer owners to point and click on their favorite candidate. It is more fair for everyone to have to vote in the same place in the same way at the same time.
P.S. - Please disregard this post if the online voting will never be applied to more than absentee voting as the article discusses.
You can use any software you want, as long as it's windows.
My rights don't need management.
Open source software has been called "un-American". Surely that's reason enough? ;-9
There's one reason to only support one operating system: support.
These people are going to have the dreaded "everyday users" both as clients and staffers for the tech support required to pull this off. If you go with Macs, you need to have a completely seperate support section. If you go with Linux, the ten people using it will need $100,000 worth of funding just so they don't have to use someone else's computer.
Making it a Windows requirements saves this headache from becoming fatal. For a small beta test such as this, that surely has limited resources, restricting it to 95% of users makes sense.
First, someone will be able to readily h4x0r and r00t their boxen because they run on that POS, er, OS called Windows.
Second, it's possible that Maro$haft will slip a secret back door and take the info they learn and sell it to someone.
Third, what about those of us who boycott M$ and refuse to use their OS, using Linux or BSD instead (or, horrors, Darwin)?
WTF are they thinking going Windows-only?
Can't they write the software for these other OSes, statically linked? Fasuck, people, get a real operating system, dammit!
-uso.
Dreams, dreams, don't doubt dreams, dreaming children's dreaming dreams. Sailor Moon SS
Using Linux is a something you chose to do. Using Linux was not something you were born to do
What if I cannot afford Windows? Microsoft WindowsXP comes with a price-tag of a couple hundred dollars or more, plus exceedingly high hardware requirements. Indeed the cost of Windows plus some software to make it useful can even exceed the cost of the hardware it runs on. Linux costs me nothing and can scale down to just about any hardware. Open source solutions are excellent options for those who are not well-endowed financially (like myself), especially in our current economic environment.
It's an option to those who are not affluent. Consider people who may purchase very cheap computers from Walmart running Lindows (cheaper because there is no Microsoft tax associated with the computer). Is being poor a matter of choice?
You make a very good point, but it seems to me that this Windows-only nonsense may also extend to segregating the rich and poor. What if the software had requirements with even heftier price-tags?
Of course, cost is not the only factor here. What if I require a secure system? What if I require a stable system? We are all aware of the Windows track-record, and it is beyond pathetic. What if I have no choice to not use Windows? What if the matter is an ethical decision? Microsoft are a criminal organization, as proven by the United State's own judicial system. What if my ethics and principles require me to not fund a criminal operation? (Of course, this rides on choice fundamentally, but for those with strong ethics, the choice may not exist.)
Join Tor today!
So what if I take my microsoft X-Box, whcih presumably runs microsofts OS, mod it to run linux?
Could I then vote from my modded X-Box?
I got nottin
Total soft money contributions made by Microsoft for the 2002 election cycle:
Republicans: $1,890,401
Democrats: $800,343
Source
Microsoft is already using money to influence politics, and they favor Republicans 2-1... you think they can give Bush a few hundred "extra" Florida votes if he needs them?
Remember the days when Republicans were the party of fiscal responsibility?
Slashdot polls! That's right, during the second Tuesday in November (I think??), the Slashdot poll will be: "Who will be president for the next four years?". Everyone who wants to vote will need to pick one of the choices (when it's multiple choice, you've got to pick one, tough). Choices will be:
1) Geroge Bush Jr.
2) (insert your favorite democrat here)
3) CowboyNeal runs my world, thank you very much.
No one is sure who will win, but CowboyNeal has a history of being popular in polls.
If they're relying on security-through-obscurity by running it on Windows and not releasing the source, the Slashdot poll will probably be about as secure. There are already people out there who have developed crytographic systems for voting, and because the source to the program will presumably be closed-source, it probably won't be very good. Voting isn't hard, and if you can't tell who you're voting for, it's not the voting machine's fault, IT'S YOURS!!!
And thaaat's what we call FREEDOM.
If you can't, or don't want to, afford MS Windows you just can't vote.
Next Step: If you can't, or don't want to, afford a Mont Blanc pen you just can't vote.
Or even: If you can't, or don't want to, afford a house on you own you just can't vote.
And to get back to XVIII century: If you can't, or don't want to, have a $120,000 job you just can't vote (adjusted values).
-=-=-=-=
I know life isn't fair, but why can't it ever be un-fair in MY favor!?
>"a no brainer to target Windows IE"
Yeah, no-brainer... that explains a lot! Except I think you meant "you'd have to be a no-brainer...".
There is the matter that in order to use this system, I must pay money to a corporation.
Presently, the only requirement for me to vote in a United States election is that I must be registered to vote within a specific scope. In order to be registered, I must be a United States citizen.
Using this system means that I must not only meet that requirement, but also post a ~$200 fee to Microsoft Corporation (MSFT) in Redmond, WA. I think it's highly unethical to require voters to pay a very politically active organization that may not agree with their views in order to utilize a mechanism to participate in a democratic election. Voting mechanisms must all be equally available to anyone who has the right to vote.
(The terms I am speaking in make the assumption that online voting is the only option. This is not yet the case, but taking technological trends into consideration, traditional voting means may eventually fade into obscurity. If we continue on this road of platfor dependence, we may create problems in the big picture.)
Join Tor today!
It seems that if you are too lazy to get out to vote or at least vote in absentia via mail, then you shouldn't be voting. I would hate to see the process for choosing our leader be modeled after American Idol.
--Joey
Force the linux guys to vote the old way, let the windows users vote easier. Pretty soon the linux-savy politician(s) will start loosing votes. Within ten years, Bill Gates will be president.
Gates in 2008!
See this thread for closely related discussion regarding this argument.
Quote:
What it means is that obscurity is not sufficient for security. It does not mean that obscurity is not helpful as part of an overall security system.
Precisely. If obscurity were not beneficial as part of security, then root passwords would be publicly available.
