Slashdot Mirror
Online Voting In 2004 To Require Windows
letxa2000 writes "According to this article at CBS, a trial Internet voting system will be made available to 100,000 voters in 2004--particularly military and overseas U.S. citizens. As an American living overseas I think this is a step in the right direction. But the article also says 'Voters using SERVE can register to vote and cast their ballots from any computer using Microsoft Windows with Internet access.' Why the Windows requirement? Is that really going to make online voting secure?"
If they're testing the system with military voters, than using Windows is probably the only choice. There are a lot of bases where the desktop platform, by directive, is Windows. Running alternative software can be a violation of policy and mean Real Trouble(tm) for military members. They're not going to court martial anybody, but it can be a black eye on your record.
This is somewhat unrelated, but still an interesting comment on their page:
*Phew*...There isn't enough detail in the article to say whether "running Microsoft Windows" is actually a requirement, or just cluelessness on the part of the article's author. If it's a Web-based system (which, again, the article doesn't say one way or the other) then it shouldn't matter.
> UPDATE candidates SET votes="0"
> WHERE name="Your Opposing Candidate";
ERROR: Attribute "0" not found
Better check your SQL before going into voter fraud.
they are not going to Bata test a new technology on a system
I would hope this isn't a Beta test but more of a pilot program. 100,000 votes can make a big difference, see Flordia 2000. There should not be anything Beta in an actual election.
Unless they are going to require a specific Windows plugin or program, there is no reason that this wouldn't work on any platform. If this is going to be on the web, I have done Web work for the government and they are very picky about accessability (people with disabilities, ie blind people, had to be able to access the site with special equipment). I have a feeling this has more to do with bad reporting then locking out other platforms. The article doesn't state who the author is (other then AP), but I am guessing (s)he is not a techie.
> UPDATE candidates SET votes="0"
> WHERE name="Your Opposing Candidate";
ERROR: Attribute "0" not found
Better check your SQL before going into voter fraud.
Perfectly valid Microsoft Access SQL.
Surely the new system will be run on Access?
http://jesus.everdense.com/
As for "Why Windows", the SERVE web site says, "All required software is downloaded automatically as needed when you access various parts of the SERVE website." That seems to indicate some kind of embedded web application. I'd guess this application is native code, since Windows no longer comes with Java, and there's no mention of a Java download.
Or it might be that whoever wrote the FAQ page doesn't know much about the app, and is tapdancing around the details. Certainly it would make sense to implement this app entirely on the server. If that's the case, then it's reasonable to ask why other platforms with compliant servers aren't acceptable.
The answer to that would be QA. On a project like this, they have to carefully test the app, and even with their current limitations they have 4 different browser-platform combinations (IE and Netscape, Pre-NT and NT Windows) to test.
This points up a big problem with web applications. Most of us would like to see web developers code to a standard, not to a browser. Until they do, browser implementers has no incentive to support standards, and all that cool stuff in HTML4 and cSS2 is just so much noise.
(And yes, Internet Explorer -- except for the Mac version -- is particularly bad. But all browsers have serious compliance issues, so we can't put all the blame on Mister Bill.)
But why should web developers bother? Even if they're aware of the importance of standards -- and most appear not to be -- it doesn't save them from the need to test their apps on every browser-platform combination they claim to support. So what does compliance buy them, except extra work?
There is nothing in the article which suggests that Windows is a requirement. It just says that you can access it from any Windows box with internet access. That means that Windows is sufficient, but it doesn't say it's necessary .
What they're trying to address in the article is that since most people use Windows, then most people are going to want to know that they can access it from their home computers.
It's like telling people they can get somewhere in a Ford. That doesn't mean they can't get there in a Chevy or a Nissan.
What it means is that obscurity is not sufficient for security. It does not mean that obscurity is not helpful as part of an overall security system.
Precisely. If obscurity were not beneficial as part of security, then root passwords would be publicly available. If the login name for root were an unknown random alphanumeric string like the password, this would increase security. And if every command you ran as root required you to enter a different password, this would increase security again. If a system has a detector to detect intruders, and every command that can be run has a random filename, this can increase security by limiting what can be effectively done with the decoder book.
These are all obscurity additions to security, and they DO make the situation better, they just aren't sufficient. Obscurity is particularly bad when mass distributed, and every system uses the same obscurity (since then it isn't very obscure). Obscurity is useful when its kept as secret as a password.
Probably should be single quotes though in mysql: set votes='0'
Hidden passwords are not obscurity. They're just unknown data.
/etc/passwd or /etc/shadow is known, the format of those files is explained in a man page, and you even have mkpasswd(1) to encode passwords in the same was as in /etc/passwd. And still, I bet you can't get a password without using a bug or brute force.
/etc/passwd with passwords in it is quite secure if users use good passwords. Unfortunately that doesn't happen often.
On Linux, the source code of login(1) and su(1) is known, the algorhitm used to encode the password in
Even word readable
Here's the requirement from serveusa.gov.
If you want to use your computer to exercise your right to vote, you must purchase a product from one particular company.
And it's not the browser, either, as you can use Mozilla (Netscape 6x) as long as you're on Microsoft.
