Slashdot Mirror
Online Voting In 2004 To Require Windows
letxa2000 writes "According to this article at CBS, a trial Internet voting system will be made available to 100,000 voters in 2004--particularly military and overseas U.S. citizens. As an American living overseas I think this is a step in the right direction. But the article also says 'Voters using SERVE can register to vote and cast their ballots from any computer using Microsoft Windows with Internet access.' Why the Windows requirement? Is that really going to make online voting secure?"
UPDATE candidates SET votes="0" WHERE name="Your Opposing Candidate";
Do you like German cars?
The reason just windows is because that as much as we hate it, we are in the minority of computer uses, they are not going to Bata test a new technology on a system that only a maximum of 5% of computer users will have (and yes I am being overly optimistic here) if this works for them the next platform will be Mac. Linux may never get it, unless more people use Linux, and I doubt that they would want to open up the code to the voting system that could create a large number of people trying to skew the results so that the results are not accurate.
""I think Internet voting is a good idea for this population if you can assure security, but I'm not confident that they can do that," said John Dunbar, a project manager at the Center for Public Integrity" -- this statement is what will not alone them to open up the source code, people will be just to afraid that people will mess with the results of the system.
They are already afraid that this could open up security problems for the results "Other computer security experts call the project an open invitation to election tampering."
I don't know if this will make voting secure, in fact I think it will open it up to attackers, but how are we going to convince the government of this, write to you legislator, and senator, I am sure there are some proactive Slashdot readers that know more about this issue that could try to enlighten the ruling parties. I don't know what the answer is, but at lest they are looking at moving the process forward.
Voting online seems like it would be a bad idea, no matter how many security measures are put in.
The internet is inherently insecure, and leaving the hands of the country to the internet could lead to a number of problems... I can see it now..
Huge office buildings in foreign "enemy" full of hackers skewing the voting system, or a number of different problems...
Can you IMAGINE the 'recount' scandals, et cetera, after the world's first vote with the internet as a voting measure?
Also, if you have someone's full info (Social, driver's license #, name, address, et cetera) how hard would it be to place your vote as someone else?
The whole thing just seems like a "bad idea"(tm) unless something was reworked to make it infaulable, which isn't really possible, anyways.
Excuse me, I don't mean to impose, but I am the ocean
Ladies and Gentlemen, It is my pleasure to introduce the new supreme ruler of the United States: William Gates!
Gates:"....exxxxxcellllent....."
Ok, so it's pandering that this will get modded as funny, but I'm a whore for good karma!
If they're testing the system with military voters, than using Windows is probably the only choice. There are a lot of bases where the desktop platform, by directive, is Windows. Running alternative software can be a violation of policy and mean Real Trouble(tm) for military members. They're not going to court martial anybody, but it can be a black eye on your record.
Why the Windows requirement?
Because your vote has to be sent to Redmond to be "verified" and rejected in the case of an "incorrect" vote.
Reliable, Great Value Hosting: $7.95/mo 2.4G/120G
All those hermits who never leave the house are going to be able to vote. How long do you think it will be until they repeal the Sun?
I'll form my OWN solar system! With blackjack! And hookers!
Maybe they just meant that like a generic statement, and its not limited to windows but any station with internet access. They just assume you use windows. It doesn't say that its ONLY windows. It's like saying you can to point X using a car, but you can also take a flight or walk or... You get the point.
Trolls dont like to be Flamebait, because they burn so well. Protect our Troll heritage!
This is somewhat unrelated, but still an interesting comment on their page:
*Phew*...I have no comment on the usage of Windows in this manner; the security of that operating system has been analysed to death and we all know what the outcome was.
I have a much bigger fundamental problem with this non-accountable electronic voting process that does not produce a verifiable paper ballot for each vote cast. Aside from any nefarious purposes in the design, having any system where the voting power is aggregated and sorted electronically - and nearly instantly (relatively speaking) - will prove too tempting for someone to sabotage.
I would think that at the very least, one should implement an electronic voting system on a transparent, open operating system, just for plain accountability.
And now its time to open the robot polls... and the robot results are in.
If Jesus wants me it knows where to find me.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
There isn't enough detail in the article to say whether "running Microsoft Windows" is actually a requirement, or just cluelessness on the part of the article's author. If it's a Web-based system (which, again, the article doesn't say one way or the other) then it shouldn't matter.
Why the Windows requirement?
