Slashdot Mirror

← Back to Stories (view on slashdot.org)

Electronic Voting Machine Cracker Challenge

Posted by CowboyNeal on from the high-profile-showdowns dept.

An anonymous reader writes "In the ongoing debate on the security of electronic voting, an Atlanta area programmer has confronted Georgia election officials on the potential for fraud in its statewide electronic voting system. She claims that she can be prepared to crack the system within a week, and officials have accepted the challenge." What makes this even more interesting is that the election officials are encouraging the woman, so that any possible exploit can be found and remedied.

11 of 280 comments (clear)

  1. This is VERY true by WilliamsDA · · Score: 5, Informative

    The Diebold system does have major flaws. I was just at the Crypto2003 conference where one of the talks was on the faults in this system. Amongst other things, when they pointed out the major errors in code, the company replied back calling DES (or DSA, I forget) a compression scheme, and they implemented an algorithm from Handbook of Applied Crypto for purposes of encryption with a value listed in the book that says explicitly "Do not use this for cryptographic purposes"

    1. Re:This is VERY true by cpeikert · · Score: 5, Informative

      and they implemented an algorithm from Handbook of Applied Crypto for purposes of encryption with a value listed in the book that says explicitly "Do not use this for cryptographic purposes"

      It was actually worse than this -- they used a Linear Congruential Generator, which is a very cheap method of generating "random" numbers. Those numbers might work well for simulations, but for cryptography they're totally predictable once you've seen just a couple of output values. Cryptography relies upon the unpredictability of random numbers for security, so LCGs should never be used for that purpose.

  2. At Least by dolo666 · · Score: 5, Insightful

    This is a change from the Kevin Mitnick days when ppl would be incarcerated for even *thinking* about cracking a gov system.

    Mad props to Georgia for being cool about this.

  3. The Plan by imbaczek · · Score: 5, Funny

    1. Accept the challenge.
    2. Make her win.
    3. Fix holes.
    4. Put her to jail on DMCA basis, or Patriot Act, or for desire to live and love for the country, or whatever.
    5. ???
    6. PROFIT!!!

    (Hope #4 won't happen.)

  4. Reasoning? by Meffan · · Score: 5, Interesting

    Moreover, they said, paper ballots can be tampered with more easily than electronic ones, and they're harder to tabulate.

    Sorry, don't believe that. A few locations in memory are easier to change than thousands of paper ballots. Hanging chads notwithstanding...

    Nice comeback at the end -
    Asked Williams, the computer security expert: "Are you saying there's no such thing as a secure and accurate computer? Do you fly on airplanes?"

    I think I'd counter that by asking if he knew of any airplane where all members of the general public were allowed access to the terminals used by the pilots? And if so - does he fly with them?

    --
    I don't think I'm very happy. I always fall asleep to the sound of my own screams.
  5. Why electronic voting ? by Krapangor · · Score: 5, Insightful
    I most European countries people use pen & paper voting.
    And unlike the US there was never a Florida voting scam.
    And paper is much more immune to fraud: the election sheets are stored for a certain time, so any questions and be sorted out by a recount without any paper pebbles dropping from the holes. And if a fraudelent government wants to pull off a voting scam they have either to forge election sheets, which would be noted afterwards, or they have to destroy sheets, which would be noted, too.

    So why use a high-tech solution which isn't immune to fraud and other problems instead of a low-tech solution which hasn't these problems ?

    --
    Owner of a Mensa membership card.
  6. doh by Anonymous Coward · · Score: 5, Insightful

    God, this is stupid....

    Instead of doing such a media hype just open the source code for the public and let about 10'000 people have a look at it.

    Idiots.

    1. Re:doh by Slack3r78 · · Score: 5, Insightful

      I'm glad someone else brought this up so I didn't have to. If there was ever an application that needed to be open source, this is it. There's simply too much at stake and too much of a chance for shady manipulation if our voting system was to suddenly become a mystical blackbox where no one really knew what was going on inside.

      The only way to disprove any kind of impropriety in an electronic voting system would be to make the internal workings freely viewable to anyone, anywhere. Not only would there be concerned "Citzen Hackers" checking the code, but I'm sure it'd open up a whole field of university level research. And honestly, I'd far rather my tax dollars go to research grants where an open system can be checked and improved than to a private company which may or may not have an agenda that I don't know about.

  7. prove by Gorny · · Score: 5, Insightful

    Please will at least everyone keep in mind that when she wont succeed in cracking the machine that doesn't prove it's security.

    You can't prove a product is secure, only showing that it's insecure...

    --
    Alan Perlis once said: "A language that doesn't affect the way you think about programming, is not worth knowing"
  8. This is a hoax by DarkAurora · · Score: 5, Funny

    This is obviously a hoax. Everyone knows that there are no women in computer science. :)

    I've been in college for a few years and I haven't seen a women since I stopped taking Gen. Ed. classes.

  9. Paper AND Computers by The+Monster · · Score: 5, Interesting
    We changed our voting a few years back from the old mechanical lever system to one where you get a sheet of paper and a Sharpie to fill in the oval for the candidates/issues. Then you walk over to the scanner (with your ballot inside a cardboard sleeve to keep people from seeing it) and feed it through yourself. This arrangement has several advantages over the old one:
    1. More people can fill out their ballots at once. Instead of being limited to the number of machines for your precinct (we have consolidated 4 precincts into a single location now) you are only limited by the number of lightweight, cheap carrels that shield your ballot from prying eyes. (If those are all full, and you want to fill it out in the open, that doesn't disqualify your vote.)
    2. Absentee voters can recieve a ballot exactly like the one they would vote on normally (since no special equipment is required to do the voting) which can be held until election day and counted with the rest.
    3. When the polls close at 7PM, the scanner can dial up and transmit all the totals instantly, and we have an accurate count within minutes.
    4. If something goes wrong with the scanner, we can insert our paper ballots into a locked ballot box, which can then be opened for scanning (along with the ones that already went through the scanner into a lockbox) when the scanner is repaired or replaced, or the entire box taken downtown to be scanned there.
    5. All the ballots can be taken down to the courthouse and run through several different scanners to confirm they all give the same totals.
    6. Who is this 'Chad'? If a hand recount is ordered, we have solid pieces of paper and don't have the spectacle of judges holding them up to the light to try to devine the voters' intent. White paper. Red oval. Black marker. Not much room for argument there.
    7. We can run random audits of just one or two polling places, and even limit it to just one question on the ballot - do a hand count and see if the numbers agree with the ones sent from that scanner. Since the software authors can't possibly know which one would be audited, they wouldn't be able to cheat even if they wanted to.
    --

    [100% ISO 646 Compliant]
    SVM, ERGO MONSTRO.