Slashdot Mirror

← Back to Stories (view on slashdot.org)

Online Voting In 2004 To Require Windows

Posted by timothy on from the trial-tribulations dept.

letxa2000 writes "According to this article at CBS, a trial Internet voting system will be made available to 100,000 voters in 2004--particularly military and overseas U.S. citizens. As an American living overseas I think this is a step in the right direction. But the article also says 'Voters using SERVE can register to vote and cast their ballots from any computer using Microsoft Windows with Internet access.' Why the Windows requirement? Is that really going to make online voting secure?"

22 of 811 comments (clear)

  1. Excellent! by Scoria · · Score: 5, Funny

    UPDATE candidates SET votes="0" WHERE name="Your Opposing Candidate";

    --
    Do you like German cars?
    1. Re:Excellent! by Jeremiah+Cornelius · · Score: 5, Interesting
      Online voting is being incouraged in the US because of its susceptibility to fraud, not its resistance. Check out Black Box Voting: Ballot-tampering in the 21st Century. These people are not Luddites. The bulk of the serious critcism here is coming from people who know the most about the technologies employed - therefore the most qualified to scrutinize, and least-likely to be baffled by obtuse claims and jargon.

      Also look at This story and the related pages at The Scoop. The most widely deployed system in the US is based on MS Access (!?!), with NO controls for cryptographic storage, trasport, data integrity and/or non-repudiation.

      Baaaa, Baaaa! Computers Better! Paper Worse! It's mere superstition by the Sheep-people.

      --
      "Flyin' in just a sweet place,
      Never been known to fail..."
  2. one reson why by mpost4 · · Score: 5, Insightful

    The reason just windows is because that as much as we hate it, we are in the minority of computer uses, they are not going to Bata test a new technology on a system that only a maximum of 5% of computer users will have (and yes I am being overly optimistic here) if this works for them the next platform will be Mac. Linux may never get it, unless more people use Linux, and I doubt that they would want to open up the code to the voting system that could create a large number of people trying to skew the results so that the results are not accurate.

    ""I think Internet voting is a good idea for this population if you can assure security, but I'm not confident that they can do that," said John Dunbar, a project manager at the Center for Public Integrity" -- this statement is what will not alone them to open up the source code, people will be just to afraid that people will mess with the results of the system.

    They are already afraid that this could open up security problems for the results "Other computer security experts call the project an open invitation to election tampering."

    I don't know if this will make voting secure, in fact I think it will open it up to attackers, but how are we going to convince the government of this, write to you legislator, and senator, I am sure there are some proactive Slashdot readers that know more about this issue that could try to enlighten the ruling parties. I don't know what the answer is, but at lest they are looking at moving the process forward.

    1. Re:one reson why by Scoria · · Score: 5, Funny

      I am sure there are some proactive Slashdot readers that know more about this issue that could try to enlighten the ruling parties

      For instance:

      l00k mr. 53n470r,

      u b3773r 5upp0rt *n1x 0r 1ll h4x0r ur b0x3n and r3pl4c3 ur w3bs173 w17h g0ats3!!!!!!! h4w!

      51nc3r31y,

      c0nc3rn3d c1t1z3n H4X0R

      --
      Do you like German cars?
    2. Re:one reson why by Anonymous Coward · · Score: 5, Insightful

      How about an implementation that doesn't tie you down to any single platform? What if someone wants to vote with Win95, or a beta of Longhorn (I guess even warez doodz might vote) and it's "not supported"?

      I think they should try to concentrate on creating a solid, platform independent system. There's absolutely no valid reason it couldn't be.

      For the record, I think at this current point in time, electronic voting is a bad idea.

    3. Re:one reson why by PeeCee · · Score: 5, Insightful
      The reason just windows is because that as much as we hate it, we are in the minority of computer uses, they are not going to Bata test a new technology on a system that only a maximum of 5% of computer users will have

      Well, why use exclusively Windows/Linux/*insert-your-OS* ? Why not use a more open solution (say, a system with a secure web interface) that does not depend on the OS? It hardly seems fair that people should need to depend on any product whatsoever to vote.

      I doubt that they would want to open up the code to the voting system that could create a large number of people trying to skew the results so that the results are not accurate

      So should we prefer security by obscurity then? Wouldn't it be better to use an open, provably secure system that everyone can scrutinize so people can be sure stuff is being done the right way instead of just hoping nobody's discovered a hole? Of course I realize this would require some serious testing to make sure all the bugs were ironed out, but after a while I think it would make people much more confident to know how it was working behind the scenes. Look at it this way: would you rather go vote by pressing buttons on a black box the government has set up which they claim works the right way, or do you prefer knowing how the system actually works (how ballots are collected, carried, counted, etc) and feel safer?

    4. Re:one reson why by YOU+LIKEWISE+FAIL+IT · · Score: 5, Funny
      I think they should try to concentrate on creating a solid, platform independent system.

