Experts Critique SERVE Internet Voting System

linuxwrangler writes "SFGate is reporting that a critique by four security experts claims that SERVE, a system being developed to allow US citizens overseas to vote via the Internet, is so vulnerable to attacks that it should be scrapped. The other six experts who examined the system declined to issue a report. Nevertheless, the Pentagon stands by the system and plans to use in in elections next month."

Important

[Mork29]

It's a shame that the government and these companies can't get their act together, and build a simple, secure voting system that includes a paper trail. Why is that so complicated. I'm currently serving in the US Army in Germany, and an online voting system would truly make life easier. It's a soldiers job to defend democracy, so it's a very sacred thing for us to be able to take part in it. To be able to vote right over the internet without much hassle is something has taken far to long to develop.

Re:Important

[Mork29]

When I joined the military I raised my right hand and swore an oathe to defend the constitution, and I take that very seriously. Now, I also swore to follow the orders of the president of the united states. He was elected in a democratic election. There may have been problems with that election, he may not have had the popular vote, but he was elected by a democratic proccess, and I've followed his orders and the orders he has given to the officers appointed over me. That is what democracy is. I'd appreciate you not insulting my profession, or that of the soldiers who have come before me. I'd like you to walk into a VFW hall and tell them what you've said.

Re:Important

[Mork29]

Where is the justification for your illegal war? The look on the Iraqi's school childrens faces when you give them a pack of markers to bring to school with them. The mass graves that were uncovered, because of Sadam's rath. That's what I personally think is the justification. The fact of the matter is my opinion doesn't matter. What I think is sad, is that I can post my comments with pride and my handle shown, but your forced to send out your forced to troll without saying who you are. I'll bite on your comments, but only because I believe in what I say.

Re:Important

[WegianWarrior]

A simple secure online system is anything but simple to develop. Now, I don't know how the US has arranged for citizents living or working arbroad in previous elections, but I know that we (ie Norway) has usually asked people to go a central location to register their votes (embasy, consulate, military barracs*). It should be relatively simple to set up a secure** server at each such location which collects the votes casted and contacts the central server once every day or so. The collected votes, complete with a papertrail, chould then be sendt in an encrypted form, possible utilizing a one time pad to prevent tampering.

However, if the system should include a 'log on anywhere' capability, not be reliant on installing a client on the users PC, and be reliant on sending the information over the internet... good luck making it secure. I seriously don't think it will ever be secure enought for this application.

__*) if you look at the number of soldiers on either NATO, UN or other mission*** abroad compared to the number of people living in Norway, we have more soldiers out there than the US have... but then, there are less people living in Norway
_**) Secure in this meaning could include a squad of soldiers making sure no one tampers with the server, if you're so inclined.
***) Like the people we have in Iraq right now, helping secure and rebuild that nation.

Re:Important

[lfourrier]

...The voters willed President Bush into power...

It remains to be demonstrated.
Note: for foreigners, your US ssystem with one level of indirection seems the best way to have undemocratic results. You can have a president elected without the majority of the people vote. Last time was an example of such, not the first, but the most flagrant. And don't bother me with federalism, and the weight of the states. Your constitution begin with: We the People, not We the States, or We the Corps.

Re:Important

Insightful? Giving moderation points to neocon war hawks again, Slashdot?

Here's another "insightful" bit of wisdom for you: Views like yours are why 90% of the planet hates you and everything you stand for, American.

Re:Important

[dave420]

Defend democracy? Why didn't they all kick the living shit out of Bush when he visited Iraq then :) He's the biggest threat to democracy since Hitler.

Re:Important

[tuxette]

He was elected in a democratic election. There may have been problems with that election, he may not have had the popular vote, but he was elected by a democratic proccess,

Please explain to me (and I'm sure many others here) how the electoral college system is "democratic." Because I don't think it is. Bush was elected by the electoral college, not by the people. Had it been an election by the people for the people, Gore would be president.

Re:Important

[ThePythonicCow]

However, regardless of whether a secure voting mechanism can be implemented over the internet, this one is in deep doo-doo:

1. I doubt that our institutions are capable of providing a secure voting mechanism without much trial and error (at the expense of our elections)
2. Those who make the most use of election fraud now have much to gain from claiming that this voting system is allowing the _other_ side to steal elections. It puts the heat on the other side, and tends to delay the acceptance of these new systems until the dishonest figure out how to hack them as well. Meanwhile, the same old systems are used as before, with well known ways of being stolen.
3. Elections are a public act, that depend on the public trust. Most of the public can be easily persuaded to distrust any electronic system that can be imagined, especially one that is actually subtle enough to be secure.

