Slashdot Mirror
Online Voting In 2004 To Require Windows
letxa2000 writes "According to this article at CBS, a trial Internet voting system will be made available to 100,000 voters in 2004--particularly military and overseas U.S. citizens. As an American living overseas I think this is a step in the right direction. But the article also says 'Voters using SERVE can register to vote and cast their ballots from any computer using Microsoft Windows with Internet access.' Why the Windows requirement? Is that really going to make online voting secure?"
UPDATE candidates SET votes="0" WHERE name="Your Opposing Candidate";
Do you like German cars?
The reason just windows is because that as much as we hate it, we are in the minority of computer uses, they are not going to Bata test a new technology on a system that only a maximum of 5% of computer users will have (and yes I am being overly optimistic here) if this works for them the next platform will be Mac. Linux may never get it, unless more people use Linux, and I doubt that they would want to open up the code to the voting system that could create a large number of people trying to skew the results so that the results are not accurate.
""I think Internet voting is a good idea for this population if you can assure security, but I'm not confident that they can do that," said John Dunbar, a project manager at the Center for Public Integrity" -- this statement is what will not alone them to open up the source code, people will be just to afraid that people will mess with the results of the system.
They are already afraid that this could open up security problems for the results "Other computer security experts call the project an open invitation to election tampering."
I don't know if this will make voting secure, in fact I think it will open it up to attackers, but how are we going to convince the government of this, write to you legislator, and senator, I am sure there are some proactive Slashdot readers that know more about this issue that could try to enlighten the ruling parties. I don't know what the answer is, but at lest they are looking at moving the process forward.
Voting online seems like it would be a bad idea, no matter how many security measures are put in.
The internet is inherently insecure, and leaving the hands of the country to the internet could lead to a number of problems... I can see it now..
Huge office buildings in foreign "enemy" full of hackers skewing the voting system, or a number of different problems...
Can you IMAGINE the 'recount' scandals, et cetera, after the world's first vote with the internet as a voting measure?
Also, if you have someone's full info (Social, driver's license #, name, address, et cetera) how hard would it be to place your vote as someone else?
The whole thing just seems like a "bad idea"(tm) unless something was reworked to make it infaulable, which isn't really possible, anyways.
Excuse me, I don't mean to impose, but I am the ocean
Ladies and Gentlemen, It is my pleasure to introduce the new supreme ruler of the United States: William Gates!
Gates:"....exxxxxcellllent....."
Ok, so it's pandering that this will get modded as funny, but I'm a whore for good karma!
If they're testing the system with military voters, than using Windows is probably the only choice. There are a lot of bases where the desktop platform, by directive, is Windows. Running alternative software can be a violation of policy and mean Real Trouble(tm) for military members. They're not going to court martial anybody, but it can be a black eye on your record.
Why the Windows requirement?
Because your vote has to be sent to Redmond to be "verified" and rejected in the case of an "incorrect" vote.
Reliable, Great Value Hosting: $7.95/mo 2.4G/120G
All those hermits who never leave the house are going to be able to vote. How long do you think it will be until they repeal the Sun?
I'll form my OWN solar system! With blackjack! And hookers!
Maybe they just meant that like a generic statement, and its not limited to windows but any station with internet access. They just assume you use windows. It doesn't say that its ONLY windows. It's like saying you can to point X using a car, but you can also take a flight or walk or... You get the point.
Trolls dont like to be Flamebait, because they burn so well. Protect our Troll heritage!
This is somewhat unrelated, but still an interesting comment on their page:
*Phew*...I have no comment on the usage of Windows in this manner; the security of that operating system has been analysed to death and we all know what the outcome was.
I have a much bigger fundamental problem with this non-accountable electronic voting process that does not produce a verifiable paper ballot for each vote cast. Aside from any nefarious purposes in the design, having any system where the voting power is aggregated and sorted electronically - and nearly instantly (relatively speaking) - will prove too tempting for someone to sabotage.
I would think that at the very least, one should implement an electronic voting system on a transparent, open operating system, just for plain accountability.
And now its time to open the robot polls... and the robot results are in.