Maybe because the VAST majority of individualsuse MS Windows. You ASSume that it is just a HTTP connection with SSL so any OS should suffice. Look at the F.A.Q.. It says that "required software is downloaded automatically as needed when you access various parts of the SERVE website. Possibly, the voting software uses their own encryption and will be delivered as an ActiveX or some other format. Could they have written the software so it could work on other OS. Sure but it's a trial run! Their is no right to Vote from a Linux box.
You fools! Surely the computers will be exploited for this! This could lead to something completely unprecedented like one man being backed by the majority of American voters for the presidency and then the other man winning, as crazy as that example is!
Online voting could totally redefine write-in candidates. In the past you were either psychotic, disillusioned, or mistaken in writing-in a candidate.
Now with the Internet you could have hundreds of thousands voting for retarted candidates like "Rocket J. Squirrel","Jack Black", and "George W. Bush"
Could this negate the party system? People typically voted for a Dem or GOP'er simply because they were the two names on the ballot that were at the top, but now people could organize real grassroots campaigns, skipping the primaries, and just promote themselves on message boards and other mediums (slashdot front page story, anybody?)
In all seriousness, national online voting could take the old political system and stand it on its head...I'd go for it just to see what happens.
Ohio, Florida... eh... Need I remind people that most every state they plan on testing this in are key swing states? Sure, it says a "handful of counties" -- but let's be realistic, pick the most key counties for your candidate, alter the votes enough, swing the state in favor of whomever votes. With black box voting (with no auditable source), this is entirely possible.
Long live paper ballots!
Great... so they're securing the hell out of the server which accepts the vote. No problem there. How about the client machines? What if I were to write a worm program which spread innocuously through emails with the sole purpose of modifying the user's web browser.
i ewpqkd
i ewpqkd
Once the protocol is understood, this shouldn't be too difficult to do. Likely it'll be on a secure site, maybe password protected. Doesn't matter. The modified web browser waits until the user visits http://vote.us.gov or wherever, watches the variables being passed, and simply modifies them. Instead of:
name=John+Smith
secretcode=K38DJSH38
password=a
vote=Al+Gore
It changes it to:
name=John+Smith
secretcode=K38DJSH38
password=a
vote=George+W.+Bush
Securing the server is all well and good, but they'll need to think really hard about securing the client side as well. Hint: the choice of who to vote for should also be encoded and (preferably) signed against the user's information. So the vote shouldn't be for "Al Gore" but for a signed and encrypted string which represents Al Gore, making it impossible to derive the signed and encrypted string for "George W. Bush".
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
Actually, I would say just one word:
ActiveX
It's the only thing I know of that's specifically windows, windows, and only windows.
Karma: Food Fight (Mostly affected by Date Plate).
A friend of mine suggested tonight that since American power extends so far around the world, it would only be fair to let everyone vote in US elections, not just US citizens.
One major problem with that would be that they wouldn't know enough about our candidates. Oh, wait, never mind.
That the Courts say MS illegally used IE to monopolize the Browser market.. then they go back and make it a requirement to vote.
However I'm sure in whomever's ignorance that wrote the requirement it's more of a baseline of what you need. Unless it's some ActiveX voting booth which will be the next great virus..
voting.klez.E
As for security, hmph. It's hard to think of a computer company with a worse record. I imagine someone will make a "I vote you" virus that votes early and often for everyone.
Friends don't help friends install M$ junk.
what exactly is SERVE? is it a website? a program? an authentication scheme? I browsed over the article looking for that, and didn't see it.
So why is Windows a requirement- client side software? if so, why does it matter what browser you use? it's obviously not a vb app that calls IE, because they say it works with netscape 6+ as well.
If it's browser independent(straight html) then it should work on any system. I don't think netscape uses vbscript, so I don't think that would be a hinderance either.
Perhaps they just listed windows because they didn't want people with an old Tandy or 386 trying it. Perhaps they didn't mean to offend the linux and Mac users, they were just ignorant of their existence.
If someone is bored, they could try contacting the creators of this project and see if they could get mozilla and opera added to that list of broswers, as well as linux.
Actually, perhaps the mozilla team could petition to have themselves added to the list if they meet all of the requirements. It would be good publicity to say "yes, we're government certified to handle your votes, and we have a better track record than IE. try us."
Looking for Book Reviews? Check out Literary Escapism.
