Online Voting In 2004 To Require Windows

letxa2000 writes "According to this article at CBS, a trial Internet voting system will be made available to 100,000 voters in 2004--particularly military and overseas U.S. citizens. As an American living overseas I think this is a step in the right direction. But the article also says 'Voters using SERVE can register to vote and cast their ballots from any computer using Microsoft Windows with Internet access.' Why the Windows requirement? Is that really going to make online voting secure?"

Why Windows

[Ken@WearableTech]

Why the Windows requirement?

Maybe because the VAST majority of individualsuse MS Windows. You ASSume that it is just a HTTP connection with SSL so any OS should suffice. Look at the F.A.Q.. It says that "required software is downloaded automatically as needed when you access various parts of the SERVE website. Possibly, the voting software uses their own encryption and will be delivered as an ActiveX or some other format. Could they have written the software so it could work on other OS. Sure but it's a trial run! Their is no right to Vote from a Linux box.

Re:one reson why

[dracocat]

eh? Or they could just use standard html and not I.E. specific HTML, and then you wouldn't need to do any porting to any other operating systems at all!

Relying on i.e. specific java scripting or whatever they are doing that is i.e. specific is just asking for trouble--and not because it locks our small minority out of it.
The fact that they are using ANY sort of client side java-script, let alone i.e. specific java script for checking values or what not for a voting system is not a good idea. What if they are using i.e. and have java-script disabled, or whatever.

Bottom line, is it should be standard HTML, not just so everyone can use it, but so that it is more robust!!

How to rig an election

[nacturation]

Great... so they're securing the hell out of the server which accepts the vote. No problem there. How about the client machines? What if I were to write a worm program which spread innocuously through emails with the sole purpose of modifying the user's web browser.

Once the protocol is understood, this shouldn't be too difficult to do. Likely it'll be on a secure site, maybe password protected. Doesn't matter. The modified web browser waits until the user visits http://vote.us.gov or wherever, watches the variables being passed, and simply modifies them. Instead of:

name=John+Smith
secretcode=K38DJSH38
password=ai ewpqkd
vote=Al+Gore

It changes it to:

name=John+Smith
secretcode=K38DJSH38
password=ai ewpqkd
vote=George+W.+Bush

Securing the server is all well and good, but they'll need to think really hard about securing the client side as well. Hint: the choice of who to vote for should also be encoded and (preferably) signed against the user's information. So the vote shouldn't be for "Al Gore" but for a signed and encrypted string which represents Al Gore, making it impossible to derive the signed and encrypted string for "George W. Bush".

Re:Excellent!

[Jeremiah+Cornelius]

Online voting is being incouraged in the US because of its susceptibility to fraud, not its resistance. Check out Black Box Voting: Ballot-tampering in the 21st Century. These people are not Luddites. The bulk of the serious critcism here is coming from people who know the most about the technologies employed - therefore the most qualified to scrutinize, and least-likely to be baffled by obtuse claims and jargon.

Also look at This story and the related pages at The Scoop. The most widely deployed system in the US is based on MS Access (!?!), with NO controls for cryptographic storage, trasport, data integrity and/or non-repudiation.

Baaaa, Baaaa! Computers Better! Paper Worse! It's mere superstition by the Sheep-people.

Now the Rebuplicans...

[Aureal]

...will quite probably never be removed from power

Re:Voting Online? YES!

[Jeremiah+Cornelius]

I'm afraid that I am reminded of the 18th-century French writer Charles de Montesquieu who said that "all nations have the governments they deserve."

I am afraid that sentiments like yours mask a great deal of indiferrence and intellectual laziness by the pretense of a realistic and 'no-nonsense' attitude.

It is a far-cry from the blanket assertion:

Can any online voting system be hacked? Yes.

to the validation for implementing systems which have a documentable history of being the worst possible of implementations. Those so far in evidence actually invite abuses!

http://www.blackboxvoting.com/
Inside A U.S. Election Vote Counting Program
Bald-Faced Lies About Black Box Voting Machines

It is irresponsible, derelict and probably mendacious of anyone advocating the adoption of newer vote collection technologies not to insist on addressing these specific allegations and their evidence. Any proposal which is advanced without a specific redress of these concerns should be considered suspect in motive. Ignorance of the basic issue - and its gravity - is not a possibility.

There is always a Way

[marienf]

Apparently, there is a scientifically sound way of doing e-voting, although it would require someone much better versed in math than I, to confirm this. I once heard Vince Rijmen (of AES "Rijndael" fame) describe ways to ensure some essential, and apparently contradictory, guarantees in e-voting (it was in an EU country, so pls forgive the EU-centricity - I have a history, you insensitive clod.. :-) ):

Authentication: Assuring that one votes oneself, that one's vote is not falsified, and that one has voted, at all. (some EU countries have mandatory voting)

Anonimity: Assuring that it is impossible for a third party to determine who I've voted for.

