Slashdot Mirror
VeriSign and Secure Internet Voting
Bucky Katt writes "VeriSign announced Monday that it will provide key components of a system designed to let Americans abroad cast absentee votes over the Internet."
← Back to Stories (view on slashdot.org)
Yes, the algorithms for secure anonymous fraud-proof voting exist, but I don't think the implementations are up to the task yet - in particular, if they cannot be independently verified before, during and after the elections.
There's just too much potential for a fraud to justify dropping the good old pencil-in-the-number-of-your-candidate method.
And, for our next trick, we absolutely won't replace the electoral college with internet voting. Even if it were secure, it would take the power out of the hands of the elite and give it to the people.
However, wouldn't it be nice if we (the US, if you can forgive my inclusive pronoun) were a democracy instead of a republic? If internet voting is good for the goose, then shouldn't it be good for the gander? We just need to replace those old and moldy voting booths with shiny new internet-enabled booths.
Of course, as a programmer, I'll believe the voting scheme is "secure" when monkeys fly out of my butt.
As I recall, none of the absentee ballots made any difference in the 2000 presidential election.
Someone must have thought, "Lets let absentee voters vote electronically, we're just going to throw out their votes anyway!"
Nothing lost, nothing gained.
Fight or flight its all the same
Live to die another day
--Ryan
As a side benefit.. if the voter isn't capable of filling out the form correctly, they then will be forwarded to a page where you can vote for verisign's preferred candidate. A security expert has noticed a tracking bug implanted into a cookie offered by the page, but ICANN and the federal government really don't seem to see a problem with the system as it really gives internet uses a better experience.
In other news, Versign has partnered with SCO and the republican party to bring you a better internet experience. All your traffic is now monitered by the government to protect you from terrorism using the new SCO openClosed linux.
If a majority of eligible voters actually voted, would we even be bothering with all this crap about electronic voting?
Read the EFF's Fair Use FAQ
While I'm usually skeptical of Internet voting, I'm actually in favor of it in the limited case of American personnel overseas, because it is better than the current system. Presently, most absentee votes don't even get counted, unless the margin of victory is less than number of absentee ballots. While this is technically accurate and efficient, it kinda sucks to be one of those people who's vote is never even considered.
On the security side, I hope that VeriSign avoids Diebold's mistake (with electronic voting machines, which is different from Internet voting) and makes the source code and security procedures public for scrutiny.
Verisign does not deserve to be a "trust company". This sitefinder issue is just the latest in a series of unethical moves by verisign, dating back at least the "godaddy domain expiration letter" scam.
The sooner we slay this beast, the better.... With that said, I recently found out about a heck of a deal "Everyone's Internet" is running: "$25 SSL certificates". It's obvious that as a reseller for GeoTrust and as a webspace provider for small biz, they know that a ton of Mom & Pop shops that would jump at one of these in a second, even if profits from online sales were small, because a "secure order" page is great for their image.
On the other side, I've been using GoDaddy for years.
Down with Verisign.... We don't need you anymore.
actually, there has not been a single recount which actually showed Gore as having more votes. They've counted, counted, re-counted, and counted again and they still can't get the answer they want. Its a shame for them, but I think they just have to realize that Bush did win, even though he may have only won by a small margin.
In the UK I think the average voter turnout for the general elections is hovering around the 35% mark and falling.
This is a huge problem for a democracy IMHO. Considering we've fought 2 world wars for the right to determine who governs us, it's pathetic that a majority of people cannot be bothered to get off their arses and vote.
However, I have a confession. I'm one of the majority and ashamed of it. I always intend to vote, but when the time comes I always seem to have something important to do instead. If we had an easy electronic voting system then I for one would always cast my vote.
OTOH Do we really want to encourage EVERYONE to cast a vote? If there was no effort involved (like actually having to travel to vote) then would we be encouraging people with no real political views to vote 'just because they can' Maybe then the result of the election would be decided by the lazy jobless who had nothing better to do than vote?
NPR did a story last week on closed voting systems, and specifically mentioned Diebold and the "no-printers" argument. It's a start.
What is this about MS Access? I RTFA, and the only thing I saw was:
Given that the interface appears to be browser-based, this can be migrated to MaxOS, and *nixes if testing goes well.
