Online Voting In 2004 To Require Windows

← Back to Stories (view on slashdot.org)

Online Voting In 2004 To Require Windows

Posted by timothy on Sunday July 13, 2003 @11:22AM from the trial-tribulations dept.

letxa2000 writes "According to this article at CBS, a trial Internet voting system will be made available to 100,000 voters in 2004--particularly military and overseas U.S. citizens. As an American living overseas I think this is a step in the right direction. But the article also says 'Voters using SERVE can register to vote and cast their ballots from any computer using Microsoft Windows with Internet access.' Why the Windows requirement? Is that really going to make online voting secure?"

21 of 811 comments (clear)

Min score:

Reason:

Sort:

one reson why by mpost4 · 2003-07-13 11:22 · Score: 5, Insightful

The reason just windows is because that as much as we hate it, we are in the minority of computer uses, they are not going to Bata test a new technology on a system that only a maximum of 5% of computer users will have (and yes I am being overly optimistic here) if this works for them the next platform will be Mac. Linux may never get it, unless more people use Linux, and I doubt that they would want to open up the code to the voting system that could create a large number of people trying to skew the results so that the results are not accurate.

""I think Internet voting is a good idea for this population if you can assure security, but I'm not confident that they can do that," said John Dunbar, a project manager at the Center for Public Integrity" -- this statement is what will not alone them to open up the source code, people will be just to afraid that people will mess with the results of the system.

They are already afraid that this could open up security problems for the results "Other computer security experts call the project an open invitation to election tampering."

I don't know if this will make voting secure, in fact I think it will open it up to attackers, but how are we going to convince the government of this, write to you legislator, and senator, I am sure there are some proactive Slashdot readers that know more about this issue that could try to enlighten the ruling parties. I don't know what the answer is, but at lest they are looking at moving the process forward.
1. Re:one reson why by Anonymous Coward · 2003-07-13 11:30 · Score: 5, Insightful
  
  How about an implementation that doesn't tie you down to any single platform? What if someone wants to vote with Win95, or a beta of Longhorn (I guess even warez doodz might vote) and it's "not supported"?
  
  I think they should try to concentrate on creating a solid, platform independent system. There's absolutely no valid reason it couldn't be.
  
  For the record, I think at this current point in time, electronic voting is a bad idea.
2. Re:one reson why by Realistic_Dragon · 2003-07-13 11:31 · Score: 4, Insightful
  
  this statement is what will not alone them to open up the source code, people will be just to afraid that people will mess with the results of the system.
  
  Security through obsurity is worthless - you can always assume that the bad guys will always find the hole in the system, and on the down side you have just made it horribly difficult (and probably illegal) for the good guys to find the problems first and tell you how to fix them.
  
  --
  Beep beep.
3. Re:one reson why by PeeCee · 2003-07-13 11:32 · Score: 5, Insightful
  
  The reason just windows is because that as much as we hate it, we are in the minority of computer uses, they are not going to Bata test a new technology on a system that only a maximum of 5% of computer users will have
  
  Well, why use exclusively Windows/Linux/*insert-your-OS* ? Why not use a more open solution (say, a system with a secure web interface) that does not depend on the OS? It hardly seems fair that people should need to depend on any product whatsoever to vote.
  I doubt that they would want to open up the code to the voting system that could create a large number of people trying to skew the results so that the results are not accurate
  
  So should we prefer security by obscurity then? Wouldn't it be better to use an open, provably secure system that everyone can scrutinize so people can be sure stuff is being done the right way instead of just hoping nobody's discovered a hole? Of course I realize this would require some serious testing to make sure all the bugs were ironed out, but after a while I think it would make people much more confident to know how it was working behind the scenes. Look at it this way: would you rather go vote by pressing buttons on a black box the government has set up which they claim works the right way, or do you prefer knowing how the system actually works (how ballots are collected, carried, counted, etc) and feel safer?
4. Re:one reson why by harlows_monkeys · 2003-07-13 11:43 · Score: 5, Insightful
  
  Security through obsurity is worthless
  Everyone says this, but not one understands what it means.
  What it means is that obscurity is not sufficient for security. It does not mean that obscurity is not helpful as part of an overall security system.
5. Re:one reson why by feed_me_cereal · 2003-07-13 11:54 · Score: 4, Insightful
  
  You know, that's all fine and dandy for you, but you're in the minority. Most people don't use windows update. Now consider a worm that looks for the voting software and replaces it with a hacked version of the software that silently votes for candidate x without you ever noticing. You'll be safe, but you can't depend on the majority of windows users to be.
  
