Online Voting In 2004 To Require Windows

letxa2000 writes "According to this article at CBS, a trial Internet voting system will be made available to 100,000 voters in 2004--particularly military and overseas U.S. citizens. As an American living overseas I think this is a step in the right direction. But the article also says 'Voters using SERVE can register to vote and cast their ballots from any computer using Microsoft Windows with Internet access.' Why the Windows requirement? Is that really going to make online voting secure?"

Re:one reson why

[dracocat]

eh? Or they could just use standard html and not I.E. specific HTML, and then you wouldn't need to do any porting to any other operating systems at all!

Relying on i.e. specific java scripting or whatever they are doing that is i.e. specific is just asking for trouble--and not because it locks our small minority out of it.
The fact that they are using ANY sort of client side java-script, let alone i.e. specific java script for checking values or what not for a voting system is not a good idea. What if they are using i.e. and have java-script disabled, or whatever.

Bottom line, is it should be standard HTML, not just so everyone can use it, but so that it is more robust!!

How to rig an election

[nacturation]

Great... so they're securing the hell out of the server which accepts the vote. No problem there. How about the client machines? What if I were to write a worm program which spread innocuously through emails with the sole purpose of modifying the user's web browser.

Once the protocol is understood, this shouldn't be too difficult to do. Likely it'll be on a secure site, maybe password protected. Doesn't matter. The modified web browser waits until the user visits http://vote.us.gov or wherever, watches the variables being passed, and simply modifies them. Instead of:

name=John+Smith
secretcode=K38DJSH38
password=ai ewpqkd
vote=Al+Gore

It changes it to:

name=John+Smith
secretcode=K38DJSH38
password=ai ewpqkd
vote=George+W.+Bush

Securing the server is all well and good, but they'll need to think really hard about securing the client side as well. Hint: the choice of who to vote for should also be encoded and (preferably) signed against the user's information. So the vote shouldn't be for "Al Gore" but for a signed and encrypted string which represents Al Gore, making it impossible to derive the signed and encrypted string for "George W. Bush".

Re:Excellent!

[Jeremiah+Cornelius]

Online voting is being incouraged in the US because of its susceptibility to fraud, not its resistance. Check out Black Box Voting: Ballot-tampering in the 21st Century. These people are not Luddites. The bulk of the serious critcism here is coming from people who know the most about the technologies employed - therefore the most qualified to scrutinize, and least-likely to be baffled by obtuse claims and jargon.

Also look at This story and the related pages at The Scoop. The most widely deployed system in the US is based on MS Access (!?!), with NO controls for cryptographic storage, trasport, data integrity and/or non-repudiation.

Baaaa, Baaaa! Computers Better! Paper Worse! It's mere superstition by the Sheep-people.

There is always a Way

[marienf]

Apparently, there is a scientifically sound way of doing e-voting, although it would require someone much better versed in math than I, to confirm this. I once heard Vince Rijmen (of AES "Rijndael" fame) describe ways to ensure some essential, and apparently contradictory, guarantees in e-voting (it was in an EU country, so pls forgive the EU-centricity - I have a history, you insensitive clod.. :-) ):

Authentication: Assuring that one votes oneself, that one's vote is not falsified, and that one has voted, at all. (some EU countries have mandatory voting)

Anonimity: Assuring that it is impossible for a third party to determine who I've voted for.

Correctability: assuring that I can modify my vote for a certain period after it has been cast (because there is no oversight in voting at home, I could have been coerced to vote a certain way, e.g. by someone coming into my home and holding a gun against my head, and should be able to correct this).

Vince described how he and his fellows at Cryptomathic found ways to project some basic mathematical techniques onto PKI, to ensure all of the above, and therefore allow for mathematically provable e-voting. Essentially making the voting process much more certain and transparant than was ever possible using conventional techniques.

I was solemnly impressed. It sounded too good to be true. I sincerely hope some of you mathematically unchallenged /.ers will draw Vince into an online discussion about this, so we can all find out whether he really has this magical solution, or he was just advertising his new company. Make it an "Ask /.", for example.

Re:The lame voting machine article again.

[Jeremiah+Cornelius]

Any effectively secure database would be secured from the root operator. This si required by the DoD - the problems here have been worked out long ago. The machine itself should have Mandatory Access Controls, and the DB should implement cryptographic methods for transactional non-repudiation - with security principals independent of the underlying OS authentication.

The whole key infrastructure for this should be FIPS-140 compliant for hardware-based key modules, and require the coordinated actions of two or more actors in managing/engaging keys. There should be strict operational guidelines for the separation of roles in the management, deployment and retreival of these devices, and a separate role with an auditory function. The Auditory role needs a key that can reveal and validate any information on the system, yet create or modify nothing.

These controls are the only justifyable reason to implement 'electronic voting'. Cost? Give me a break! If free and fair voting is not worth paying premium prices for, what is? Do we have to pinch pennies for the land mines we drop on Afghan soil?

Without attempting to reach this benchmark, electronic voting is a fraud. It is a humbug of technophillic superstition used by sellers of snake-oil to dazzle the onlooker, while trusty assistant rob the crowd.