End quote.
What you are talking about is giving away keys. What you should be talking about is opening up algorithms and protocols, since that is what would actually be opened. The relevant facts are that the product will be reverse engineered anyway, so vulnerabilities will be exploited, but if the code is open then they will be found faster and corrected faster. If you cannot stop exploits when your code is open, then you couldn't stop them when it is closed either. This follows a well known trend in encryption technology where algorithms are subjected to testing by as many people as possible to determine their security.
My Blog
One of the Democrats running for President in 2004 is Bob Graham, a lifelong politician who's never lost an election-- and this is in a predominantely Republican state! Seeing as how Florida is a swing state, and that Graham is in the race, the GOP's going to take as much control as they can...
Nothing prevents me from giving my passport (or whatever other means of ID that is deemed fitting) to someone else and let them vote in my name
You photograph on the ID perhaps ?
that disables HTML traffic?
Online voting is being incouraged in the US because of its susceptibility to fraud, not its resistance.
Imagine how much easier it will be to rig elections. At the risk of getting into a partisan flamewar, what happened to Florida is suspect for election tampering. I suppose if my brother was the governor of a state, I could get a lot done in my favor. Now with no security, things can be heavily corrupted with even less of a paper trail (it doesn't exist).
These are tools for oppression. These are tools for defeating democracy.
Join Tor today!
Sophisticated encryption technology will scramble messages containing the ballots, and voter identity will be verified through digital signature, a prearranged procedure to authenticate the voter's signature.
:-) (after all, she has experience as the First Daughter!)
So in order to vote, I have to give something that says "red floyd". This is unacceptable. When I vote in person, I have to ID myself.
BUT... there is nothing linking that ID to my ballot. With this system, it's almost necessary, given the fact that they need to validate that this is my vote. In other words, they have something that says, "red floyd voted for CowboyNeal". This is untenable, most likely illegal, and quite possibly unconstitutional.
Disclaimer: I would not vote for CowboyNeal for President. Natalie Portman, maybe
The only reason we have the rights we have is that people just like us died to gain those rights. -- Cheerio Boy
Hey! We get both CNN and Fox News over here too!
Oh yeah! Well here in the states we get CNN, Fox News, and Rush Limbaugh and the voters are still ignorant.
What makes you think you're so different?
It isn't crazy; the system was intentionally designed in this way.
Without this, candidates would only need to win three states -- probably California, New York, and Texas -- to win the election.
Surely the issues that matter to the states in our heartland differ from the issues that matter to large urban population centers.
Historically, we have said that this is more fair because otherwise the candidates will not be accountable to many, many voters, inhabiting large expansees of land.
Additionally, it leaves open the possibility that only an informed few will actually vote, because there are many, many people in our nation who do not have the time or the mental capacity to make an informed vote.
Our nation is not based upon mob rule.
We are a nation based upon reason, and it is sad that we have strayed from this path.
Let's face it Americans... your "democracy" is screwed regardless of how you vote. Doing it electronically will just make the whole farce cost less.
Microsoft clearly has the optomistic figure here, because of their way of counting. Every Windows license sale they count, and every Windows upgrade counts too. For example, if a user was to buy Windows 3.1, then 95, and then 98, and then XP, Microsoft could assume that it is 4 copies of Windows installed on 4 different computers.
Linux and the other free operating systems like BSD, on the other hand, have much less of an advatage numerically, for you see, because free operating systems get distributed so many ways, there is no effecitve way to count all of them. To get a "logical estimate", the best way is to tabulate how many Linux box sets and CDs were sold, see how many ISOs were downloaded from FTP sites that are willing to cooperate, and thats about it. After these CDs are bought or downloaded and burned, anything could happen to them. The owner could install them on 2 computers, or 4 computers. Nobody knows, as there are no restrictions.
The numbers that are presented are just logical estimates. What are the real numbers? Nobody knows. On the next census in the US, there should be a place to fill in what operating system the person usually uses. That would be more accruate than counting software distributions.
I see you are trying to cast a ballot. Would you like me to
__ show you which candidate supports terrorist open source software
__ show you which candidate supports God-fearing American-made software
If Slashdot were chemistry it would look like this:Cadaverine
One problem is that we will probably not know the protocol until election day, or very near to it. This leaves insufficient time for a worm to spread.
For example, you must know the exact string associated with each candidate. It may even be that a number is associated with each candidate; in this case you must know the number.
While writing a work in advance robust enough to determine these factors on its own would not be overly difficult, there is an easier way.
Either way, the worm must be spread weeks before election day, and take no action until election day which might cause suspicion.
The solution is to write a work which on election day will contact one of several predetermined remote hosts for instructions.
The conspirators will, early on the day of election, quickly attempt to vote themselves and find the necessary information to make the modifications; that is, the exact fields required and the specific string or number associated with each candidate.
Then, the conspirators will distribute this information to the predetermined hosts -- probably 100 to 1000 already compromised machines -- and then when the worm-infected clients connect to the voting website, these 100 to 1000 machines will be contacted for specific instructions.
Since it would be done many weeks in advance, it is simply a matter of not having your work detected before election day.
We all know that actually getting the worm onto client computerrs will not be a problem; nor will being detected in doing so.
very few personal boxen get hacked, cracked, etc, from the outside. it is the servers they are after, and then, their not going to hack into someone's little web or battlenet server
Actually, it is the small, personal machines that are the main targets because they are easy picking and because the hacks are likely never to be noticed. The statement above implies a hacker is going after a server for the notoriety and/or data stored there. However, this is not the only (primary?) reason for hacking boxes.
Someone going after a big target is going to want to obfuscate the source of the attack. They will go through multiple hacked machines to make that big strike. Someone going for a DDOS on CNN or Slashdot is going to need a lot of end user zombie machines.
There have been recent articles regarding the new trojans that create open proxies on end user machines and speculating that since these are then later used to route spam that perhaps these trojans/hacks are actually perpetrated by the spammers.