If Jesus wants me it knows where to find me.
They are concerned about building something that works solidly and since Microsoft dominates the desktop market, it is a no brainer to target Windows IE as the single allowable browser to vote with.
Many of us know what a bitch it is to develop a code and feature intensive site that works correctly for all browsers.
It also cuts down on support issues. I have met people who are unsure of what platform they are running. "What kind of computer am I using? It says 'power' here near a button. Is that right?"
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
There isn't enough detail in the article to say whether "running Microsoft Windows" is actually a requirement, or just cluelessness on the part of the article's author. If it's a Web-based system (which, again, the article doesn't say one way or the other) then it shouldn't matter.
Why the Windows requirement?
Maybe because the VAST majority of individualsuse MS Windows. You ASSume that it is just a HTTP connection with SSL so any OS should suffice. Look at the F.A.Q.. It says that "required software is downloaded automatically as needed when you access various parts of the SERVE website. Possibly, the voting software uses their own encryption and will be delivered as an ActiveX or some other format. Could they have written the software so it could work on other OS. Sure but it's a trial run! Their is no right to Vote from a Linux box.
You fools! Surely the computers will be exploited for this! This could lead to something completely unprecedented like one man being backed by the majority of American voters for the presidency and then the other man winning, as crazy as that example is!
Landslide wins / losses will become buffer overflow wins and losses.
Can any online voting system be hacked? Yes. Should that be a reason to avoid it?
Hell No! People talk about security and online voting as if that because thesystem is corruptible it is not acceptable. Those with this view are not living
in the real world. The current meatspace voting system in just as corruptible by anything: from paid repeat voters(which we have here in Chicago), to old crappy machines and even making sure that every vote in counted(as long as it's in my parties county B.S.)
Online voting could totally redefine write-in candidates. In the past you were either psychotic, disillusioned, or mistaken in writing-in a candidate.
Now with the Internet you could have hundreds of thousands voting for retarted candidates like "Rocket J. Squirrel","Jack Black", and "George W. Bush"
Could this negate the party system? People typically voted for a Dem or GOP'er simply because they were the two names on the ballot that were at the top, but now people could organize real grassroots campaigns, skipping the primaries, and just promote themselves on message boards and other mediums (slashdot front page story, anybody?)
In all seriousness, national online voting could take the old political system and stand it on its head...I'd go for it just to see what happens.
Well, I dare the position that the internet can be made a lot more secure than a regular hole-puncher voting-machine ever will.
... suffice to say that Gore and Bush quarreled over these machines quite a bit.
... paper-based, internet based, the issue here is of course with trust. Whether you or my mom would trust internet voting more than paper voting is another matter entirely and lends itself to a much larger discussion about referendum validity, but mathematically it is indeed harder to fake a Diffie key-exchange than it is to throw in a few extra paper votes in the bag when counting.
In some countries/referendums you tick a box; with more than one tick the vote is void. What's to prevent someone from ticking an already ticked vote when counting them up. Redundacy, of course, but Mr. Smith walking around, making sure that 15 other Mr. Smiths don't void the votes they have been given is hardly what I would call a secure system.
In other countries/referendums you use a hole puncher. I mean, I hardly even need to comment on a hole puncher
In Denmark, where I've lived, you need to brind ID to the voting booths (often a passport). You go down, get counted (yes, Mr. So'n'So have votes) and tick your box. Nothing prevents me from giving my passport (or whatever other means of ID that is deemed fitting) to someone else and let them vote in my name.
Contrast to internet voting, where a full ID check can be done once (i.e. you go down to your city hall, you bring ID, they check your ID, they double-check your ID, they check your picture etc.) and then, once, they issue you a voting key (say, an in-expensive USB dongle) with a private-public keyset. With this dongle there's a mathematically much smaller chance of fraud than there ever will be with paper-based referendums.
Sure, everything can be hacked
Ohio, Florida... eh... Need I remind people that most every state they plan on testing this in are key swing states? Sure, it says a "handful of counties" -- but let's be realistic, pick the most key counties for your candidate, alter the votes enough, swing the state in favor of whomever votes. With black box voting (with no auditable source), this is entirely possible.