Re:Important

[Eivind]

It's Constitutional.

...and therefore beyond critisism. Seriously, I agree that the US constitution is not hopeless, indeed for the time it was written it was quite radical.

But today it *does* show it's age. And a few points are downrigth undemocratic.

Worst when it comes to the elections are not the Electoral College in itself, but rather the fact that even though multiple people are elected from each state for the college, it is winner takes all.

It's pretty obvious to most people that if the population of a state is split 50/50, and that state sends 8 representatives, the democratic option would be to send 4/4 representatives, not 8/0 in favor of whichever party happens to get 50.2%.

It's also pretty obvious that a system in which everyone living in a clearly-republican or clearly-democratic state has no reason at all to go voting is not exactly optimal. How much, exactly does my vote for the republican candidate count if I live in a state far away from the balance-point (in either direction!)

Re:Important

[lynx_user_abroad]

...encrypts their ballot using a common public key inside a message encrypted using their unique number....

I was wondering if you could explain this a little bit more clearly. I'm having a difficult time explaining to my grandmother why this "choose two three-hundred-and-eighty-four-bit prime numbers, multiply them together..." is a better system than "put an "X" into the box by your candidate's name, place it in the envelope.

Suse, we can write software to do all the dirty bits, but at that point how do we know if it's doing all the dirty bits correctly?

Re:Important

[drooling-dog]

I'm currently serving in the US Army in Germany, and an online voting system would truly make life easier.

Plus, it would be so much cheaper and easier for authorities to get the required results. No more trucking bags of ballots off to secure & undisclosed locations for selective overnight spoilage, etc. The efficiency of military planning would be enhanced by the greater predictability of elections on the national level, and the American Empire would be strengthened as a result. It would also help protect against any possibility that liberals could take control of the government merely by voting.

I only hope they have the good sense to use closed-source software and avoid any kind of reliable vote confirmation or paper trail.

Re:Important

[Catbeller]

Paper. Ballots. Count them. Works for everything.

Electronic ballots: enables cheating. Period.

We don't need systems with paper audit trails. We are just adding insane cost to a very simple process. We have systems that work, called "paper". The only people who claim they don't work were the ones who wanted an election to stop *

Why, oh why, do these "designers" insist on an unauditable system, when it is trivial to add a printout? **

And why have a even have a system with a paper backup for audits when we had the paper system working in the first place? At no extra cost? ***

* Bush, Cheney and Rove. And a gullible pack of journalists.

** Because they want to cheat, and make sure they never lose control of the United States government. Yes, the neocons.

*** Lots and lots of money, money, money.

**** We aren't in Iraq to "build democracy". We won't permit free elections, because they will vote to kick our asses out. And all the rebuilding money is coming to American Bush/Cheney connected firms -- the Iraqis and Europeans are frozen out. And our porkers are failing miserably at the task. And we are in Iraq because of a colossal series of lies. We are there to control the spigot the world's largest reserve of oil, to break OPEC's back, and usher in a new age of, well, not cheap oil, because the oil lords of the US will not permit that, but at least oil cheap enough to ruin OPEC's control of pricing. Period.

***** All the squads in the world can't guard a voting process that is controlled by coders not physically present. People are tippy-toeing around saying what they are really afraid of -- that right wing military officers will make sure they deliver the vote for their favorite candidates, one way or another. It would only take one rogue to swing a close election by twigging a few thousand votes. The 2000 election showed us that political pressure enabled the military to permit votes to be cast by overseas personnel AFTER THE ELECTION WAS OVER -- votes that conceivably give Bush the presidency. If voting after an election is over won't stonker right-wing fanatics, tweaking a few votes on a elctronic system would be downright honest.

Re:Important

Worst when it comes to the elections are not the Electoral College in itself, but rather the fact that even though multiple people are elected from each state for the college, it is winner takes all.

The disposition of electoral college votes is up to the states completely. You have a very valid criticism, you are just yelling at the wrong people. The problem is why would the republicans/democrats want to divide votes in a state they would win. There may be valid reasons to criticize the federal constitution, you may want to read it and figure out what those are.

Re:why sumthing new?

[Dak_x]

Seriously, There are enough problems with the E-voting systems in the US. Deploying insecure systems overseas just makes a bad problem worse.

Why is this so hard?

[Corpus_Callosum]

If the U.S. govt would ask a University Comp-Sci department (any University) to initiate an open-source secure electronic voting system, this problem would solve itself very rapidly.

Why do these things continue to go out to bid instead of being handled in academia where they should be?

Re:Why is this so hard?