Small machines can be used as storage locations for material that is used in other hacks. (FTP your files off of some poor Verizon DSL slob instead of the hacker's machine.)
I know that when I have bothered to reverse DNS the IPs attacking my firewall, the bulk of them appear to be cable users or DSL--with a good percentage of dial-ups. This is not because all of these people are attempting attacks, but because unbeknownst to them their machines are already compromised and are being used as the source of further attacks.
In this case, security from script kiddies is neither here nor there. The best way to keep your system secure is have as many white hats as possible try and find holes in it, and the best way to do that is to publish the details of the system. That way, you can be confident that the system is secure, even if the source code is leaked.As to your comment about OpenBSD, that is almost completely irrelevant. It doesn't matter how secure the base OS is if the software it's running is insecure.
Which do you trust more? A system where the proponents say, "Trust Us" or a system where you can look for yourself. I know which I prefer.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
So, since nobody seems to like the idea/security of online voting, prove your point.
Hack the server/code and mess with it so completely that it'll be obvious that there is no way online voting in this particular form can work
better for a few concerned citizens to do it now, than let some foreign country elect whomever it likes...
Nikkos
As always, when someone like this is about to come out, it's our job to "educate" the people. There is no reason they need to make this a windows only program and lets tell them that.
http://www.serveusa.gov -- main site
click "contact us" and let the educating to begin.
Only dead fish swim with the stream...
Obviously not a military member, that agentZ. Just like your employer, the military mandates certain standards and suppliers for its IT systems. However, also like your employer, it does not tell the employees (military members) what they can or cannot use on their own systems.
When Walmart sells Lindows Computers at Walmart, not just at walmart.com (in name only, really) Then we get to vote using Lindows, Debian, Mandrake, Debian, Redhat, etc.
and
I get a job showing Walmart customers how to use their Linux boxen.
If you put all platform decision crazyness aside. There still remains a problem that's much larger than checking signatures and stuff. How do voters get their keys and how are they verified? With cryptography, key exchange is still a major issue that holds infrastructure and logistics problems that are much harder to tackle than implementing algorithms. Is there already the required PKI available to every participating American that enables secure key validation and distribution?
I know that I am going to get some static from /. crowd for being 'pro' Microsoft, but here is my two cents on the issue. Anybody who has designed a complicated web-based application will tell you that trying to support a variety of browsers and platforms can turn into a nightmare. I worked as a qa engineer for two companies that specialized in very complicated large scale web application and both of the companies had to restrict their software to Windows and Internet Explorer. Why? Simply because it was easier to design, develop and test the applications that had less variables involved in a short run. Additionally, these application targeted businesses and individuals who used Windows as their desktop platform. The companies that I worked for did start developing their applications for different platforms, but it was only after the Windows based programs proved to be a great success. Same goes for the United States government. Want it or not, Windows still have the largest share of the desktop market and it does makes sense to deploy an application for this platform and then worry about the rest of the players.
/. readers and voters who use OSes other than Windows represent a small fraction of the United States' citizens.
I don't think that a Window based voting system is an ultimate solution in terms of covering hundred percent voters and being absolutely secure, but the fact is that money talks and if it is cheaper to develop an application that targets only Windows at the beginning, well.. more power to Uncle Sam. Afterall,
Now instead of spending MILLIONS of dollars on an election campaign the Candidates will spend those millions on hackers whose jobs will be to infect all users computers and have their machines vote for them. Then again when ppl see that they have absolutely 100% of the vote, that might look a little suspicious.
75% of all statistics are made up!
IANAL, and not an US citizen either. So may be the US laws regarding elections are quite diferent from those in other countries. But i wonder if this initiative is sustainable on constitutional grounds.
Strict equality (``one man one vote'', and equal accesibitlity of all citizens to the right of voting) is the basis of all democratic systems. Assuming the U.S. is one of these, having to pay for an O.S. to a certain software company for issuing a vote doesn't seem to hold on that basis.
...then go to the poll, or get a standard absentee ballot.
Your inability to vote via the Internet has no bearing on your ability to vote.
Information wants to be free.
Entertainment wants to be paid.
You just want to be cheap.
What state are you voting in? I know for a fact that there is plenty of information linking me to my ballot.
When I last voted in Maryland, I showed my ID, and they wrote down the ballot number next to my name. Then I voted, they kept the ballot with my number and gat me what was effectively a receipt with the ballot number on it.
If someone really wanted to check before the time to contest and ask for a recount was over, they could find the sheet with my name, get the ballot number, and go look and whom I chose.
The power of accurate observation is commonly called cynicism by those who have not got it. - G.B. Shaw
The Windows requirements is to put a stop to those damn Commies voting.
Not far from the truth, IMHO.
WTF is the Pentagon doing running a voting program? I could see DARPA being involved, maybe, but the Pentagon? The only involvement the military should have in an election is to give servicemembers time off to vote.
What's next, the CIA running the debates?
Because I don't have points today.
Of course, the sites I expect to get hacked are any that Armed Forces personnel actually use for voting.
If they are very, very, lucky, the only black hat work will be done by outside site defacers, not the insiders I expect to have pre-hacked the boxes.
I can't tell from the google results so far if the Federal Voting Assistance Program uses ESS/Diebold/Global or not.
Tech Public Policy stuff
Better yet, imaging casting 10,000 votes from a cybercafe (you just 0wned) in Thailand !!
I can see it now. Likely error message:
It does not say only from any computer using Windows. Everyone here's reacting as if the article said the latter, but it didn't. The article does not say, if you read carefully, that the system will somehow be limited to Windows. I just says anyone with Windows and the internet will have access.
in this country are so damn ignorant. I don't want the lazy, uneducated, mindless slobs who can't be bothered to wait in a line one night every two years for fear of missing that Full House re-run to have any sway in an election.
