Slashdot Mirror
Online Voting In 2004 To Require Windows
letxa2000 writes "According to this article at CBS, a trial Internet voting system will be made available to 100,000 voters in 2004--particularly military and overseas U.S. citizens. As an American living overseas I think this is a step in the right direction. But the article also says 'Voters using SERVE can register to vote and cast their ballots from any computer using Microsoft Windows with Internet access.' Why the Windows requirement? Is that really going to make online voting secure?"
The reason just windows is because that as much as we hate it, we are in the minority of computer uses, they are not going to Bata test a new technology on a system that only a maximum of 5% of computer users will have (and yes I am being overly optimistic here) if this works for them the next platform will be Mac. Linux may never get it, unless more people use Linux, and I doubt that they would want to open up the code to the voting system that could create a large number of people trying to skew the results so that the results are not accurate.
""I think Internet voting is a good idea for this population if you can assure security, but I'm not confident that they can do that," said John Dunbar, a project manager at the Center for Public Integrity" -- this statement is what will not alone them to open up the source code, people will be just to afraid that people will mess with the results of the system.
They are already afraid that this could open up security problems for the results "Other computer security experts call the project an open invitation to election tampering."
I don't know if this will make voting secure, in fact I think it will open it up to attackers, but how are we going to convince the government of this, write to you legislator, and senator, I am sure there are some proactive Slashdot readers that know more about this issue that could try to enlighten the ruling parties. I don't know what the answer is, but at lest they are looking at moving the process forward.
Voting online seems like it would be a bad idea, no matter how many security measures are put in.
The internet is inherently insecure, and leaving the hands of the country to the internet could lead to a number of problems... I can see it now..
Huge office buildings in foreign "enemy" full of hackers skewing the voting system, or a number of different problems...
Can you IMAGINE the 'recount' scandals, et cetera, after the world's first vote with the internet as a voting measure?
Also, if you have someone's full info (Social, driver's license #, name, address, et cetera) how hard would it be to place your vote as someone else?
The whole thing just seems like a "bad idea"(tm) unless something was reworked to make it infaulable, which isn't really possible, anyways.
Excuse me, I don't mean to impose, but I am the ocean
Comment removed based on user account deletion
Maybe they just meant that like a generic statement, and its not limited to windows but any station with internet access. They just assume you use windows. It doesn't say that its ONLY windows. It's like saying you can to point X using a car, but you can also take a flight or walk or... You get the point.
Trolls dont like to be Flamebait, because they burn so well. Protect our Troll heritage!
I have no comment on the usage of Windows in this manner; the security of that operating system has been analysed to death and we all know what the outcome was.
I have a much bigger fundamental problem with this non-accountable electronic voting process that does not produce a verifiable paper ballot for each vote cast. Aside from any nefarious purposes in the design, having any system where the voting power is aggregated and sorted electronically - and nearly instantly (relatively speaking) - will prove too tempting for someone to sabotage.
I would think that at the very least, one should implement an electronic voting system on a transparent, open operating system, just for plain accountability.
And now its time to open the robot polls... and the robot results are in.
If Jesus wants me it knows where to find me.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
"No, the Palladium software is not sufficiently ubiquitous at this time for use in SERVE."
*whimpers in fear*
Can any online voting system be hacked? Yes. Should that be a reason to avoid it?
Hell No! People talk about security and online voting as if that because thesystem is corruptible it is not acceptable. Those with this view are not living
in the real world. The current meatspace voting system in just as corruptible by anything: from paid repeat voters(which we have here in Chicago), to old crappy machines and even making sure that every vote in counted(as long as it's in my parties county B.S.)
Online voting could totally redefine write-in candidates. In the past you were either psychotic, disillusioned, or mistaken in writing-in a candidate.
Now with the Internet you could have hundreds of thousands voting for retarted candidates like "Rocket J. Squirrel","Jack Black", and "George W. Bush"
Could this negate the party system? People typically voted for a Dem or GOP'er simply because they were the two names on the ballot that were at the top, but now people could organize real grassroots campaigns, skipping the primaries, and just promote themselves on message boards and other mediums (slashdot front page story, anybody?)
In all seriousness, national online voting could take the old political system and stand it on its head...I'd go for it just to see what happens.
Ohio, Florida... eh... Need I remind people that most every state they plan on testing this in are key swing states? Sure, it says a "handful of counties" -- but let's be realistic, pick the most key counties for your candidate, alter the votes enough, swing the state in favor of whomever votes. With black box voting (with no auditable source), this is entirely possible.