Long live paper ballots!
Great... so they're securing the hell out of the server which accepts the vote. No problem there. How about the client machines? What if I were to write a worm program which spread innocuously through emails with the sole purpose of modifying the user's web browser.
i ewpqkd
i ewpqkd
Once the protocol is understood, this shouldn't be too difficult to do. Likely it'll be on a secure site, maybe password protected. Doesn't matter. The modified web browser waits until the user visits http://vote.us.gov or wherever, watches the variables being passed, and simply modifies them. Instead of:
name=John+Smith
secretcode=K38DJSH38
password=a
vote=Al+Gore
It changes it to:
name=John+Smith
secretcode=K38DJSH38
password=a
vote=George+W.+Bush
Securing the server is all well and good, but they'll need to think really hard about securing the client side as well. Hint: the choice of who to vote for should also be encoded and (preferably) signed against the user's information. So the vote shouldn't be for "Al Gore" but for a signed and encrypted string which represents Al Gore, making it impossible to derive the signed and encrypted string for "George W. Bush".
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
Maybe of some relevance: How To Rig An Election In The United States Inside A U.S. Election Vote Counting Program Bald-Faced Lies About Black Box Voting Machines
Interesting, but I think they're making a little too big a hoopla of it. Or?
Belief is the currency of delusion.
Actually, I would say just one word:
ActiveX
It's the only thing I know of that's specifically windows, windows, and only windows.
Karma: Food Fight (Mostly affected by Date Plate).
A friend of mine suggested tonight that since American power extends so far around the world, it would only be fair to let everyone vote in US elections, not just US citizens.
One major problem with that would be that they wouldn't know enough about our candidates. Oh, wait, never mind.
Microsoft is a good true bluebloodnobull American company type thang. We limit electionizing to US citizens, those who have swearified allegiancy to the USA. Thereforce, why should we permittify the use of computer magic developed by foreign wizards and sorcorers, some of them which may be tied with al Quaestionable organizatiables? We shouldn't misunderestimatify them.
Now where's my Goddamn Coke.
oh brave new world, that has such people in it!
Imagine if they had to say every os you could use...
.. and .. and ..
You can use windows and linux and macos and macosX and beos and your wap phone and
I think a lot of companies as a defacto announcement Say Windows... Cause well... majority of people in the world run windows.
The otherside is, it could be for tech support reason. They don't want to have to hire uptine people to support god knows what.
oogly boogly!
That the Courts say MS illegally used IE to monopolize the Browser market.. then they go back and make it a requirement to vote.
However I'm sure in whomever's ignorance that wrote the requirement it's more of a baseline of what you need. Unless it's some ActiveX voting booth which will be the next great virus..
voting.klez.E
As for security, hmph. It's hard to think of a computer company with a worse record. I imagine someone will make a "I vote you" virus that votes early and often for everyone.
Friends don't help friends install M$ junk.
d33r \/0t3r:
3y3 0wn j00r \/0+3Z, ph00lZ!
Da Supr3/\/\3Z
As for "Why Windows", the SERVE web site says, "All required software is downloaded automatically as needed when you access various parts of the SERVE website." That seems to indicate some kind of embedded web application. I'd guess this application is native code, since Windows no longer comes with Java, and there's no mention of a Java download.
Or it might be that whoever wrote the FAQ page doesn't know much about the app, and is tapdancing around the details. Certainly it would make sense to implement this app entirely on the server. If that's the case, then it's reasonable to ask why other platforms with compliant servers aren't acceptable.
The answer to that would be QA. On a project like this, they have to carefully test the app, and even with their current limitations they have 4 different browser-platform combinations (IE and Netscape, Pre-NT and NT Windows) to test.
This points up a big problem with web applications. Most of us would like to see web developers code to a standard, not to a browser. Until they do, browser implementers has no incentive to support standards, and all that cool stuff in HTML4 and cSS2 is just so much noise.
(And yes, Internet Explorer -- except for the Mac version -- is particularly bad. But all browsers have serious compliance issues, so we can't put all the blame on Mister Bill.)