The voters are ignorant because elected officials are not held accountable for the corruption, enormous waste, hypocrisy and pork, regardless of what political party is in power. It is the one constant in the political landscape.
More than likely Windows/Palladium will be the only way to vote online in the USA.
So it means you have to go down to Walmart and pick up your $200 Windows Voting Terminal.
You only turn it on when you want to vote or do some other government function.
Of course, you put it on its own isolated subnet when it comes time to vote. Don't want the latest Microsoft spyware/scanware/uploadware to be snooping on your home net, after all.
So the mandatory Windows Spyware Voting System effectively will be a VOTING TAX on the people who value their privacy and information security.
If your voting terminal lasts for 4 years, it's basically $50/yr to access online voting. Plus the labor costs and possible hardware costs of isolating the voting terminal from the rest of your system.
All in all, $50/yr to vote online is probably worth it. If only so you can use your digital camera to capture who you voted for. Or who you want people to think you voted for... Or who you think you voted for...
Yep, it's America. Pay money to vote online and you still have no certainty that you got a vote.
IGNORANCE IS STRENGTH
WAR IS PEACE
(and of course)
FREEDOM IS SLAVERY
WELCOME TO THE LAND OF THE FREE
Better make it a bootable CD. Many computers being sold now don't come with a floppy drive.
Once, when going through a Burger King drive through, I was told that they only serve people who drive Fords.
.... bcoz Linux SUCKS
hey, what about equal protection under the law???
To put it mildly this article seems to have brought out of the woodwork all the overly sensitive computerites that think that the "OS war" will somehow be won or lost by the hands of the US government, the government saying that windows is a requirement is necessary only because it establishes a standard base to work from... the average joe moron does not know ssl from shtml as such in order for them to "be able to do their voting using theat trendy little thing called the internet" you have to list something that will have the standards needed already built into the system otherwise you'll have a bunch of people drooling and staring blankly at the screen going "what's SSL? can't I just push the little buttons and be done with it?".
to put my argument simply you must remember that the average user does not care what makes it work as long as it simply does, things only become a concern when they go wrong, The listed requirements are mentally satisfying to an end-user audience. I would imagine the technical specification document (whatever its form) is far more interesting to us geek types.
Maybe they'll rethink their position. Of course, since the margin of error in the last election was around 100,000, this probably won't make too big a difference. In fact, they might as well just tap HotBits & avoid the controversy.
Of course it is safe, easy and secure.
In related news Linus Torvolds is elected King of the United states...
Please remember that we are Slashdot, we are numerous, and we are powerful. So go to the site, click Contact Us, and give them a piece of your mind. For that matter, you could even snail mail them something. When webmasters start getting tons of mail about allowing real browsers, they sometimes do it. And in this case, it affects voting, so it's very important. Surely a few hundred messages asking them not to discriminate on UserAgent headers, submitted before the system's even implemented, will widen their view.
Litigious bastards
What's the point in screwing with the election. So long as you skew the vote for the incumbent they can pardon whatever you do...discreetly or otherwise
hold on a sec...
Brian
Like any other application, they probably want to get the most coverage for the least effort, and that means Windows. As I understand SERVE, it doesn't require you to run out and buy a Windows machine; you can simply go to your local Internet Cafe (I bet there's an equivalent on big Navy ships) and use their computer.
WE WILL OWNZ THE VOTE IN 2004 BWAHAHAHAHAHAHAHAHAHAHAHA
If Bush wins by anything more than a recount this time, you know somewhere they were cheating.
There's a cost-benefit curve there. If you keep it secret from everyone, that's bad. If you keep it secret only from those who might attack it, and no one else, that's good. For each given scenario there's a point somewhere in between that's best. Unfortunately, it's almos never possible to tell who'll be attacking it, and the costs of not getting peer review are higher than the benefits of making your enemies attack it blind, for basically secure systems. But recall that replicating the Purple cipher nearly drove Freidman mad, while Turing et all were able to crack a captured Enigma relatively sanely... So the sucessful Japanese obscurity efforts cost America a great cryptanalyst.
Let's face it, there isn't a single Internet poll that hasn't already been warped by people trying to vote their hero to the top, Wil Wheaton, for example. But that's all fun and games, and anything that benefits CleverNickName is fine by me.
But in this age of rampant identity theft, I cannot imagine a fool-proof system for the very very simple fact that there isn't anyone checking the actual identity of the person above the keyboard. Forget PIN's, digital signatures, and anything else, there's not a damn thing to stop voter fraud on the Internet. It's worse than the motor-voter law, which allows people to register to vote without any actual proof of citizenship.
Maybe Internet voting will lead to a technocracy, because the party with the best hackers will win. Of course, since Bill Gates owns the OS, guess what's going to happen.
144l. ph34r my 133t l3g4l 5k1lz!
The Bill Gates for President campaign is said to be going very well :-)
in my life God comes first.... but Linux is pretty high after that
Francis Smit
Where does it say that windows is "required"? I think all they're trying to say is that it will run just fine on Windows, not that it's necessarily required.
It was actually Bush who stole the election.
Al Gore was elected president.
... at any public library! Or town hall! Or designated voting places with special voting kiosks!
Wouldn't it be more responsible for you people to complain about discrimination against those not financially capable of owning a computer? Although the above mentioned solution would take care of it, you could at least make a more intelligent argument about "poll taxes" or something like that.
So you're saying that I have to give money to MS to excercise my rights as a U.S. citizen? This is pretty damn ugly. MS offends me on many levels. The idea that I have to license a copy of Windows to vote is extremely repugnant. In any case, there are well documented standards for SSL and HTTP. There is absolutely no excuse for a Windows only platform requirement.