Correctability: assuring that I can modify my vote for a certain period after it has been cast (because there is no oversight in voting at home, I could have been coerced to vote a certain way, e.g. by someone coming into my home and holding a gun against my head, and should be able to correct this).

Vince described how he and his fellows at Cryptomathic found ways to project some basic mathematical techniques onto PKI, to ensure all of the above, and therefore allow for mathematically provable e-voting. Essentially making the voting process much more certain and transparant than was ever possible using conventional techniques.

I was solemnly impressed. It sounded too good to be true. I sincerely hope some of you mathematically unchallenged /.ers will draw Vince into an online discussion about this, so we can all find out whether he really has this magical solution, or he was just advertising his new company. Make it an "Ask /.", for example.

Re:Excellent!

[bofkentucky]

How many troops in Iraq of Afghanistan are using *NIX?
Slightly OT but...
That video wall used in Doha, Qatar where the big briefings by Franks and others was run by an SGI Irix box and there is a large amount of Sun hardware/software in the comms, image processing (recon), and weather forecasting departments. I have no clue as to the availability of *nix laptops/PC's for grunts though.
The OICS/Project 21/New century soldier palmtops have been running everything from Newton OS through PalmOS and WinCE. I've never seen a hardened, linux running, Zarus, but there is no reason Sharp shouldn't try to get in on that contract.

Re:curiousity.....

[morgajel]

whoops, my bad- I was looking for the simpleton bold letters.

A agree with you tho- it'll be hard to prove who you are without tying your identity to a vote. I don't trust the current/any politicians to say "here is our closed source voting system. all you do is put all of your personal info in here, and we promise not to check and see who you voted for. Promise."

Funny story I have to go along with that, rather long but it's on topic and quite interesting.

My college tried doing something similar for student senate. They hired an art major who used frontpage to write a form. It included inputting your student ID(SSN), your name, your birthdate(for confirmation), and everyone you voted for on the ballot.

Of course, no one bothered to think that perhaps the data should be stored somewhere safe. Instead, it was stored in a flat file that was web accessable. A friend of mine who shall remain nameless was bored and decided to trace through the html.... 20 seconds later, he asked if anyone in the lab had voted online. a couple of people raised their hands. He then said, "hey Chris, is your SSN 123-23-1234?"

The demonstration was complete. There were about 700k of text in the file, over 900 names, SSN's and votes by 11am(half an hour after we found it.)

We had of course went and told everyone we could find that was in any position of power to kill the page and move the file offline.

Around noon, the file was removed, but the voting page was still up. Se looked into the code to find that they had changed the name of the frole from /results.dat to /secret/results1.dat.

I looked at the list as it grew larger, noticing more and more of my non-geek friends showing up on the list. We even went so far as to have Beavis vote, and then watched as he was added to the text file.

We reported it again, and by 2pm, they finally "stopped" the online elections.

Some of the people in the lab were less that impressed by that point. One individual who I've only seen once in that lab and never again, printed out the list. He then went and stapled 5 pages to each door in the Computer Science building. That prompted more of an investigation than anything else.

The funny part was that the people who counted the votes were the ones who were currently in office. Not only that, but one of the guys, the student senate president, had voted over 50 times for himself and his fellow encumbents.

Of course they blew over it in the school paper with a crap apology. I think one new person was elected that year.

Of course, no one would touch that story with a 10 foot pole- not slashdot, not the local news papers, not the local tv stations.

Moral of the story: my voter apathy prevented me from getting my identity stolen. Remember to be apathetic towards the voting process.

Anyways, my point is this was one example of a horriffic abuse of online voting, and I whole-heartedly agree that it's not ready. Not yet.

Re:The lame voting machine article again.

[Jeremiah+Cornelius]

Any effectively secure database would be secured from the root operator. This si required by the DoD - the problems here have been worked out long ago. The machine itself should have Mandatory Access Controls, and the DB should implement cryptographic methods for transactional non-repudiation - with security principals independent of the underlying OS authentication.

The whole key infrastructure for this should be FIPS-140 compliant for hardware-based key modules, and require the coordinated actions of two or more actors in managing/engaging keys. There should be strict operational guidelines for the separation of roles in the management, deployment and retreival of these devices, and a separate role with an auditory function. The Auditory role needs a key that can reveal and validate any information on the system, yet create or modify nothing.

These controls are the only justifyable reason to implement 'electronic voting'. Cost? Give me a break! If free and fair voting is not worth paying premium prices for, what is? Do we have to pinch pennies for the land mines we drop on Afghan soil?

Without attempting to reach this benchmark, electronic voting is a fraud. It is a humbug of technophillic superstition used by sellers of snake-oil to dazzle the onlooker, while trusty assistant rob the crowd.