But why should web developers bother? Even if they're aware of the importance of standards -- and most appear not to be -- it doesn't save them from the need to test their apps on every browser-platform combination they claim to support. So what does compliance buy them, except extra work?
what exactly is SERVE? is it a website? a program? an authentication scheme? I browsed over the article looking for that, and didn't see it.
So why is Windows a requirement- client side software? if so, why does it matter what browser you use? it's obviously not a vb app that calls IE, because they say it works with netscape 6+ as well.
If it's browser independent(straight html) then it should work on any system. I don't think netscape uses vbscript, so I don't think that would be a hinderance either.
Perhaps they just listed windows because they didn't want people with an old Tandy or 386 trying it. Perhaps they didn't mean to offend the linux and Mac users, they were just ignorant of their existence.
If someone is bored, they could try contacting the creators of this project and see if they could get mozilla and opera added to that list of broswers, as well as linux.
Actually, perhaps the mozilla team could petition to have themselves added to the list if they meet all of the requirements. It would be good publicity to say "yes, we're government certified to handle your votes, and we have a better track record than IE. try us."
Looking for Book Reviews? Check out Literary Escapism.
The reason they are going to electronic voting is to save money. What would be the point in making things secure if you miss out on the whole 'cheap' thing in the process?
autopr0n is like, down and stuff.
Exclusively, in fact, to all other OS's.
I'm goint to play "Devil's Advocate" here and note that the article says "Windows users *can*..." not "Windows users *must*..."
So where is the "requirement" here? I've yet to see any protocol (on a public network at least) that can't be used (reverse-engineered?) by anyone so inclined.
Granted, the wording underlies a basic assumption that computer usage equals Windows usage; at best this is an accurate reflection of market conditions. At worst, it is a blatant plug for somebody's sales Dept. Either way, it's an obvious bias and should be taken with a grain of salt. I can only *hope* that the relevant security is up to par.
Of course, I'm just playing "Devil's Advocate". And the devil is in the details.
C|N>K
Obscurity is almost *never* helpful in designing a secure system, because any system that relies on keeping the details of its workings secret is going to be vulnerable to anybody that *does* learn those workings. Just as importantly, if the system is open to public scrutiny, it can be checked for flaws, whereas if it is kept secret security holes that were missed by the developers can be left wide open.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
The new poll tax.
Dawn of the Dead
A friend of mine suggested tonight that since American power extends so far around the world, it would only be fair to let everyone vote in US elections, not just US citizens.
That's fine with me as soon as everyone in the world puts their money where their mouth is and starts paying US taxes.
"95% of all Slashdot
There is nothing in the article which suggests that Windows is a requirement. It just says that you can access it from any Windows box with internet access. That means that Windows is sufficient, but it doesn't say it's necessary .
What they're trying to address in the article is that since most people use Windows, then most people are going to want to know that they can access it from their home computers.
It's like telling people they can get somewhere in a Ford. That doesn't mean they can't get there in a Chevy or a Nissan.
...will quite probably never be removed from power
Probably should be single quotes though in mysql: set votes='0'
Apparently, there is a scientifically sound way of doing e-voting, although it would require someone much better versed in math than I, to confirm this. I once heard Vince Rijmen (of AES "Rijndael" fame) describe ways to ensure some essential, and apparently contradictory, guarantees in e-voting (it was in an EU country, so pls forgive the EU-centricity - I have a history, you insensitive clod.. :-) ):
/.ers will draw Vince into an online discussion about this, so we can all find out whether he really has this magical solution, or he was just advertising his new company. Make it an "Ask /.", for example.
Authentication: Assuring that one votes oneself, that one's vote is not falsified, and that one has voted, at all. (some EU countries have mandatory voting)
Anonimity: Assuring that it is impossible for a third party to determine who I've voted for.
Correctability: assuring that I can modify my vote for a certain period after it has been cast (because there is no oversight in voting at home, I could have been coerced to vote a certain way, e.g. by someone coming into my home and holding a gun against my head, and should be able to correct this).