It's failry obvious that there is a security risk involving a Microsoft product, or any computing sytem for that matter, however since this only accounts for such a small amount of votes it would probablly not be attractive for anybody trying to cheat. However, the hype and controversy surrounding the system is probablly the largest security risk, regardless of it's OS dependency. The simple fact that everybody will be focusing their attention on this "New" and "Controversial" system of voting, will detract attention from other security holes in the voting system as a whole (including traditional paper ballots and what not) and could allow somebody to exploit those holes even moreso than before.
--
Adobe's anti-counterfeiting softw
And that's just off the top of my head. Maybe it's from reading the Software Sharecropping article that mentions the liberating influence of browser-based user interfaces. Nothing for anyone to 'download and install' - just email the voters a link they can click on.
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
The basic technologies behind security certainly shouldn't be secure
Should read:
"The basic technologies behind security certainly shouldn't be obscured"
http://www.scoop.co.nz/mason/stories/HL0307/S00065 .htm
This is your worst nightmare come true!
I read that story earlier, and it's pretty bogus. Essentially the authors complain that a person with root access (or Windows equivalent thereof) on the database machine can do anything. Well that's obvious. Among other things, the authors complain that you can add admin accounts to the system by inserting rows into a table. So? This is true for every db-based app I've worked on. The key is that only authorized users should have access to that table in the first place.
I'm not saying the electronic voting system is "secure", whatever that would mean. Just that the article is poorly thought out.
What are they waisting their money on to have it cost 22 MILLION DOLLARS!!!!
'Voters using SERVE can register to vote and cast their ballots from any computer using Microsoft Windows with Internet access.' Why the Windows requirement? Is that really going to make online voting secure?"
Are you sh*ting me?? Secure?! HA!
I would rather chop my legs off with a Ginsu knife and drag my bleeding body over broken glass and burning coals, by my fingernails to get to a polling place than install Windows just to vote. Besides, voting is a scam anyway. They put whoever they want in there anyway. Voting is just so that the people *THINK* they really put someone in office.
And in the end, do the scumbag that gets into office ever keep any promises?? Hell no...
They get fat, pad their pockets and glorify themselves to massage their egos...
I'm normally no MS-apologist (actually Sybase apologist in this case; SQL Server is a fork of Sybase 4.2) but this makes sense to me:
Hands in my pocket
Nice racket! When is some country going to liberate us?
Hiding a key under the mat is security through obscurity, sure. But what they're talking about is really much worse than that.
It's more analogous to using doors made of laminate plywood to protect all of your worldly belongings. Keys and locks or whatnot, anyone could just kick them in.
They may obscure the contents of your house from a random passer-by, but anyone who is actually *motivated* to violate that security will have no problem.
"I assumed blithely that there were no elves out there in the darkness"
having sex with a member of the opposite sex will require Windows.
if they got caught doing something naughty with the votes
if they don't get caught, then everything will be just fine
what a perfect plan for the government and the corporations
Mind not! The supreme court will immediately put a stop to; er! never mind...
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
I can just see it, after two propositions are voted on, up pops a small paper clip with a bright smile.
"I noticed you are trying to vote republican. Would you like me to vote for you?"
[click]No, leave me alone
A few more propositions and up pops clippy with a slightly offended stare.
"I noticed your picking a lot of democrat sides on propositions, would you like me to vote republican for you?"
[click] No, leave me alone DANMIT!
Then the choice for president comes up, and clippy appears with horns, a tail and a pitchfork.
I noticed you voted for someone other than Bill Gates, would you like me to select Bill Gates for you, or shall I just crash and force you to repeat this whole thing over again?
Whereas Microsoft Windows has proven time and time again to be the greatest computer security risk in the history of all Lifekind, and the company Microsoft has no ethics, no morals, and no honor, I do hereby pledge that for as long as I am a citizen of these United States of America and eligible to vote, I will NEVER vote using any system running any version of Microsoft Windows.
I should sent copies of this pledge to each and every elected official who has juristdiction our myself. I implore all to to the same.
Let's shake the pillars of Hell and crack the Sky with our disgust and anger at this infection into the sacred democratic process.
If windows is REQUIRED, what about blind voters?
You can't require a voting method that cannot be used by disabled voters.
except that your passport has your picture on it, not someone else's.
You have now separated the authentication from the voting in both time and space. A USB dongle can be bought or stolen; a secret ballot inside a poling station cannot.
When they won't let you vote in the first place. The most chilling aspect of what happened in Florida had nothing to do with fraudulent votes, it was the widespread disenfranchisement of minority voters by their very own government.
"Trust in haste. Repent at leisure"
I'm sorry, your government has performed an illegal action and must be shut down. If the problem persists, please contact your beaurocratic vendor.
Just because you can mod me down, doesn't mean you're right. Shoes for industry!
- Its in use on the vast majority of PCs out there
- Given that, if you were going to develop software that has to work, you would aim for that as a target, at least initially
Before we start on Java, web forms, etc, etc... I've seen enough issues with proxies, broken browser support, broken java/javascript support, etc to know that trying to do it cross platform in that manner to start with would be a nightmare.Pick a standard platform (ie, windows) and guarantee it will work on that one platform, then worry about making things work elsewhere once that works.
Its not like you can say "can vote from any browser" and just have tech support worry about slight broken-ness in minor browsers as the issues crop up - it has to work first time every time...
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Any questions?
Sorry, I meant "wiiiiiine".
If you were blocking sigs, you wouldn't have to read this.
Nope, Bush won the 2000 election, five votes to four. And US citizens were finally disabused of the notion that the government is under our control.
> At the risk of getting into a partisan flamewar,
> what happened to Florida is suspect for
> election tampering
Yeah, I've heard there was a Republican somewhere on Slashdot, but I assumed it was only a rumor...
The Windows requirements is to put a stop to those damn Commies voting.
haha, good one! but actually here Russia, almost everyone uses windows. why? well, no one pays for license fees here, not even corporations.
I won't have to fly over to the US and stand in that stupid "foreign nationals" line at LA airport any more, in order to get my vote recognised.