      Over here, we call them "ballot boxes". HTH!

      YLFI
      --
      One god, one market, one truth, one consumer.
    5. Re:one reson why by harlows_monkeys · · Score: 5, Insightful
      Security through obsurity is worthless

      Everyone says this, but not one understands what it means.

      What it means is that obscurity is not sufficient for security. It does not mean that obscurity is not helpful as part of an overall security system.

  3. Why Windows? And why not Palladium? by taped2thedesk · · Score: 5, Informative
    From the SERVE web site at http://www.serveusa.gov/public/aca.aspx:

    Do I need a special computer or software to use the SERVE system?
    No. If your computer, or the public computer you are using, meets the minimum computer requirements, you will be able to use the UOCAVA Voting System (UVS). The minimum computer requirements are:

    - Operating System: Microsoft Windows 95, 98, ME, 2000, NT or XP
    - Internet Browser: either Microsoft Internet Explorer 5.5 and above or Netscape Navigator 6.x and above

    What browsers are compatible with SERVE?
    For security reasons, SERVE is only compatible with browsers with SSL 3.0 capabilities, which are listed below:
    - Microsoft Internet Explorer 5.5 and above
    - Netscape Navigator 6.x and above
    They make mention of the fact that Windows must be used for voting, but they don't explain the requirement. As far as I know, Mac OS, *nix, and Mozilla all support SSL3.0, so why arn't they included?

    This is somewhat unrelated, but still an interesting comment on their page:

    Does SERVE use Microsoft's Palladium software architecture?
    No, the Palladium software is not sufficiently ubiquitous at this time for use in SERVE.
    *Phew*...
    1. Re:Why Windows? And why not Palladium? by Anonymous Coward · · Score: 5, Insightful

      "No, the Palladium software is not sufficiently ubiquitous at this time for use in SERVE."

      *whimpers in fear*

  4. Hoo boy by thatguywhoiam · · Score: 5, Insightful
    Gigantic partisan flamewar in 3...2...1...

    I have no comment on the usage of Windows in this manner; the security of that operating system has been analysed to death and we all know what the outcome was.

    I have a much bigger fundamental problem with this non-accountable electronic voting process that does not produce a verifiable paper ballot for each vote cast. Aside from any nefarious purposes in the design, having any system where the voting power is aggregated and sorted electronically - and nearly instantly (relatively speaking) - will prove too tempting for someone to sabotage.

    I would think that at the very least, one should implement an electronic voting system on a transparent, open operating system, just for plain accountability.

    And now its time to open the robot polls... and the robot results are in.

    --
    If Jesus wants me it knows where to find me.
  5. Imagine... by nacturation · · Score: 5, Insightful
    from the article:
    Imagine casting a vote for president from a cybercafe in Thailand, an aircraft carrier in the Persian Gulf or a laptop computer at home.
    Coincidentally, as I'm typing this, thousands of terrorists, pranksters, and ne'er do wells are imagining the exact same possibility.
    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  6. NO! THIS IS A MISTAKE! by neema · · Score: 5, Funny

    You fools! Surely the computers will be exploited for this! This could lead to something completely unprecedented like one man being backed by the majority of American voters for the presidency and then the other man winning, as crazy as that example is!

  7. Did anybody notice the STATES they're testing in? by Anonymous Coward · · Score: 5, Insightful

    Ohio, Florida... eh... Need I remind people that most every state they plan on testing this in are key swing states? Sure, it says a "handful of counties" -- but let's be realistic, pick the most key counties for your candidate, alter the votes enough, swing the state in favor of whomever votes. With black box voting (with no auditable source), this is entirely possible.

    Long live paper ballots!

  8. How to rig an election by nacturation · · Score: 5, Interesting

    Great... so they're securing the hell out of the server which accepts the vote. No problem there. How about the client machines? What if I were to write a worm program which spread innocuously through emails with the sole purpose of modifying the user's web browser.

    Once the protocol is understood, this shouldn't be too difficult to do. Likely it'll be on a secure site, maybe password protected. Doesn't matter. The modified web browser waits until the user visits http://vote.us.gov or wherever, watches the variables being passed, and simply modifies them. Instead of:

    name=John+Smith
    secretcode=K38DJSH38
    password=ai ewpqkd
    vote=Al+Gore

    It changes it to:

    name=John+Smith
    secretcode=K38DJSH38
    password=ai ewpqkd
    vote=George+W.+Bush

    Securing the server is all well and good, but they'll need to think really hard about securing the client side as well. Hint: the choice of who to vote for should also be encoded and (preferably) signed against the user's information. So the vote shouldn't be for "Al Gore" but for a signed and encrypted string which represents Al Gore, making it impossible to derive the signed and encrypted string for "George W. Bush".

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  9. Re:Becuase... by Blikank · · Score: 5, Funny

    At least its better than sending it to Florida.