  --
  "Question with boldness even the existence of a god." - Thomas Jefferson
6. Re:one reson why by weave · 2003-07-13 12:04 · Score: 4, Insightful
  
  Nice, so I can just sell my vote (my client certificate) to someone. Just like the good ole days of the early 20th century.
  The entire point of the secret ballot is so people can't tell how you vote so someone attempting to buy your vote can't confirm whether you voted as they wanted. The point of needing identification at the polling place is so someone can't vote on your behalf. Both big sources of voter fraud are covered. This system removes both controls. Wonderful.
7. Re:one reson why by AstroDrabb · 2003-07-13 12:38 · Score: 4, Insightful
  
  This is insightful?
  The reason just windows is because that as much as we hate it, we are in the minority of computer uses, they are not going to Bata test a new technology on a system that only a maximum of 5% of computer users will have.
  An internet voting system will most likely be delivered over a web browser. Web browsers work through standard compliant methods such as HTTP, HTML, TCP/IP. What in the hell does IE offer as far as those standards are concerened that any other major browser or OS does not have? Please don't tell me that they are going to try to do this with some stupid, insecure ActiveX control, please, please don't tell me that. The fact is, that this is meant to be the voting system for THE PEOPLE, and we NEED to see every bit of it to make sure that there is no room for foul play. If the US governement tries to push this as the new and only voting system, we must fight back. It is bad enough that our law making politicians are allowed to recieve bribes from evil monopolies, lets not let our voting system become corrupted.
  
  --
  If Tyranny and Oppression come to this land,
  it will be in the guise of fighting a foreign enemy. -James Madison
8. Re:one reson why by shis-ka-bob · 2003-07-13 14:17 · Score: 4, Insightful
  
  This is not what is meant by security through obscurity - a password is not obscure. A password is secret. Being secret and being secure are very different. Both imply that information is rare. However, the mechanisms are completely different. A secret is actively protected. An obscure fact may be poorly publicized or simething so mundane that few people bother to learn it.
  Security thought obsurity means 'hiding' a web server on port 3211 and using ports 4432 and 4332 for SNMP. Or making up an entirely new protocol to duplicate an existing protocol. The problem with this is that you may feel secure, because you have done something that will at least slow down an attacker. If you combined 'secuirty though obscurity' with an active means of detecting intruders, you are getting somewhere. If you know that you are being hacked, security through obsurity will gain you some time to react. But if you are one of the vast majority of admins that doesn't actively monitor log files, this advantage is lost.
  
  --
  Think global, act loco
Voting online? Uhhh by Eric(b0mb)Dennis · 2003-07-13 11:24 · Score: 4, Insightful

Voting online seems like it would be a bad idea, no matter how many security measures are put in.

The internet is inherently insecure, and leaving the hands of the country to the internet could lead to a number of problems... I can see it now..

Huge office buildings in foreign "enemy" full of hackers skewing the voting system, or a number of different problems...

Can you IMAGINE the 'recount' scandals, et cetera, after the world's first vote with the internet as a voting measure?

Also, if you have someone's full info (Social, driver's license #, name, address, et cetera) how hard would it be to place your vote as someone else?

The whole thing just seems like a "bad idea"(tm) unless something was reworked to make it infaulable, which isn't really possible, anyways.

--
Excuse me, I don't mean to impose, but I am the ocean
Wait by AvengerXP · 2003-07-13 11:27 · Score: 4, Insightful

Maybe they just meant that like a generic statement, and its not limited to windows but any station with internet access. They just assume you use windows. It doesn't say that its ONLY windows. It's like saying you can to point X using a car, but you can also take a flight or walk or... You get the point.

--
Trolls dont like to be Flamebait, because they burn so well. Protect our Troll heritage!
Hoo boy by thatguywhoiam · 2003-07-13 11:27 · Score: 5, Insightful

Gigantic partisan flamewar in 3...2...1...
I have no comment on the usage of Windows in this manner; the security of that operating system has been analysed to death and we all know what the outcome was.
I have a much bigger fundamental problem with this non-accountable electronic voting process that does not produce a verifiable paper ballot for each vote cast. Aside from any nefarious purposes in the design, having any system where the voting power is aggregated and sorted electronically - and nearly instantly (relatively speaking) - will prove too tempting for someone to sabotage.
I would think that at the very least, one should implement an electronic voting system on a transparent, open operating system, just for plain accountability.
And now its time to open the robot polls... and the robot results are in.

--
If Jesus wants me it knows where to find me.
Imagine... by nacturation · 2003-07-13 11:29 · Score: 5, Insightful

from the article:
Imagine casting a vote for president from a cybercafe in Thailand, an aircraft carrier in the Persian Gulf or a laptop computer at home.
Coincidentally, as I'm typing this, thousands of terrorists, pranksters, and ne'er do wells are imagining the exact same possibility.