Vince described how he and his fellows at Cryptomathic found ways to project some basic mathematical techniques onto PKI, to ensure all of the above, and therefore allow for mathematically provable e-voting. Essentially making the voting process much more certain and transparant than was ever possible using conventional techniques.
I was solemnly impressed. It sounded too good to be true. I sincerely hope some of you mathematically unchallenged
for the virus/spyware/worm/... that infects Windows machines and patches the election program to vote for the candidate of the spyware author's choice. Remember the 2000 election 100,000 overseas votes could make the difference ....
It used to be that women were not allowed not vote. It used to be that black people were not allowed to vote. For women, it was because they were not men and thus did not necessarily share the viewpoints of those in power who benefited from male voters. For blacks, it was because they were not white and thus did not necessarily share the viewpoints of those in power who benefitted from white voters.
While not as definitively prohibitive, this is the same as voter segregation. Unless you are willing to spend the money to use Windows, you are not permitted to vote in this fashion. What if you use a Macintosh? What if you run an open source operating system? If you are not in a particular class of citizens, your ability to vote is limited. Certainly if traditional voting is available to you there is really no problem, but that's not an option, you are being prohibited.
So the serious issue here not that Windows is secure or any other nonsense. The problem is that people who are influenced by Microsoft have thus dictated that those who do not use Microsoft products are not permitted to vote in this fashion. That's a serious problem because whoever directed these development efforts (and of course, whoever directed her) therefore has strong influence on how candidates will be elected.
I would wager that this could be very popular (though I personally prefer pulling the lever with the satisfying kerchunk to cast my vote). As a result, certain parties will have unfair advantages for reasons which should be obvious to most people who read Slashdot. (Of course, I am willing to outline a scenario or two for the uninitiated.)
Maybe someone should write a HOW-TO in the future outlining how this software may be used with Wine on OSS machines. Of course, options on the Macintosh are limited even further.
Join Tor today!
If you want to use your computer to exercise your right to vote, you must purchase a product from one particular company.
And it's not the browser, either, as you can use Mozilla (Netscape 6x) as long as you're on Microsoft.
I guess it wont make much difference to our servicemen, as they will probably be using Windows anyway, but what about overseas citizens? Do they just change thier user-agent string?
Read, L
Security through obscurity is like hiding a key under the doormat. You think you're o.k. because the key is hidden, and you don't see the key yourself when you go out and wander around your door. Plus so many people do it (you assume) and you never hear them talk about break-ins.
But reality is that the mat will really stop nobody who wants to enter your house from getting the key. The only people your key-hiding will stop is people who didn't want to enter in the first place anyway, the other people will for sure check under the mat, flowerpot, etc...
Security through obscurity gives a false sense of security, making the implementer lax. That is one of the many reasons why obscurity is actually counterproductive for security. In practice obscurity has already has lead to many, many security failures.
That is what is means. Translation: if you have 'security through obscurity', the best you can do is assume your worst enemies already know all the details and the worst you can do is assume that it will help you in anything at all.
Obscurity does not help towards security. Obscurity is just what it is, obscurity, but a searchlight will make it vanish completely.
Use real security.
--- Hindsight is 20/20, but walking backwards is not the answer.
Online voting is being incouraged
Maybe so, but it is being encouraged because of cost, as aut0pron states above.
Eve Fairbanks says I drive a hybrid!LOL
But...but...but...how can SERVE be Windows-only when the graphic in the article clearly shows a Macintosh mouse?? I don't understand.
"... insert the Windows NT Workstation 4.0 compact disc with your computer turned off." - NT installation manual
In a surprising turnaround, a new candidate who calls himself l33td00d has won the election, accumulating 10 trillion votes in a matter of seconds.
I made a PHP/MySQL library that prevents SQL injection & makes coding easier!
Why is Windows a requirement? And Explorer?
Learn to use the cookies.
I am a Mac user and prefer Safari, Camino, Links, iCab. Thus no way I could vote. Why are the Mac / Linux / other OS than windows and Other Browser than Explorer users seen as B-citizens?
Now you can have a happy blue donkey on your desktop, it can do all the neat stuff that your monkey can do! But, in addittion it can also vote for you!!
for you! do you want to install?
