Slashdot Mirror

← Back to Stories (view on slashdot.org)

Electronic Voting Machine Cracker Challenge

Posted by CowboyNeal on from the high-profile-showdowns dept.

An anonymous reader writes "In the ongoing debate on the security of electronic voting, an Atlanta area programmer has confronted Georgia election officials on the potential for fraud in its statewide electronic voting system. She claims that she can be prepared to crack the system within a week, and officials have accepted the challenge." What makes this even more interesting is that the election officials are encouraging the woman, so that any possible exploit can be found and remedied.

5 of 280 comments (clear)

  1. Reasoning? by Meffan · · Score: 5, Interesting

    Moreover, they said, paper ballots can be tampered with more easily than electronic ones, and they're harder to tabulate.

    Sorry, don't believe that. A few locations in memory are easier to change than thousands of paper ballots. Hanging chads notwithstanding...

    Nice comeback at the end -
    Asked Williams, the computer security expert: "Are you saying there's no such thing as a secure and accurate computer? Do you fly on airplanes?"

    I think I'd counter that by asking if he knew of any airplane where all members of the general public were allowed access to the terminals used by the pilots? And if so - does he fly with them?

    --
    I don't think I'm very happy. I always fall asleep to the sound of my own screams.
  2. Re:prove by alfredo · · Score: 4, Interesting

    It's going to be her and several other programmers. they have had the source code for months, and know what the problem is. the machines run windows and Access.

    blackbox Voting

    --
    photosMy Photostream
  3. Re:doh by Anonymous Coward · · Score: 3, Interesting

    They did, by accident, months ago, by having the full source code (tar of the CVS repository, actually!) available on an open FTP site.

    Whoops!

    I browsed through it myself a while ago, the smartcard portion was epecially weak -- it'd take two minutes to write an "Administrator" card (passwords and card-reader keys were in plaintext in the code!) that'd allow all sorts of goofiness.

  4. Who do you trust? by Herrieman · · Score: 4, Interesting

    Although it's good to have an independant security audit of the hardware/software, it's still a far cry from what I would call development of a secure system.

    Did an independant auditor (or security specialist) audit the design - both hardware and software - from a security point of view? Where there independant audits/reviews of the coding or assembly of the hardware? Can you trust the developers or factory workers? Who is monitoring the deployment, development, good working, ...? What are the logging/auding possibilities? How secure is the data transmitted? How secure is that data stored?

    Who will monitor the people who are in charge of the system?

    Ultimately, you have to trust someone. And putting trust in the wrong kind of people is the biggest security risk there is ...

    --
    http://blog.astyran.sg
  5. Paper AND Computers by The+Monster · · Score: 5, Interesting
    We changed our voting a few years back from the old mechanical lever system to one where you get a sheet of paper and a Sharpie to fill in the oval for the candidates/issues. Then you walk over to the scanner (with your ballot inside a cardboard sleeve to keep people from seeing it) and feed it through yourself. This arrangement has several advantages over the old one:
    1. More people can fill out their ballots at once. Instead of being limited to the number of machines for your precinct (we have consolidated 4 precincts into a single location now) you are only limited by the number of lightweight, cheap carrels that shield your ballot from prying eyes. (If those are all full, and you want to fill it out in the open, that doesn't disqualify your vote.)
    2. Absentee voters can recieve a ballot exactly like the one they would vote on normally (since no special equipment is required to do the voting) which can be held until election day and counted with the rest.
    3. When the polls close at 7PM, the scanner can dial up and transmit all the totals instantly, and we have an accurate count within minutes.
    4. If something goes wrong with the scanner, we can insert our paper ballots into a locked ballot box, which can then be opened for scanning (along with the ones that already went through the scanner into a lockbox) when the scanner is repaired or replaced, or the entire box taken downtown to be scanned there.
    5. All the ballots can be taken down to the courthouse and run through several different scanners to confirm they all give the same totals.
    6. Who is this 'Chad'? If a hand recount is ordered, we have solid pieces of paper and don't have the spectacle of judges holding them up to the light to try to devine the voters' intent. White paper. Red oval. Black marker. Not much room for argument there.
    7. We can run random audits of just one or two polling places, and even limit it to just one question on the ballot - do a hand count and see if the numbers agree with the ones sent from that scanner. Since the software authors can't possibly know which one would be audited, they wouldn't be able to cheat even if they wanted to.
    --

    [100% ISO 646 Compliant]
    SVM, ERGO MONSTRO.