--
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
Re:Why Windows? And why not Palladium? by Anonymous Coward · 2003-07-13 11:30 · Score: 5, Insightful

"No, the Palladium software is not sufficiently ubiquitous at this time for use in SERVE."

*whimpers in fear*
Did anybody notice the STATES they're testing in? by Anonymous Coward · 2003-07-13 11:41 · Score: 5, Insightful

Ohio, Florida... eh... Need I remind people that most every state they plan on testing this in are key swing states? Sure, it says a "handful of counties" -- but let's be realistic, pick the most key counties for your candidate, alter the votes enough, swing the state in favor of whomever votes. With black box voting (with no auditable source), this is entirely possible.

Long live paper ballots!
Ironic by Bruha · 2003-07-13 11:55 · Score: 5, Insightful

That the Courts say MS illegally used IE to monopolize the Browser market.. then they go back and make it a requirement to vote.

However I'm sure in whomever's ignorance that wrote the requirement it's more of a baseline of what you need. Unless it's some ActiveX voting booth which will be the next great virus..

voting.klez.E
curiousity..... by morgajel · 2003-07-13 12:09 · Score: 5, Insightful

what exactly is SERVE? is it a website? a program? an authentication scheme? I browsed over the article looking for that, and didn't see it.

So why is Windows a requirement- client side software? if so, why does it matter what browser you use? it's obviously not a vb app that calls IE, because they say it works with netscape 6+ as well.

If it's browser independent(straight html) then it should work on any system. I don't think netscape uses vbscript, so I don't think that would be a hinderance either.

Perhaps they just listed windows because they didn't want people with an old Tandy or 386 trying it. Perhaps they didn't mean to offend the linux and Mac users, they were just ignorant of their existence.

If someone is bored, they could try contacting the creators of this project and see if they could get mozilla and opera added to that list of broswers, as well as linux.

Actually, perhaps the mozilla team could petition to have themselves added to the list if they meet all of the requirements. It would be good publicity to say "yes, we're government certified to handle your votes, and we have a better track record than IE. try us."

--
Looking for Book Reviews? Check out Literary Escapism.
That's not true by autopr0n · 2003-07-13 12:09 · Score: 4, Insightful

The reason they are going to electronic voting is to save money. What would be the point in making things secure if you miss out on the whole 'cheap' thing in the process?

--
autopr0n is like, down and stuff.
1. Re:That's not true by Durandal64 · 2003-07-14 01:45 · Score: 5, Insightful
  
  Please try and learn something about the American political system. Modern liberals believe that the government can and should have more of a hand in regulating the free market and can be an active force for social benefit, while believing that it lacks the competence to dictate personal morality to citizens. Conservatives are the opposite. They believe that the government should stay out of the free market and should not interfere in societal problems, but that it should police the personal morality of its citizens. This is why most anti-abortion, anti-gay, anti-drug people are conservatives, while the proponents for affirmative action, marijuana legalization and social welfare programs are liberals.
  
  The only more or less consistent party is the Libertarian party. Libertarians believe in a small government for the free market, society and citizens' personal lives. Libertarians are generally pro-choice, pro-gays and don't care what you choose to shoot into your body, whether it be heroin, cocaine or Drano. They also tend to take conservatives' views on the free market regulation and social welfare programs.
  
  In short, if conservatives had their way, we'd lose all our personal liberties (it's no big mystery why conservatives tend to be Christians). If liberals had their way, we'd lose any sense of personal responsibility because of unending societal support. Choose which liberties you want to sacrifice to which side, but don't pretend that one side is trying to rob you of all your rights and freedoms while the other is benevolent. You're only deluding yourself.
You're wrong - obscurity is not helpful by Goonie · 2003-07-13 12:13 · Score: 5, Insightful

Obscurity is almost *never* helpful in designing a secure system, because any system that relies on keeping the details of its workings secret is going to be vulnerable to anybody that *does* learn those workings. Just as importantly, if the system is open to public scrutiny, it can be checked for flaws, whereas if it is kept secret security holes that were missed by the developers can be left wide open.

--

Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
You people miss the point entirely. by eniu!uine · 2003-07-13 14:05 · Score: 4, Insightful

Quote:
What it means is that obscurity is not sufficient for security. It does not mean that obscurity is not helpful as part of an overall security system.

Precisely. If obscurity were not beneficial as part of security, then root passwords would be publicly available.
End quote.

What you are talking about is giving away keys. What you should be talking about is opening up algorithms and protocols, since that is what would actually be opened. The relevant facts are that the product will be reverse engineered anyway, so vulnerabilities will be exploited, but if the code is open then they will be found faster and corrected faster. If you cannot stop exploits when your code is open, then you couldn't stop them when it is closed either. This follows a well known trend in encryption technology where algorithms are subjected to testing by as many people as possible to determine their security.

--
My Blog