I can just hack in from here, from the comfort of my terrorist hideout in (insert "bad guy country" of the month)
Of course there is another reason for testing it with the troops first. As we all know from Florida, the US Troops aren't so good at filling in forms, getting them postmarked and sending them out on time....
Oh and they mainly vote Republican. What an amazing co-incidence that a large group of Republican voters with a history of involvement in dodgy election results are chosen as the trial group. I guess George wants to front-load Florida.
An Eye for an Eye will make the whole world blind - Gandhi
I just hope there are logs of each vote cast, pretty much like there is in the current version, where each ballot is counted. I doubt that they are just gonna accept the machines count as it is. Well I don't know about your system, but I was counting votes in Finland last time we had an election and there were representatives of each party there and we counted the ballots and called in the result, and then they were sent for a confirmation count. There is plenty of holes to exploit in the current system, and i think rigging an election is pretty easy as it is. Of course there is the possibility of a virus that votes for people, but there was talk about email account stuff that displays a picture and asks to type in the word etc. So if there was a way to identify voter as human, i doubt there were any major problems after that.
In the 1980s the constituencies in Queensland were based more on land area than number of inhabitants. Strangely enough the farmers' party kept winning (until eventually even the farmers got tired of them and they were practically all arrested). Ditto the "rotten boroughs" in england just before queen victoria's time.
Obviously you didn't follow the recount very closely. The issue was whether those counting could determine the INTENT of the voteres. THis mean that if there were too many votes for x in a historically y town then some of those x votes for acccidents. I am pretty shure everyone agrees that it is dangerous to have someone interpreting the INTENT of your vote and I think most would agree as someone posted above that if you are too lazy/stupid to punch a hole you have no business voting. THe only good thing about poll taxes was that they kept many who were not intelligent/easily demagogued from voting. Which IMHO is a very good thing.
Out of interest, how would you rig a vote in Finland? As I understand it, the system as a whole is pretty good: we've got what, on the order of 10 000 voting districts, each handled by a different group of citizens, including people with different party affiliations, so you'd have to corrupt something like thousands of people from different parties to make a dent in the total results. And since the totals of each voting district are public, the central election council cannot cheat either.
My wife just served as an election judge in the past election (mid-term congressional offices last year).
Yeah, they kept a ballot ID number to verify an audit trail to verify who voted and for the ballot count. If there ended up ballots that were used but not accounted for in the registration books, it could land the election judge in jail.
The information about the ballot ID was detached from the actual votes cast, and at the end of the day the total number of ballots had to match exactly the number of ballot IDs.
The actual vote counting was done by a total seperate group of people, and the ID wasn't anywhere available to link the ballot to the voter.
The purpose of this is to keep various groups (read this employers, union reps, la nuestro mafiosa, etc.) from taking adverse actions if they found out how you voted.
This is a total valid concern, and I don't know how you would detach this information electronically except after the results have been tablated, and even then it would have to be kept for an electronic audit in some kind of archive. The potential for fraud here is incredible.
How do you ensure anonymity with online voting?
After seeing this at the 4th of July celebrations, I shudder to think what will happen if we started using Windows!
... especially if it is written in Active-X:
... and thus the paperless electronic voting plans get scrapped. Or we get an all-new Congress and President, which is almost as good.
Tom Brokaw: "And we have 500 million votes for Candidate A, 300 million votes for Candidate B, and 700 million votes for Candidate C."
Dan Rather: "Well, considering that we have only 400 million American citizens, do you think that it's possible that there was some voter fraud?"
Tom Brokaw: "Actually, I do, Dan, especially since this was only the pilot program."
Dan Rather: "How do you think this could have happened?"
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
Thankfully this should never happen in the UK as the central-government specified e-GIF requirements generally mandate a non-platform specific, standard web protocol based solution for all government-citizen interaction. Maybe there is an upside to living in the UK after all!
I'm an American citizen living abroad, heh. I don't care what type of system I'll need to be using. I'm sure they'll get it straight if I press the button 10 times ;). And I really don't care if anybody knows who I vote for, or why.
One thing I *do* want to know is whether or not I come from one of the qualified counties, since I'll probably still be here in November, 2004. I'd better get more info :-\
Kind regards, Devon H. O'Dell
Not to sound like personal privacy nut or anything, however one of the great benefits gained through the voting booth method is that you get complete privacy when you vote. You walk in go into an area where you have complete privacy and vote however you want to.
Allowing internet based votes means voting is no longer gurarnteed to be a completly private affair which is a huge issue. If I was an American and a complete moron and wanted to vote for Bush in the next election then I should be able to without the possibility of people around me been able to walk in and see as I vote on the computer.
37 - what does it stand for really...
...Independent candidate l33th4x0r!
Whereas Windows users are business-oriented and therefore tend to be more conservative in their voting, this Congress does hereby resolve to only allow e-votes from Windows PCs.
Mac users will have to register for relocation to Reeducation Camps for the Differently Thinking, while Linux hackers will be detained for trial for their Crimes against Intellectual Property, and summarily shot.
You see? You see? Your stupid minds! Stupid! Stupid!
Or, worse, it could be further encumbered by MS-Passport.
The names of the officials is public info, and even one person can affect the outcome of the vote. I'm not sure about the correct procedure when someone is caught cheating, but i'd think the vote on that location would be voided and that can affect, etc. Thinking quickly there are many ways to change the outcome. Not by much, but some times elections are terribly close.
The problem with online voting is that it might not be as secure and confidental as voting somewhere which is supervised by (neutral) officials. For example, how can we ensure that people are not pressured/forced to vote for someone by husband/wifes/boyfrinds/relatives/respectable businessmen. Since the voted candidate must be visible on the computer screen, afore mentioned people could check who the victim actually voted for...
"There is a terrorist behind every bush"
Obscurity is almost *never* helpful in designing a secure system ...passwords would almost never work, now would they?