Long live paper ballots!
This may be of some use to you. There really is no excuse nowadays for writing websites which don't work on all platforms...
Actually, I would say just one word:
ActiveX
It's the only thing I know of that's specifically windows, windows, and only windows.
Karma: Food Fight (Mostly affected by Date Plate).
Imagine if they had to say every os you could use...
.. and .. and ..
You can use windows and linux and macos and macosX and beos and your wap phone and
I think a lot of companies as a defacto announcement Say Windows... Cause well... majority of people in the world run windows.
The otherside is, it could be for tech support reason. They don't want to have to hire uptine people to support god knows what.
oogly boogly!
That the Courts say MS illegally used IE to monopolize the Browser market.. then they go back and make it a requirement to vote.
However I'm sure in whomever's ignorance that wrote the requirement it's more of a baseline of what you need. Unless it's some ActiveX voting booth which will be the next great virus..
voting.klez.E
The first clue is that Microsoft has bought and paid for the US government by convincing it to send tens of thousands of its middle managers to MCSE brainwa...errr.... certification classes. Many of these people don't know anything about computers other than what Microsoft/Sylvan have taught them. The US Feds will be loyal Microsoft customers long after governments elsewhere have switched. They deserve each other.
The whole concept travels under the guise of making democracy more accessible. While in this case it is targeted at overseas voters, make no mistake that it will soon be followed by trials in-country. The problem is that it allows people to vote without thinking. We already have a system that make it easy to "buy" votes by bussing street people to the polls in exchange for smokes or spending money. The goal, by the same people who do that is to carry the process even further.
"inject substance into your left arm for candidate a, into your right arm for candidate b".
"Kay Maxwell, president of the League of Women Voters of the United States, said she welcomes the idea of Internet voting if it increases turnout. "
Right. It's the key to getting Democrats back into power. Why win on the issues when you can simply BRIBE voters to put you into office. Fifty years of making promises the country can't keep, lets do it till we are totally bankrupt!
what exactly is SERVE? is it a website? a program? an authentication scheme? I browsed over the article looking for that, and didn't see it.
So why is Windows a requirement- client side software? if so, why does it matter what browser you use? it's obviously not a vb app that calls IE, because they say it works with netscape 6+ as well.
If it's browser independent(straight html) then it should work on any system. I don't think netscape uses vbscript, so I don't think that would be a hinderance either.
Perhaps they just listed windows because they didn't want people with an old Tandy or 386 trying it. Perhaps they didn't mean to offend the linux and Mac users, they were just ignorant of their existence.
If someone is bored, they could try contacting the creators of this project and see if they could get mozilla and opera added to that list of broswers, as well as linux.
Actually, perhaps the mozilla team could petition to have themselves added to the list if they meet all of the requirements. It would be good publicity to say "yes, we're government certified to handle your votes, and we have a better track record than IE. try us."
Looking for Book Reviews? Check out Literary Escapism.
The reason they are going to electronic voting is to save money. What would be the point in making things secure if you miss out on the whole 'cheap' thing in the process?
autopr0n is like, down and stuff.
Obscurity is almost *never* helpful in designing a secure system, because any system that relies on keeping the details of its workings secret is going to be vulnerable to anybody that *does* learn those workings. Just as importantly, if the system is open to public scrutiny, it can be checked for flaws, whereas if it is kept secret security holes that were missed by the developers can be left wide open.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
The new poll tax.
Dawn of the Dead
A friend of mine suggested tonight that since American power extends so far around the world, it would only be fair to let everyone vote in US elections, not just US citizens.
That's fine with me as soon as everyone in the world puts their money where their mouth is and starts paying US taxes.
"95% of all Slashdot
Explain to my why an online voting system should be "feature intensive"? There shouldn't be any preferences, no options aside from the actual voting. You log in, cast your votes, and log off. That's it. It doesn't need, and shouldn't have, any more functionality.
It used to be that women were not allowed not vote. It used to be that black people were not allowed to vote. For women, it was because they were not men and thus did not necessarily share the viewpoints of those in power who benefited from male voters. For blacks, it was because they were not white and thus did not necessarily share the viewpoints of those in power who benefitted from white voters.