[yes] [yes] [hell yes] [always yes!] [maby some other time]
Is it a good idea for them to be using client software? By doing so, you are giving hackers a large amount of bitcode to play with and find exploitations with. It seems to me that it would make a lot more sense to use SSL over HTTP as this has been highly tested for security all over the internet for years. Any program that they develope will be very green and unpredictable.
"Why the Windows requirement?
They wanted to use a stable, reliable, and secure operating system to ensure that all American voters have equal and unhindered access to their right to vote.
Unfortunately, they couldn't think of anything, so they just chose Windows.
-- "Government is the great fiction through which everybody endeavors to live at the expense of everybody else."
If you don't like that this will be Windows-only, go to http://www.serveusa.gov/public/aca.aspx and click on "Contact Us." If they get 10,000 emails from slashdotters, they might think twice, and it will take 3 minutes of your time.
It will be much more convenient for wealthy computer owners to point and click on their favorite candidate. It is more fair for everyone to have to vote in the same place in the same way at the same time.
P.S. - Please disregard this post if the online voting will never be applied to more than absentee voting as the article discusses.
Quote:
What it means is that obscurity is not sufficient for security. It does not mean that obscurity is not helpful as part of an overall security system.
Precisely. If obscurity were not beneficial as part of security, then root passwords would be publicly available.
End quote.
What you are talking about is giving away keys. What you should be talking about is opening up algorithms and protocols, since that is what would actually be opened. The relevant facts are that the product will be reverse engineered anyway, so vulnerabilities will be exploited, but if the code is open then they will be found faster and corrected faster. If you cannot stop exploits when your code is open, then you couldn't stop them when it is closed either. This follows a well known trend in encryption technology where algorithms are subjected to testing by as many people as possible to determine their security.
My Blog
Sophisticated encryption technology will scramble messages containing the ballots, and voter identity will be verified through digital signature, a prearranged procedure to authenticate the voter's signature.
:-) (after all, she has experience as the First Daughter!)
So in order to vote, I have to give something that says "red floyd". This is unacceptable. When I vote in person, I have to ID myself.
BUT... there is nothing linking that ID to my ballot. With this system, it's almost necessary, given the fact that they need to validate that this is my vote. In other words, they have something that says, "red floyd voted for CowboyNeal". This is untenable, most likely illegal, and quite possibly unconstitutional.
Disclaimer: I would not vote for CowboyNeal for President. Natalie Portman, maybe
The only reason we have the rights we have is that people just like us died to gain those rights. -- Cheerio Boy
In this case, security from script kiddies is neither here nor there. The best way to keep your system secure is have as many white hats as possible try and find holes in it, and the best way to do that is to publish the details of the system. That way, you can be confident that the system is secure, even if the source code is leaked.As to your comment about OpenBSD, that is almost completely irrelevant. It doesn't matter how secure the base OS is if the software it's running is insecure.
Which do you trust more? A system where the proponents say, "Trust Us" or a system where you can look for yourself. I know which I prefer.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
I know that I am going to get some static from /. crowd for being 'pro' Microsoft, but here is my two cents on the issue. Anybody who has designed a complicated web-based application will tell you that trying to support a variety of browsers and platforms can turn into a nightmare. I worked as a qa engineer for two companies that specialized in very complicated large scale web application and both of the companies had to restrict their software to Windows and Internet Explorer. Why? Simply because it was easier to design, develop and test the applications that had less variables involved in a short run. Additionally, these application targeted businesses and individuals who used Windows as their desktop platform. The companies that I worked for did start developing their applications for different platforms, but it was only after the Windows based programs proved to be a great success. Same goes for the United States government. Want it or not, Windows still have the largest share of the desktop market and it does makes sense to deploy an application for this platform and then worry about the rest of the players.
/. readers and voters who use OSes other than Windows represent a small fraction of the United States' citizens.
I don't think that a Window based voting system is an ultimate solution in terms of covering hundred percent voters and being absolutely secure, but the fact is that money talks and if it is cheaper to develop an application that targets only Windows at the beginning, well.. more power to Uncle Sam. Afterall,
The Windows requirements is to put a stop to those damn Commies voting.