"It's too bad that stupidity isn't painful." - Anton LaVey
This is not exactly true. In the last elections for the German Bundestag I had to to vote with an electronic voting machine. For every candidate (1st vote) and party (2nd vote) there was a button on the desk that had to be pressed. You could also vote "invalid", that is an option that has to be possible according to the law.
The device is explained in this article (sorry, only German). The article explains that the voting result is saved into a chip and also printed on paper. After the election the votes are counted on the printout and compared with the results saved into the chip. If the device is manipulated before the printing and the saving process that doesn't really add to the security of the system. I'd prefer a system with pen and paper and lots of people that can watch the whole process directly with their eyes. But the communities seem to go for cheaper elections instead of that.
Now there's no more need to illegally count votes from Army personnel after the deadline, or to strip (mostly black) people off their right to vote just because their name is similar to a criminal's.
Who will build the infrastructure, Halliburton Information Systems?
President JeffK
-- "You can lead a yak to water, but you can't teach an old dog to make a silk purse out of a pig in a poke" - Opus
You can't FIX it if it ain't broke. And nothing is more broken than M$ Windows. Makes for an easy fix.....
rumor confirmed...MUAHAHA...
Hey, why are my taxes so high?
"Murphy was an optimist" - O'Toole's commentary on Murphy's Law
This is a governmental pilot program for a small number of people. Assumably they wanted something cheap and easy to develope and even cheaper and easier to deploy.
Get one of the dime-a-dozen Win32 development contractors, and a ton of at-the-ready beta testers. Yes, using Windows still makes your kids' teeth grow in crooked, Bill Gates is still the AntiChrist, etc. etc. ad infinitum; but they have 90% of the desktop market, and if you're going to reach as many people as normal, you play the market.
Besides, maybe it will work under Wine. How do we know?
Micro$oft did everything they could to get a pro-industry administration into power to take the teeth out of the anti-trust settlement, looks like as part of the deal they get a built in veto in all future elections. Who says the system doesn't work. Well at least if you know who it serves.
>> With this dongle there's a mathematically much smaller chance of fraud
Ever hear of AutoCad? They used a dongle, too. They don't work.
Ryosen
One man's "Troll, +1" is another man's "Insightful, +1".
No matter what the OS, online voting will not be secure. If it's software, it's hackable; if it's hardware, it's too expensive to impliment. What's more, remember those dead people voting in Chicago (and other places?) Yeah, they'll be back again....
Regarding cost, I don't understand why they insist on having all of the components of the system in every voting booth at every polling station. Would it not be more cost efficient to have one "voting server" at each location and multiple, connected simple "voting terminals" for each booth. In this configuration the actual interfaces could be extremely cheap, little more than a touchscreen really. All of the work and expense would lie in a sealed box coded to accept input from only predetermined terminals.
As a physical check to all the electronic precision computers bring (har har har), I really think you should get a reciept listing your voting choices. I also think the voting machine should have a finger print reader to read the print on your pinkie finger, print it on your voting receipt in a 3d barcode, then discard the data. I say the pinkie finger because it seems like it would be the least useful fingerprint to authorities, should they rig the systems to record the print, while being accurate enough to ensure that the receipts people might later present in the event of a Floridian fiasco are valid.
The Windows requirement will be handy when Gates runs for President.
A-Bomb
Many assume it is an IE connection. The new voting tech is based on .NET
You will have to have 2 gigs of free space
to install voting.NET and the latest M$ version.
1 gig of which is the encryption key.
1. Will this application only run on Windows i.e. will it be an exe or an ActiveX control or a .Net application? If so why? If most banks can use Java, why can't the US government?
2. What is there in terms of technology to protect privacy? How can one be sure that our IP's, along with the security info needed to guarantee the avoidance of abuse, will not be stored along with whom one voted for? How is the security model set up? Is there a DB directly connected to the web? What measures have been taken to prevent hackers from stealing your information?
3. Are we perhaps overeacting to a typical US governmet announcement that was written by someone who only knows Windows, yet the application will work in any browser supporting SSL etc?
Fact of the matter is that Mac and Linux users are communists bastards who support terrorism through the use of free office software and so called "standards." These people loath democracy. They hate the fact that a multinational corporate body can influence it's elected officials with innovation and outstanding security measures. Things like this can only be legitimately achieved through a large company.
.Net, then the terrorists win.
...that of course was sarcastic... but you already knew that, didn't you?)
If we don't allow voting to be Windows specific, and built upon
(PS:
"Things are more moderner than before- bigger, and yet smaller- it's computers-- San Dimas High School football RULES!"
http://www.infernalpress.com/Columns/election.html
I found this interesting little bit at the end of the FAQ:
Q: Do I need to download special software or get a CD-ROM to use SERVE?
A: All required software is downloaded automatically as needed when you access various parts of the SERVE website.
I'm no expert on "automatically downloading software" but I would not be surprised if that feature is specified to IE / Netscape and even if it is available on other browsers I would guess that the software itself that you are downloading is only for windows which is why they require that you have windows.
My other question is, if you have to download software to use the system, then really it's not an "internet based voting system". Rather the internet is just a medium for downloading windows software which actually does the voting. Why not actually make the system entirely web based ? There should not be a need to download extra software.
On another issue, I see lots of people talking about privacy issues relating to someone possibly being able to figure out how you voted. Maybe it's just me, but I see no problem with everyone having public access to how everyone else voted. Personally I don't know why people are so affraid. It's not like the government is going to come after you based on who you voted for. If I had a friend and I knew he voted differently than me I wouldn't suddenly not be his friend. I respect other people's point of view, further more if everyone had access to see what the computer system "says" they voted for it would be impossible for someone to fix the ballot because people would realize, "hey, I didn't vote for that person". Can someone really give me a good reason that isn't overly paranoid as to why the person you vote for should not be publicly accessable?
We know. Microsoft is just waiting until all your third world countries can afford it. Then they'll be sending over the BSA SWAT teams.