The reason they are going to electronic voting is to save money. What would be the point in making things secure if you miss out on the whole 'cheap' thing in the process?
autopr0n is like, down and stuff.
Obscurity is almost *never* helpful in designing a secure system, because any system that relies on keeping the details of its workings secret is going to be vulnerable to anybody that *does* learn those workings. Just as importantly, if the system is open to public scrutiny, it can be checked for flaws, whereas if it is kept secret security holes that were missed by the developers can be left wide open.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
The new poll tax.
Dawn of the Dead
There is nothing in the article which suggests that Windows is a requirement. It just says that you can access it from any Windows box with internet access. That means that Windows is sufficient, but it doesn't say it's necessary .
What they're trying to address in the article is that since most people use Windows, then most people are going to want to know that they can access it from their home computers.
It's like telling people they can get somewhere in a Ford. That doesn't mean they can't get there in a Chevy or a Nissan.
...will quite probably never be removed from power
I am afraid that sentiments like yours mask a great deal of indiferrence and intellectual laziness by the pretense of a realistic and 'no-nonsense' attitude.
It is a far-cry from the blanket assertion:
to the validation for implementing systems which have a documentable history of being the worst possible of implementations. Those so far in evidence actually invite abuses!http://www.blackboxvoting.com/
Inside A U.S. Election Vote Counting Program
Bald-Faced Lies About Black Box Voting Machines
It is irresponsible, derelict and probably mendacious of anyone advocating the adoption of newer vote collection technologies not to insist on addressing these specific allegations and their evidence. Any proposal which is advanced without a specific redress of these concerns should be considered suspect in motive. Ignorance of the basic issue - and its gravity - is not a possibility.
"Flyin' in just a sweet place,
Never been known to fail..."
Apparently, there is a scientifically sound way of doing e-voting, although it would require someone much better versed in math than I, to confirm this. I once heard Vince Rijmen (of AES "Rijndael" fame) describe ways to ensure some essential, and apparently contradictory, guarantees in e-voting (it was in an EU country, so pls forgive the EU-centricity - I have a history, you insensitive clod.. :-) ):
/.ers will draw Vince into an online discussion about this, so we can all find out whether he really has this magical solution, or he was just advertising his new company. Make it an "Ask /.", for example.
Authentication: Assuring that one votes oneself, that one's vote is not falsified, and that one has voted, at all. (some EU countries have mandatory voting)
Anonimity: Assuring that it is impossible for a third party to determine who I've voted for.
Correctability: assuring that I can modify my vote for a certain period after it has been cast (because there is no oversight in voting at home, I could have been coerced to vote a certain way, e.g. by someone coming into my home and holding a gun against my head, and should be able to correct this).
Vince described how he and his fellows at Cryptomathic found ways to project some basic mathematical techniques onto PKI, to ensure all of the above, and therefore allow for mathematically provable e-voting. Essentially making the voting process much more certain and transparant than was ever possible using conventional techniques.
I was solemnly impressed. It sounded too good to be true. I sincerely hope some of you mathematically unchallenged
It used to be that women were not allowed not vote. It used to be that black people were not allowed to vote. For women, it was because they were not men and thus did not necessarily share the viewpoints of those in power who benefited from male voters. For blacks, it was because they were not white and thus did not necessarily share the viewpoints of those in power who benefitted from white voters.
While not as definitively prohibitive, this is the same as voter segregation. Unless you are willing to spend the money to use Windows, you are not permitted to vote in this fashion. What if you use a Macintosh? What if you run an open source operating system? If you are not in a particular class of citizens, your ability to vote is limited. Certainly if traditional voting is available to you there is really no problem, but that's not an option, you are being prohibited.
So the serious issue here not that Windows is secure or any other nonsense. The problem is that people who are influenced by Microsoft have thus dictated that those who do not use Microsoft products are not permitted to vote in this fashion. That's a serious problem because whoever directed these development efforts (and of course, whoever directed her) therefore has strong influence on how candidates will be elected.
I would wager that this could be very popular (though I personally prefer pulling the lever with the satisfying kerchunk to cast my vote). As a result, certain parties will have unfair advantages for reasons which should be obvious to most people who read Slashdot. (Of course, I am willing to outline a scenario or two for the uninitiated.)
Maybe someone should write a HOW-TO in the future outlining how this software may be used with Wine on OSS machines. Of course, options on the Macintosh are limited even further.
Join Tor today!