  10. Re:Devious plot? by csnydermvpsoft · · Score: 5, Funny

    A friend of mine suggested tonight that since American power extends so far around the world, it would only be fair to let everyone vote in US elections, not just US citizens.

    One major problem with that would be that they wouldn't know enough about our candidates. Oh, wait, never mind.

  11. Ironic by Bruha · · Score: 5, Insightful

    That the Courts say MS illegally used IE to monopolize the Browser market.. then they go back and make it a requirement to vote.

    However I'm sure in whomever's ignorance that wrote the requirement it's more of a baseline of what you need. Unless it's some ActiveX voting booth which will be the next great virus..

    voting.klez.E

  12. curiousity..... by morgajel · · Score: 5, Insightful

    what exactly is SERVE? is it a website? a program? an authentication scheme? I browsed over the article looking for that, and didn't see it.

    So why is Windows a requirement- client side software? if so, why does it matter what browser you use? it's obviously not a vb app that calls IE, because they say it works with netscape 6+ as well.

    If it's browser independent(straight html) then it should work on any system. I don't think netscape uses vbscript, so I don't think that would be a hinderance either.

    Perhaps they just listed windows because they didn't want people with an old Tandy or 386 trying it. Perhaps they didn't mean to offend the linux and Mac users, they were just ignorant of their existence.

    If someone is bored, they could try contacting the creators of this project and see if they could get mozilla and opera added to that list of broswers, as well as linux.

    Actually, perhaps the mozilla team could petition to have themselves added to the list if they meet all of the requirements. It would be good publicity to say "yes, we're government certified to handle your votes, and we have a better track record than IE. try us."

    --
    Looking for Book Reviews? Check out Literary Escapism.
  13. You're wrong - obscurity is not helpful by Goonie · · Score: 5, Insightful

    Obscurity is almost *never* helpful in designing a secure system, because any system that relies on keeping the details of its workings secret is going to be vulnerable to anybody that *does* learn those workings. Just as importantly, if the system is open to public scrutiny, it can be checked for flaws, whereas if it is kept secret security holes that were missed by the developers can be left wide open.

    --

    Any sufficiently advanced technology is indistinguishable from a rigged demo
    --Andy Finkel (J. Klass?)
  14. There is always a Way by marienf · · Score: 5, Interesting

    Apparently, there is a scientifically sound way of doing e-voting, although it would require someone much better versed in math than I, to confirm this. I once heard Vince Rijmen (of AES "Rijndael" fame) describe ways to ensure some essential, and apparently contradictory, guarantees in e-voting (it was in an EU country, so pls forgive the EU-centricity - I have a history, you insensitive clod.. :-) ):

    Authentication: Assuring that one votes oneself, that one's vote is not falsified, and that one has voted, at all. (some EU countries have mandatory voting)

    Anonimity: Assuring that it is impossible for a third party to determine who I've voted for.

    Correctability: assuring that I can modify my vote for a certain period after it has been cast (because there is no oversight in voting at home, I could have been coerced to vote a certain way, e.g. by someone coming into my home and holding a gun against my head, and should be able to correct this).

    Vince described how he and his fellows at Cryptomathic found ways to project some basic mathematical techniques onto PKI, to ensure all of the above, and therefore allow for mathematically provable e-voting. Essentially making the voting process much more certain and transparant than was ever possible using conventional techniques.

    I was solemnly impressed. It sounded too good to be true. I sincerely hope some of you mathematically unchallenged /.ers will draw Vince into an online discussion about this, so we can all find out whether he really has this magical solution, or he was just advertising his new company. Make it an "Ask /.", for example.

  15. Re:That's not true by Durandal64 · · Score: 5, Insightful

    Please try and learn something about the American political system. Modern liberals believe that the government can and should have more of a hand in regulating the free market and can be an active force for social benefit, while believing that it lacks the competence to dictate personal morality to citizens. Conservatives are the opposite. They believe that the government should stay out of the free market and should not interfere in societal problems, but that it should police the personal morality of its citizens. This is why most anti-abortion, anti-gay, anti-drug people are conservatives, while the proponents for affirmative action, marijuana legalization and social welfare programs are liberals.

    The only more or less consistent party is the Libertarian party. Libertarians believe in a small government for the free market, society and citizens' personal lives. Libertarians are generally pro-choice, pro-gays and don't care what you choose to shoot into your body, whether it be heroin, cocaine or Drano. They also tend to take conservatives' views on the free market regulation and social welfare programs.

    In short, if conservatives had their way, we'd lose all our personal liberties (it's no big mystery why conservatives tend to be Christians). If liberals had their way, we'd lose any sense of personal responsibility because of unending societal support. Choose which liberties you want to sacrifice to which side, but don't pretend that one side is trying to rob you of all your rights and freedoms while the other is benevolent. You're only deluding yourself.