I guess it wont make much difference to our servicemen, as they will probably be using Windows anyway, but what about overseas citizens? Do they just change thier user-agent string?
Read, L
If you don't like that this will be Windows-only, go to http://www.serveusa.gov/public/aca.aspx and click on "Contact Us." If they get 10,000 emails from slashdotters, they might think twice, and it will take 3 minutes of your time.
MJC
"This assumes that the 'good guys' will discover the holes before the 'bad guys' do."
That's what beta releases and pilot runs are for. Open the code to scrutiny before it is used for anything that matters, so that whatever the bad guys find won't cause harm, and whatever the good guys find can be fixed before the production release.
There is still an assumption though -- that the good guys will find all that the bad guys found (who finds it first doesn't matter, as long as it is found before the live release). But that assumption is safer than expecting bad guys to not find the holes just because the code wasn't open. The bad guys' advantage is increased with closed source, because good guys don't want to waste time trying all sorts of random attacks.
---------
There is inferior bacteria on the interior of your posterior.
Make sure to count the number of voters, not the number of people.
a rtin/general /government/sld003.htmo ntent.asp?section=gen&do cument=res_table04&dir=rep/dec3097&lang=e&textonly =falseo n=gen&do cument=stat17&dir=rep/sta&lang=e&anchor=1&textonly =false
Assuming turnout rates similar to 1996/1997.. I don't have US figures for 2000, but Canada's dropped 6% from 1997 to 2000.
Canadian voters: 32,207,113 * 0.67 = 21,578,766
US voters: 270,000,000 * 0.488 = 131,760,000
Only 6 times as many voters! =)
I like our voting system, it's simple and pretty much foolproof. It might take a little more organizing, but I don't see why it wouldn't scale further. The votes are hand counted at each local polling station, I believe. Results are sent by computer to Elections Canada.
Sources:
http://www.nwmissouri.edu/nwcourses/m
http://www.elections.ca/c
http://www.elections.ca/content.asp?secti
Bitchslapped. Neat.
I tend to agree. I would trust hand-counted votes done in a check-mark or X fasion about the same as the technology of the recent past (machine counters). I trust both far more than the voting computers that are coming into use, but far less than a computerized voting system done properly. ("Properly" is mutually exclusive with vote-from-home BTW; you should still have to go to a ballot place. The only exception are valid absentee ballots.)
Of course, the sites I expect to get hacked are any that Armed Forces personnel actually use for voting.
If they are very, very, lucky, the only black hat work will be done by outside site defacers, not the insiders I expect to have pre-hacked the boxes.
I can't tell from the google results so far if the Federal Voting Assistance Program uses ESS/Diebold/Global or not.
Tech Public Policy stuff
Second paragraph.
As far as my views on this issue: I don't think secure voting is possible at this time, and thanks to the ease of identity theft it will never be possible. And identity theft will stay easy, unless many privacy rights are violated; hence, keep it the way it is. Or at least, keep it voting in booths with paper.
"But everyone should know everything." -markab
Please remember that we are Slashdot, we are numerous, and we are powerful. So go to the site, click Contact Us, and give them a piece of your mind. For that matter, you could even snail mail them something. When webmasters start getting tons of mail about allowing real browsers, they sometimes do it. And in this case, it affects voting, so it's very important. Surely a few hundred messages asking them not to discriminate on UserAgent headers, submitted before the system's even implemented, will widen their view.
Litigious bastards
Nope, it says Netscape 6.x is supported also. ActiveX is IE only.
I read that story earlier, and it's pretty bogus. Essentially the authors complain that a person with root access (or Windows equivalent thereof) on the database machine can do anything. Well that's obvious. Among other things, the authors complain that you can add admin accounts to the system by inserting rows into a table. So? This is true for every db-based app I've worked on. The key is that only authorized users should have access to that table in the first place.
I'm not saying the electronic voting system is "secure", whatever that would mean. Just that the article is poorly thought out.
Obscurity can be useful when you e.g. want to secure the communication between two entities, both controlled by you. In addition to not being able to obtain your private keys, eavesdroppers might not even know what key exchange protocol, encryption algorithm etc. you're using.
Obscurity is pointless if you're giving part of what's supposed to be obscure to untrusted individuals. People can and will reverse-engineer it.
Repeat after me - there is no such thing as a trusted client.
Note that with tamperproof hardware you can get close, but trusted software clients on current, general purpose computers cannot and will not ever exist. Period.
Background: Im a PhD student working for Cryptomathic on e-voting.
Indeed we have developed some new e-voting protocols. (Building on the cryptographic literature and publishing also our own protocols.)
For those interested Ill try to give a very brief account of the ideas:
To ensure that only registered voters can vote we use digital signatures or some other authentication mechanism.
To ensure that votes remain secret we encrypt them using a public key cryptosystem.
The public key cryptosystem has a so called homomorphic property. Basically this means that by multiplying all the encrypted votes we get a ciphertext that contains the result of the election.
To prevent any state official from peeking the voter over the shoulder we distribute the secret key for the cryptosystem over several independent servers.
The servers cooperate to decrypt the ciphertext with the result.