Security through obscurity is like hiding a key under the doormat. You think you're o.k. because the key is hidden, and you don't see the key yourself when you go out and wander around your door. Plus so many people do it (you assume) and you never hear them talk about break-ins.
But reality is that the mat will really stop nobody who wants to enter your house from getting the key. The only people your key-hiding will stop is people who didn't want to enter in the first place anyway, the other people will for sure check under the mat, flowerpot, etc...
Security through obscurity gives a false sense of security, making the implementer lax. That is one of the many reasons why obscurity is actually counterproductive for security. In practice obscurity has already has lead to many, many security failures.
That is what is means. Translation: if you have 'security through obscurity', the best you can do is assume your worst enemies already know all the details and the worst you can do is assume that it will help you in anything at all.
Obscurity does not help towards security. Obscurity is just what it is, obscurity, but a searchlight will make it vanish completely.
Use real security.
--- Hindsight is 20/20, but walking backwards is not the answer.
Online voting is being incouraged
Maybe so, but it is being encouraged because of cost, as aut0pron states above.
Eve Fairbanks says I drive a hybrid!LOL
"Why the Windows requirement?
They wanted to use a stable, reliable, and secure operating system to ensure that all American voters have equal and unhindered access to their right to vote.
Unfortunately, they couldn't think of anything, so they just chose Windows.
-- "Government is the great fiction through which everybody endeavors to live at the expense of everybody else."
Quote:
What it means is that obscurity is not sufficient for security. It does not mean that obscurity is not helpful as part of an overall security system.
Precisely. If obscurity were not beneficial as part of security, then root passwords would be publicly available.
End quote.
What you are talking about is giving away keys. What you should be talking about is opening up algorithms and protocols, since that is what would actually be opened. The relevant facts are that the product will be reverse engineered anyway, so vulnerabilities will be exploited, but if the code is open then they will be found faster and corrected faster. If you cannot stop exploits when your code is open, then you couldn't stop them when it is closed either. This follows a well known trend in encryption technology where algorithms are subjected to testing by as many people as possible to determine their security.
My Blog
The Windows requirements is to put a stop to those damn Commies voting.
>Why? Simply because it was easier to design,
s ites part that caused the problems? If you used simple HTML and maybe css for the displaying code, there is not much higher complexity in the development. In short, stick to standards and it usually works.
>develop and test the applications that had less
>variables involved in a short run.
Where did the problems come from. Was it really the logic of the web application or was it the html/javascript/anyothermessyouliketoputinyourweb
> Want it or not, Windows still have the largest
> share of the desktop market and it does
> makes sense to deploy an application for this
> platform and then worry about the rest of the
> players.
That is of course true. Hopefully the other players are worried about later.
> talks and if it is cheaper to develop an
> application that targets only Windows at the
> beginning, well.
This is an assumption. There are efficient toolkits that allow write once run anywhere, either through a VM like JAVA or through recompilation. Develoment for a highly specialized but basically dumb application should not be much harder/more expensive using these instead of WinAPI.
Please remember that we are Slashdot, we are numerous, and we are powerful. So go to the site, click Contact Us, and give them a piece of your mind. For that matter, you could even snail mail them something. When webmasters start getting tons of mail about allowing real browsers, they sometimes do it. And in this case, it affects voting, so it's very important. Surely a few hundred messages asking them not to discriminate on UserAgent headers, submitted before the system's even implemented, will widen their view.
Litigious bastards
I'm normally no MS-apologist (actually Sybase apologist in this case; SQL Server is a fork of Sybase 4.2) but this makes sense to me:
Hands in my pocket
The whole key infrastructure for this should be FIPS-140 compliant for hardware-based key modules, and require the coordinated actions of two or more actors in managing/engaging keys. There should be strict operational guidelines for the separation of roles in the management, deployment and retreival of these devices, and a separate role with an auditory function. The Auditory role needs a key that can reveal and validate any information on the system, yet create or modify nothing.
These controls are the only justifyable reason to implement 'electronic voting'. Cost? Give me a break! If free and fair voting is not worth paying premium prices for, what is? Do we have to pinch pennies for the land mines we drop on Afghan soil?
Without attempting to reach this benchmark, electronic voting is a fraud. It is a humbug of technophillic superstition used by sellers of snake-oil to dazzle the onlooker, while trusty assistant rob the crowd.
"Flyin' in just a sweet place,
Never been known to fail..."