While not as definitively prohibitive, this is the same as voter segregation. Unless you are willing to spend the money to use Windows, you are not permitted to vote in this fashion. What if you use a Macintosh? What if you run an open source operating system? If you are not in a particular class of citizens, your ability to vote is limited. Certainly if traditional voting is available to you there is really no problem, but that's not an option, you are being prohibited.
So the serious issue here not that Windows is secure or any other nonsense. The problem is that people who are influenced by Microsoft have thus dictated that those who do not use Microsoft products are not permitted to vote in this fashion. That's a serious problem because whoever directed these development efforts (and of course, whoever directed her) therefore has strong influence on how candidates will be elected.
I would wager that this could be very popular (though I personally prefer pulling the lever with the satisfying kerchunk to cast my vote). As a result, certain parties will have unfair advantages for reasons which should be obvious to most people who read Slashdot. (Of course, I am willing to outline a scenario or two for the uninitiated.)
Maybe someone should write a HOW-TO in the future outlining how this software may be used with Wine on OSS machines. Of course, options on the Macintosh are limited even further.
Join Tor today!
Security through obscurity is like hiding a key under the doormat. You think you're o.k. because the key is hidden, and you don't see the key yourself when you go out and wander around your door. Plus so many people do it (you assume) and you never hear them talk about break-ins.
But reality is that the mat will really stop nobody who wants to enter your house from getting the key. The only people your key-hiding will stop is people who didn't want to enter in the first place anyway, the other people will for sure check under the mat, flowerpot, etc...
Security through obscurity gives a false sense of security, making the implementer lax. That is one of the many reasons why obscurity is actually counterproductive for security. In practice obscurity has already has lead to many, many security failures.
That is what is means. Translation: if you have 'security through obscurity', the best you can do is assume your worst enemies already know all the details and the worst you can do is assume that it will help you in anything at all.
Obscurity does not help towards security. Obscurity is just what it is, obscurity, but a searchlight will make it vanish completely.
Use real security.
--- Hindsight is 20/20, but walking backwards is not the answer.
But...but...but...how can SERVE be Windows-only when the graphic in the article clearly shows a Macintosh mouse?? I don't understand.
"... insert the Windows NT Workstation 4.0 compact disc with your computer turned off." - NT installation manual
Quote:
What it means is that obscurity is not sufficient for security. It does not mean that obscurity is not helpful as part of an overall security system.
Precisely. If obscurity were not beneficial as part of security, then root passwords would be publicly available.
End quote.
What you are talking about is giving away keys. What you should be talking about is opening up algorithms and protocols, since that is what would actually be opened. The relevant facts are that the product will be reverse engineered anyway, so vulnerabilities will be exploited, but if the code is open then they will be found faster and corrected faster. If you cannot stop exploits when your code is open, then you couldn't stop them when it is closed either. This follows a well known trend in encryption technology where algorithms are subjected to testing by as many people as possible to determine their security.
My Blog
Sophisticated encryption technology will scramble messages containing the ballots, and voter identity will be verified through digital signature, a prearranged procedure to authenticate the voter's signature.
:-) (after all, she has experience as the First Daughter!)
So in order to vote, I have to give something that says "red floyd". This is unacceptable. When I vote in person, I have to ID myself.
BUT... there is nothing linking that ID to my ballot. With this system, it's almost necessary, given the fact that they need to validate that this is my vote. In other words, they have something that says, "red floyd voted for CowboyNeal". This is untenable, most likely illegal, and quite possibly unconstitutional.
Disclaimer: I would not vote for CowboyNeal for President. Natalie Portman, maybe
The only reason we have the rights we have is that people just like us died to gain those rights. -- Cheerio Boy
It is only valid Microsoft Access SQL, or any variant of SQL that I have used, only if votes is defined as a string. Since the number of votes is a number, I'll assume votes is some type of Int, so you will probably get an error.
I know that I am going to get some static from /. crowd for being 'pro' Microsoft, but here is my two cents on the issue. Anybody who has designed a complicated web-based application will tell you that trying to support a variety of browsers and platforms can turn into a nightmare. I worked as a qa engineer for two companies that specialized in very complicated large scale web application and both of the companies had to restrict their software to Windows and Internet Explorer. Why? Simply because it was easier to design, develop and test the applications that had less variables involved in a short run. Additionally, these application targeted businesses and individuals who used Windows as their desktop platform. The companies that I worked for did start developing their applications for different platforms, but it was only after the Windows based programs proved to be a great success. Same goes for the United States government. Want it or not, Windows still have the largest share of the desktop market and it does makes sense to deploy an application for this platform and then worry about the rest of the players.