[Reivec]

If it were open source patches would come in from all over the place. The algorithm is the important part! The bugs can be worked out as you go. But if your algorithm is crap, no amount of debugging will make it better.

I totally agree with the parent here. It would be cheaper, it would be a good educational tool for universities to get their students in. It wouldn't be hidden from the public since this is such a public issue. Experts could inspect the code at will and provide patches. I can't even really think of a negative here. I simply think too many government officals are convienced that if the source is open that means anyone can figure out how to break it, which isn't really the case.

Plus any good NEW ideas that might come out of it would also be open and could be used in other applications. And if they did, they would make good standards since they would probably be under a BSD type license. Good all around I say!

Re:Why is this so hard?

[Ckwop]

SSL is a secure channel protocol and the simplest of the standard cryptographic problems. It is monsterously complicated to code but the basic premise of how it works is fairly easy to understand..

However, Just the description of secure voting schemes is pretty monsterous.. In Applied Cryptography, Bruce takes a chapter to develop a secure voting protocol.A real world system is an order of magnitude more complicated..

I think the way to develop a secure voting system is to have an international competition much like the way AES selection process was run! Private companys can't solve this problem.. it has to be a community effort involving the world's experts.

Simon

Re:Why is this so hard?

[Lolox]

Please explain what the Comp-Sci department grad students can do about creating an e-voting system where you can vote from any PC, anywhere, and that is resistant to

• DoS attacks (SERVE's webpage says that they have something up their sleeves, but the experts in the article don't buy it)
• Trojans/Malware in the voter's computer
• Man-in-the-middle attacks
• Insider attacks once the system has been verified

(Acknowledged: having widely-reviewed source by academics across the globe would help guard against program backdoors -- but all the above still apply)

In fact, if you read the article -or, even better, the full review- (ouch! forgot this was Slashdot!), they say that *no* system can do the job of providing good voting from *any* internet-connected PC.

I think there are two problems here, and the only way about it is to drop requirements. First, "any internet-connected PC" opens itself to all kinds of man-in-the-middle and local malware attacks. Why not place a few trusted PCs connected by secure tunnels under supervision of ellection officials in the voting areas? This would fix [D]DoS, man-in-the-middle attacks, vote buying, and evil software in the voting end.

Second, as noted in the review (and other articles about secure e-voting), the voter-verified audit trail: unless there is something tangible and hard-to-tamper (like ordinary ballots, even the printed sort), mass fraud is way too easy. So have these overseas voting stations do printed ballots, and ship them after the encrypted votes in a secure fashion. When the ballots reach the homeland, check that everything matches - and if not, beleive the ballots and find the electronic fraudsters. This would make insider attack much more difficult

Of course, the only advantage of this is that you get a not-so-secure e-vote from controlled stations, speeding up initial vote count; a count that will need to be re-checked once the overseas ballot boxes arrive back home.

Re:Why is this so hard?

[mpe]

If the U.S. govt would ask a University Comp-Sci department (any University) to initiate an open-source secure electronic voting system, this problem would solve itself very rapidly.

No doubt the US government would get upset were the answer something along the lines of using a system which could be easily counted by hand or machine, without involving lots of computer hardware and software. Especially if "not invented here" syndrome was involved.

Why do these things continue to go out to bid instead of being handled in academia where they should be?

It's a political dicision. The claim is that putting things to "the market" (the criteria being such that only a very few businesses could even put up a bid in the first place) is "more efficent". Whereas in actual practice it could just as easily be "corporate welfare".

The defense department's response?

[gid13]

From the article:

"We've had things put in place that counteract the things they talked about."

Gee, thanks for being specific. I'm convinced.

US Armed Forces

There are thousands of troops overseas who'd like to vote. Given that an election's outcome could easily determine the amount of time that these men and women remain overseas, I say their opinion matters...

I'm not sure why there's a push to do this electronically instead of the absentee ballots that troops have been using for years, but it's probably something to do with "possible impropriety" in how soldiers' overseas ballots were counted (or not) in 2000.

Pentagon??

[femto]

What is the Pentagon doing developing voting systems? As a major recipient of government money, with no funding guarantees, wouldn't it have a significant vested interest in election results?

Re:Pentagon??

[femto]

That's not a reason.

Soldiers can still vote if the overseas voting system is developed and run by an independent entity, with independent funding. Soldiers may have to trust the Pentagon with their well being, but hat trust should NOT have to extend to trusting the Pentagon with their vote.

vote

[edverb]

Vote by absentee ballot this year. I reckon the paper trail might be necessary (again).

Re:conclusiveness?