WTF is the Pentagon doing running a voting program? I could see DARPA being involved, maybe, but the Pentagon? The only involvement the military should have in an election is to give servicemembers time off to vote.
What's next, the CIA running the debates?
Of course, the sites I expect to get hacked are any that Armed Forces personnel actually use for voting.
If they are very, very, lucky, the only black hat work will be done by outside site defacers, not the insiders I expect to have pre-hacked the boxes.
I can't tell from the google results so far if the Federal Voting Assistance Program uses ESS/Diebold/Global or not.
Tech Public Policy stuff
It does not say only from any computer using Windows. Everyone here's reacting as if the article said the latter, but it didn't. The article does not say, if you read carefully, that the system will somehow be limited to Windows. I just says anyone with Windows and the internet will have access.
Please remember that we are Slashdot, we are numerous, and we are powerful. So go to the site, click Contact Us, and give them a piece of your mind. For that matter, you could even snail mail them something. When webmasters start getting tons of mail about allowing real browsers, they sometimes do it. And in this case, it affects voting, so it's very important. Surely a few hundred messages asking them not to discriminate on UserAgent headers, submitted before the system's even implemented, will widen their view.
Litigious bastards
Nope, it says Netscape 6.x is supported also. ActiveX is IE only.
There's a cost-benefit curve there. If you keep it secret from everyone, that's bad. If you keep it secret only from those who might attack it, and no one else, that's good. For each given scenario there's a point somewhere in between that's best. Unfortunately, it's almos never possible to tell who'll be attacking it, and the costs of not getting peer review are higher than the benefits of making your enemies attack it blind, for basically secure systems. But recall that replicating the Purple cipher nearly drove Freidman mad, while Turing et all were able to crack a captured Enigma relatively sanely... So the sucessful Japanese obscurity efforts cost America a great cryptanalyst.
I read that story earlier, and it's pretty bogus. Essentially the authors complain that a person with root access (or Windows equivalent thereof) on the database machine can do anything. Well that's obvious. Among other things, the authors complain that you can add admin accounts to the system by inserting rows into a table. So? This is true for every db-based app I've worked on. The key is that only authorized users should have access to that table in the first place.
I'm not saying the electronic voting system is "secure", whatever that would mean. Just that the article is poorly thought out.
I'm normally no MS-apologist (actually Sybase apologist in this case; SQL Server is a fork of Sybase 4.2) but this makes sense to me:
Hands in my pocket
I'm sorry, your government has performed an illegal action and must be shut down. If the problem persists, please contact your beaurocratic vendor.
Just because you can mod me down, doesn't mean you're right. Shoes for industry!
Any questions?
I just hope there are logs of each vote cast, pretty much like there is in the current version, where each ballot is counted. I doubt that they are just gonna accept the machines count as it is. Well I don't know about your system, but I was counting votes in Finland last time we had an election and there were representatives of each party there and we counted the ballots and called in the result, and then they were sent for a confirmation count. There is plenty of holes to exploit in the current system, and i think rigging an election is pretty easy as it is. Of course there is the possibility of a virus that votes for people, but there was talk about email account stuff that displays a picture and asks to type in the word etc. So if there was a way to identify voter as human, i doubt there were any major problems after that.
Not to sound like personal privacy nut or anything, however one of the great benefits gained through the voting booth method is that you get complete privacy when you vote. You walk in go into an area where you have complete privacy and vote however you want to.
Allowing internet based votes means voting is no longer gurarnteed to be a completly private affair which is a huge issue. If I was an American and a complete moron and wanted to vote for Bush in the next election then I should be able to without the possibility of people around me been able to walk in and see as I vote on the computer.
37 - what does it stand for really...
Whereas Windows users are business-oriented and therefore tend to be more conservative in their voting, this Congress does hereby resolve to only allow e-votes from Windows PCs.
Mac users will have to register for relocation to Reeducation Camps for the Differently Thinking, while Linux hackers will be detained for trial for their Crimes against Intellectual Property, and summarily shot.
You see? You see? Your stupid minds! Stupid! Stupid!