/. readers and voters who use OSes other than Windows represent a small fraction of the United States' citizens.
I don't think that a Window based voting system is an ultimate solution in terms of covering hundred percent voters and being absolutely secure, but the fact is that money talks and if it is cheaper to develop an application that targets only Windows at the beginning, well.. more power to Uncle Sam. Afterall,
WTF is the Pentagon doing running a voting program? I could see DARPA being involved, maybe, but the Pentagon? The only involvement the military should have in an election is to give servicemembers time off to vote.
What's next, the CIA running the debates?
To bad that the US doesn't have 8 1/2 times more people to count those votes. Wait a minute it does.
Great idea. Please, PLEASE flood the government with your feedback. The government, with all its spare funding and plentiful resources -- not to mention its renowned aptitude for quickly and effectively completing projects -- will benefit greatly from your input.
/sarcasm
Berating the government for its choice to limit the testing of a new project to a limited field of test candidates is a fantastic idea (especially considering they "limited" the test to the most prevalent and ubiquitous OS possible... Ludicrous!). I think you should email the government every time you disagree with their testing procedures.
The project is called "The Secure Electronic Registration and Voting Experiment". It's just a TEST for God's sake. Did you read the article or were you just playing with your Jump to Conclusions Mat (tm)? Save your bias-based rancor for when it's officially Windows-only in production, OR when your operating system of choice has 95% of the desktop market share. Without either of those two things being true, what you're suggesting is near-pointless whining.
It does not say only from any computer using Windows. Everyone here's reacting as if the article said the latter, but it didn't. The article does not say, if you read carefully, that the system will somehow be limited to Windows. I just says anyone with Windows and the internet will have access.
I'm normally no MS-apologist (actually Sybase apologist in this case; SQL Server is a fork of Sybase 4.2) but this makes sense to me:
Hands in my pocket
Fair and easy election systems use paper ballots.
Electronic and machine voting are incitement to commit fraud in my opinion.
As you can see I don't care about my karma.
Correctability: assuring that I can modify my vote for a certain period after it has been cast (because there is no oversight in voting at home, I could have been coerced to vote a certain way, e.g. by someone coming into my home and holding a gun against my head, and should be able to correct this).
Someone could come into your home, hold a gun to your head, and make you correct your previous vote too.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
90% compatibility is obsurdly optomistic figure for Microsoft specific stuff anyway because Microsoft makes changes between their OS releases that force the upgrade train. Be sure that electronic voting in 2004 wont work on Windows 2000, NT or 9x.
Ah, but the same version (sort of) of Internet Explorer runs across all these versions of Windows. They can require IE 6 or above, and anyone with an older version of IE can upgrade. To get it to work on any other platform, though, would require supporting a completely different browser.
They will be lucky to get half of windoze users.
I know this isn't what you meant, but there's another good point here: although 80% or more of personal computers run Windows, the percentage of Mac or Linux or BSD users who would like to try online voting is probably higher than the percentage of Windows users who would like to try it.
Average Windows users are morons, but almost everyone at OSCon who had a laptop was running Mac OS X (and most of the few PC laptops were running Linux or BSD). People who want online voting are people who embrace technology. Many Windows users do, but many others have difficulty just checking their e-mail.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
I just hope there are logs of each vote cast, pretty much like there is in the current version, where each ballot is counted. I doubt that they are just gonna accept the machines count as it is. Well I don't know about your system, but I was counting votes in Finland last time we had an election and there were representatives of each party there and we counted the ballots and called in the result, and then they were sent for a confirmation count. There is plenty of holes to exploit in the current system, and i think rigging an election is pretty easy as it is. Of course there is the possibility of a virus that votes for people, but there was talk about email account stuff that displays a picture and asks to type in the word etc. So if there was a way to identify voter as human, i doubt there were any major problems after that.
Not to sound like personal privacy nut or anything, however one of the great benefits gained through the voting booth method is that you get complete privacy when you vote. You walk in go into an area where you have complete privacy and vote however you want to.
Allowing internet based votes means voting is no longer gurarnteed to be a completly private affair which is a huge issue. If I was an American and a complete moron and wanted to vote for Bush in the next election then I should be able to without the possibility of people around me been able to walk in and see as I vote on the computer.
37 - what does it stand for really...