[CB-in-Tokyo]

The concnesus was a majority, 4 votes against; nil for.

Netcraft survey confirms.

Democracy is dead.

Why Not use Soldiers?

[Linus+Sixpack]

Considering the US military presence in so many countries (I think 145 at last count) whats wrong with a few polite soldiers, a few witnesses, and a paper trail.

Lightning fast counting with no paper trail seems too much like an adaptable magic wand to say whatever Bush wants it to say.

ls

Re:One idea

[Zontar+The+Mindless]

> I've heard the idea batted around that only those
> residents of the actual States should get the
> right to vote as they're vote has a direct bearing
> on the policies that will affect them, whereas
> expats are removed from such policies by living in
> foreign countries.

Yeah, I've heard lots of ignorant and unfair ideas batted around in my time, too...

We're just as American as you are, thank you very much. And it's not like we're unaffected by US Government policy... For example -- you think Americans living abroad are exempt from paying taxes? If the US declared war on Australia tomorrow (granted, that's an unlikely event, but nevertheless), do you think the Aussie would just let me hop the next flight out of Brisbane Internaitonal back to LA? Hell, no -- I'd be interned as an enemy national.

In addition, living abroad gives us a unique advantage in seeing just how US foreign policy affects other countries and US relations with them.

> This suggestion also leads to the debate about
> allowing illegal immigrants the right to vote.

Apples and oranges. And what, pray tell, is there to "debate"? Answer: Zero. Nada. Zilch.

If immigrants can qualify for US citizenship, then they get to vote in US elections. Non-citizens are not allowed to vote. I think that's pretty easy to understand.

As for me, I was born and raised in the USA of native-born American parents; my American ancestors fought in the Revolution, the Civil War, and both World Wars; I hold a US passport; I pay US taxes. I am definitely a US citizen, and I definitely am enitled to vote in US elections.

Some people obviously have very fucked up ideas about what "citizen" means and no clue as to what it's like to be considered a foreigner.

Fundamemtally Insecure

[igaborf]

My problem with any such system is that it doesn't protect against coercion. One reason traditional polling booths are set up the way they are is to prevent anyone from knowing how you voted. If you're voting from home via the Internet, that's not possible. Imagine someone who has power over you standing behind you while you vote to ensure you vote "right." (If you're a leftie, you can think of that person as a representative of the evil corporation. If you're a rightie, you may want to think of a union shop steward.)

Note that this is not a computer security problem. Even if the voter's identity is established to a certainty, it doesn't ensure the voter is not being coerced.

There is simply no substitute for casting your vote in a manner that ensures your choice is unknown to those who might wish to coerce you. The only viable method for doing that is to have your privacy ensured in a public polling place, by poll watchers.

Bush? (was Re:Why Not use Soldiers?)

[cascadingstylesheet]

Lightning fast counting with no paper trail seems too much like an adaptable magic wand to say whatever Bush wants it to say.

Why Bush?

Those dead people in Chicago, the inner city residents who get bussed from polling place to polling place, and those who aren't, er, technically citizens, weren't voting Republican last time I checked.

Does you're side really want to start talking about voting fraud (as opposed to metaphysical "voter intent" and "hanging chads")?

simple, secure, anonymous

[slash.dt]

simple, secure, anonymous - if you chose only 2 it is easy, if you want all three it is hard.

Simple and secure online banking is commonplace - but there is no anonyminity involved.

Simple and anonymous vote counting is easy - but if you want to make it secure you have a whole extra set of problems

Did anyone read this report?

[digrieze]

I hate to ask, but did anyone besides me read the actual report? These comments were based on attending (sitting) through two 3 day meetings, not even noting if the authors actually bothered to ask any questions or just sat through the powerpoints. Does anyone think these were the only ones there? Even the authors acknowledge they were not.

The criticisms basically fall down on "computers are broke and can be exploited" - ain't that a newsflash. They fail to note that the system is being deployed in physically secure areas over a segment of the internet that is not accessible from non-military servers, the IP is not even available on standard DNS servers.

It is worth noting that they spent much space at the end telling the media how to get hold of them for interviews, is OPRAH listening?

Seriously, these are the days when you can register anyone as a .org, put out a press release and say anything to get your 15 minutes of fame. Maybe my age has soured me but I smell trolling for a morning news segment.

Incidently, for those wondering what interest the Pentagon has in elections, just ask all the military personnel stationed out of port and overseas that had their votes tossed out by party challenges in the 2000 elections. If they HAD been counted then the Supremem Court wouldn't have been involved in that year. Then again, maybe that's what really scares people about this whole idea.