Cowards!
Do not worry. The system is guaranteed to "securely" place whomever collaborated along with its introduction into office!
wish I had mod points.....I here ya Cyno
errr....umm...*whooosh* *whoosh* Is this thing on ?
They want to deploy a client to the most people yes?
why not good old C or Java?, or HTML
...that microsoft might be funding this? If so then it becomes perfectly clear why. Obviously our government does not care about discrimination.
To me, this is just as serious as racial discrimination. They should not be permitted to only allow ms computers. This is decidedly illegal and I will be contacting the EFF to let them know about this.
As a software engineer who specializes in internet applications, with over 10 years experience, I know of absolutely no technical reason why this would be necessary. It is total bullshit.
HTML is cross platform, so is SSL, CGI and java. There is no compelling reason to use active x controls (or whatever they are calling their proprietary browser code now), to make something secure. There are perfectly acceptible cross platform alternatives.
Most notably html, CGI and SSL.
Being that client side java is useless outside of a controlled environment, this is what we are left with and it can be done. In fact it would be easier without MS's proprietary technology.
l8,
AC
Pretty soon everything will be part of Microsoft. I'm sure more people own Windows than vote by a ratio of 4:1. Most Window's users are clueless anyway so they'll probably bring the system to a complete standstill anyway....with Windows help of course:D
You aren't free to do anything, until you've lost everything.
Best Brazil reference I've seen today!
Most people knew that Jean Chretien is the current Prime Minister (roughly equiv to president) of Canada. Chances are a lot of non-Canadians are going to miss this one though
hehe, hey I didn't even mean Russia, I just meant any damn Linux using communists! Cos we all know, if you're not Republican, you're Communist!
Yeah we know... actually we want Russians to install windows on as many machines as they possibly can. Even better, we'd like installed in as many government institutions as possible as well...
;-)
Once you've got that all installed, we've got some special "service packs" for you to install... While your installing those, could you also park any experimental aircraft you've got out infront of their hangars around 11:37 moscow time... Thanks
Yes Francis, the world has gone crazy.
I am a member of the external security review
panel for the SERVE project. We asked the
same question: Why only Windows?
The response was that the developers
(Accenture and partners) want to use ActiveX
controls for the client side processes of
enrollment, voter registration, and voting.
(Don't throw things at me--I am just the
messenger here.)
They are quite aware of this limitation, and say
that they intend to correct it in subsequent
elections (if the experiment is continued).
This is going to be a cheaper alternative for Gates, 250 million in the last election was just too much. Now all he has to do is promise whoever he wants in the whitehouse the election. Oh and George wont have to bribe the supreme court to stop those pesky recounts. Really "anyone" who trusts this system is just asking to have their country taken away...oh...wait!!!
We wouldn't pay taxes, and so would have no national armed forces, no social services, and no national highways. You would buy protection, services, and transportation on the open market. If you got sick, couldn't work, and couldn't afford to pay for services, you would die, and good riddance you genetically inferior trash. More for the rest of us superior types .
;-) The real problem would be the transitional era, in between the time all regulation ceased and a natural regulation by the will of the people emerged. You would need some sort of transitional system to protect people and encourage them to start thinking for and governing themselves.
You would have twelve sewer companies ripping up the street in front of your house, all trying to lay pipe to your house so you could buy sewage treatment from any of them. Thirty electric and phone companies would be cluttering up your street with their wires.
Toll booths on city parks. Every last square inch of the earth owned by someone. Pay a toll going from your driveway to the street.
In the end, would it be cheaper or more efficient than the system we have now? Who knows. On the plus side, you would know where your money was going. On the minus side, the free market is bad at governing public goods and bads. Air quality is a public good, or conversely, pollution is a public bad. What would evolve is a series of public governing bodies that would have the power to enforce certain publicly agreed upon standards: screw up our air and we're coming after you. Kinda like what we have now, only smaller, because the governing bodies cold only regulate areas that nearly everyone agreed needed regulating.
Someone shoot me before I talk myself into turning Libertarian
Oh great, now I'm a Marxist.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Ideally, the system would have a silent panic command, type in a panic password instead of your real one. The system would go through the motions, and the person holding the gun to your head would have absolutely no idea whether you did what they asked or not until the police sniper took them out.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
Now you have the potential to vote for a particular candidate because your vote for the opposition could become known. This technology will help turn voting into a means of convincing an oppressed public that they are free.
Join Tor today!
And in SQL Server. ' is used to delimit strings in SQL Server. If the setting QUOTED_IDENTIFIER is set off (which is not the default under SQL Server 7 or 2K) then something enclosed in " will be treated as a string, if QUOTED_IDENTIFIER is set on anything enclosed in " will be treated as a column name rather than as a string.
meh
Were you part of an experimental testing group or something? Because I sure as something voted on paper....
If a train station is a place where a train stops, what's a workstation?
...Did anyone else notice, the image of a mouse they use is that of a Macintosh mouse?
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
In communist Russia, Windows votes you.
Oh yes...
<sarcasm>
And if you're not with us, you're with the terrorists © Bush administration, Iraq 2003
</sarcasm>
PS: Shaking hands with terrorists
From http://www.fvap.gov/ follow the link to http://www.serveusa.gov/ and, as you create your own account in their mail server, cackle in nervous fear at the witless drones who will be handling your votes online!
"They will be lucky to get half of windoze users. If they would just make a standards complient site, anyone could use it."
Well, I don't know about that. I'm sure even with a standards-compliant site, M$ software will *still* not manage to work!
At least other software will though!
I think it depends on the communities' decision
if you had to use a voting machine. I fear that
this will become more common in the future...
Deal?
It shouldn't matter whether it's windows or not! The web is supposed to be OS-independent! It's supposed to be versatile and flexible and it shouldn't lean towards any particular OS. Use SSL, VPN or a secure tunnel for voting online.