However, there was one disconcerting item on the serveusa.gov FAQs. This item:
And that is what scares ME!How, exactly, were they crushed? If their readers left their paper to read one of the "big corporated owned..." outlets, then they could not secure advertisers, then how is it the fault of those big corporate interests? If the public really wanted those independent papers, they would support them. Its called free-market at work (or, democracy expressed through the market).
BTW, in my town, there is a small independant newspaper, to which I subscribe, as do many people. I like it, I support it.
The same people have made sure that individuals have a hard time publishing on the internet
There are plenty of free web-hosting places. I have published plenty on the Internet. Hell, in a way, I'm publishing on the Internet right now (with my /. comment). There is no outlet similiar on the TV or Radio where other listeners can easily see my comments. Internet is much superior that way.
so everyone has to go through providers or portals where they can be shut down.
I don't access /. through a portal. People that value free information search the internet, follow links, etc. People that don't stick to portals. Again, free market in action. Its the purest form of direct democracy.
Now the loop is being closed with black box voting, which is impossible to audit
One of the key requirements of electronic voting is ability to audit. The book Applied Cryptography has a good chapter on that. You may check that out for some interesting thoughts on "good" electronic voting.
Sarcasm and hyperbole are the final refuges for weak minds
Well, there are two points that have to be made when it comes to internet voting:
1) Only middle class and higher will be able to easily use this system (have internet connections). The very poor will have to wait in line and vote the oldfashioned way, or wait in line for access to the public library PC (if they have a library with connections nearby - think ghettos). The poorest peoples have the exact same right to vote, and making it effortless for those "with" money, and still laborous for those "without" will create a disparity - a weighted election.
2) I am not certain that I want numbskulls (forgive the term for its crudeness, but it is accurate) finding it so easy to vote. The weak-minded (those too dumb or lazy to register and show up at your voting precinct) will now be more readily enabled to cast votes for the candidate that spouts wrong ideas with mass-appeal.
As problematic as the current US voting system is, I can't see this fixing much! Make the vote tallies more accurate, yes! But do not change the methodology without ensuring that is is fair and just to all.
In australia voting is all done on paper, and moreso it is compulsory.. and there is rarely any trouble with the process.
:(
Every person over 18 goes onto a voting roll, they check you off that list when you enter a venue that has been set up to take votes (or when they receive an absentee vote by mail), they hand you a peice of paper, you tick the appropriate boxes and place it into a large locked container.
Simple, and there is a paper trail, and the expenense of counting the votes by hand is minimal.
Australia seems one of the better places to live at the moment.. too bad were following in americas footsteps as fast as possible
"Those who would give up Essential Liberty, to purchase a little Temporary Safety, deserve neither Liberty nor Safety"
No, the Palladium software is not sufficiently ubiquitous at this time for use in SERVE.
Put asside your RIAA induced predjudices, just for a second. Exactly why would you not want to use trusted hardware for secure voting?
Palladium would be an ideal base to use. You might well want to go to the trouble of creating and signing your own version of the nexus under a different hardware key. But if the technology was available today I would be using it, absolutely.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
The real supporters of electronic voting want such a system so they CAN rig it! Why do we use mechanical voting machines? Why do we use electronic ballot counters? Why do we NOT count ballots at the polling place before we haul them to the court house? All of that is done to make elections EASIER to rig. It sounds like it is safer but it really is just a shell game designed to hide the methods behind trickery. Ask any magician. You hide your tricks with distractions and illusions that are just the opposite of what is really happening.
Most people can't understand computers so they think "Well it MUST be good. This is sophisticated and I'm too stupid to understand this so it must be well designed." Many people have problems with computers but they almost always think that THEY are the problem (I don't know how to use this, I must be doing something wrong.) not that the software is written badly. The American public loves gadgetry and we equate that with goodness and safety. We think we can build a better car or a building that can take a hit from a 767 or a tamperproof election.
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
Exactly, with Palladium any conspiracy would have to include Microsoft, the hardware manufacturers, the CA and the people administering the ballots.
It is one thing to have open source code review. That is great but actually irrelevant since my main concern is not that the source code offered for review would have a backdoor. My concern is that the code running on the machine might not be the code given for review.
With Palladium it is possible for an external process to determine that a specific version of a software code is running on a particular machine. That is exactly what I want in designing an internet supported voting scheme.
Incidentally I find it really interesting that everyone seems to assume from the start that any ballot tampering would be directed by the GOP.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/