Slashdot Mirror

← Back to Stories (view on slashdot.org)

Experts Critique SERVE Internet Voting System

Posted by simoniker on from the e-uh-oh dept.

linuxwrangler writes "SFGate is reporting that a critique by four security experts claims that SERVE, a system being developed to allow US citizens overseas to vote via the Internet, is so vulnerable to attacks that it should be scrapped. The other six experts who examined the system declined to issue a report. Nevertheless, the Pentagon stands by the system and plans to use in in elections next month."

16 of 270 comments (clear)

  1. Important by Mork29 · · Score: 5, Insightful

    It's a shame that the government and these companies can't get their act together, and build a simple, secure voting system that includes a paper trail. Why is that so complicated. I'm currently serving in the US Army in Germany, and an online voting system would truly make life easier. It's a soldiers job to defend democracy, so it's a very sacred thing for us to be able to take part in it. To be able to vote right over the internet without much hassle is something has taken far to long to develop.

    1. Re:Important by WegianWarrior · · Score: 4, Insightful

      A simple secure online system is anything but simple to develop. Now, I don't know how the US has arranged for citizents living or working arbroad in previous elections, but I know that we (ie Norway) has usually asked people to go a central location to register their votes (embasy, consulate, military barracs*). It should be relatively simple to set up a secure** server at each such location which collects the votes casted and contacts the central server once every day or so. The collected votes, complete with a papertrail, chould then be sendt in an encrypted form, possible utilizing a one time pad to prevent tampering.

      However, if the system should include a 'log on anywhere' capability, not be reliant on installing a client on the users PC, and be reliant on sending the information over the internet... good luck making it secure. I seriously don't think it will ever be secure enought for this application.

      __*) if you look at the number of soldiers on either NATO, UN or other mission*** abroad compared to the number of people living in Norway, we have more soldiers out there than the US have... but then, there are less people living in Norway
      _**) Secure in this meaning could include a squad of soldiers making sure no one tampers with the server, if you're so inclined.
      ***) Like the people we have in Iraq right now, helping secure and rebuild that nation.

      --
      Everything in the world is controlled by a small, evil group to which, unfortunately, no one you know belongs.
    2. Re:Important by tuxette · · Score: 4, Insightful
      He was elected in a democratic election. There may have been problems with that election, he may not have had the popular vote, but he was elected by a democratic proccess,

      Please explain to me (and I'm sure many others here) how the electoral college system is "democratic." Because I don't think it is. Bush was elected by the electoral college, not by the people. Had it been an election by the people for the people, Gore would be president.

      --
      People say I'm crazy, I got diamonds on the soles of my shoes...
  2. Re:Internet voting by Sarojin · · Score: 4, Funny

    Given that the US can't seem to get in-person voting right (Goooo Diebold), I doubt they're really ready for remote voting.

    --
    HOW'S MY POSTING? CALL 1-800-POSTING
  3. NYTimes Link by a.koepke · · Score: 4, Informative

    Here is the no rego NYTimes link for the article mentioned in the report.

    --


    (\(\
    (^.^)
    (")")
    *This is the cute bunny virus, please copy this into your sig so it can spread
  4. So for decision 04, by gnu-sucks · · Score: 5, Funny

    We'll be counting hanging TCP connections?

  5. Why is this so hard? by Corpus_Callosum · · Score: 4, Insightful

    If the U.S. govt would ask a University Comp-Sci department (any University) to initiate an open-source secure electronic voting system, this problem would solve itself very rapidly.

    Why do these things continue to go out to bid instead of being handled in academia where they should be?

    --
    The reason that it can be true that 1+1 > 2 is that very peculiar nonzero value of the + operator
    1. Re:Why is this so hard? by Reivec · · Score: 4, Insightful

      If it were open source patches would come in from all over the place. The algorithm is the important part! The bugs can be worked out as you go. But if your algorithm is crap, no amount of debugging will make it better.

      I totally agree with the parent here. It would be cheaper, it would be a good educational tool for universities to get their students in. It wouldn't be hidden from the public since this is such a public issue. Experts could inspect the code at will and provide patches. I can't even really think of a negative here. I simply think too many government officals are convienced that if the source is open that means anyone can figure out how to break it, which isn't really the case.

      Plus any good NEW ideas that might come out of it would also be open and could be used in other applications. And if they did, they would make good standards since they would probably be under a BSD type license. Good all around I say!

  6. In other words... by gid13 · · Score: 4, Funny

    ...100% of respondents (in this case, all qualified) say the system sucks, and the people in power say "Nah, go with it!"

    The optimistic interpretation: The pentagon is full of idiots.

    The pessimistic interpretation: The pentagon is full of corrupt people.

    My interpretation: The pentagon is full of corrupt idiots.

  7. How It Works by stewwy · · Score: 4, Funny
    1) Decide who will win

    2) Allow Voting

    3) Announce result

    Using this task order means that 2) is redundant and therefore has no impact on the result, therefore you do not need a secure system and can save money by purcasing a system off your friends

  8. US Armed Forces by Anonymous Coward · · Score: 4, Insightful

    There are thousands of troops overseas who'd like to vote. Given that an election's outcome could easily determine the amount of time that these men and women remain overseas, I say their opinion matters...

    I'm not sure why there's a push to do this electronically instead of the absentee ballots that troops have been using for years, but it's probably something to do with "possible impropriety" in how soldiers' overseas ballots were counted (or not) in 2000.

  9. Pentagon in the Democratic Election Space ? by leoaugust · · Score: 4, Interesting

    An Internet voting system developed by the Pentagon for U.S. citizens overseas is so vulnerable to attacks that it should be scrapped, four computer security experts said in a report released Wednesday.
    Forgive me for asking but why is the Pentagon involved in the conduct of Elections? Isn't there some more neutral organization ? It is like asking the Republican-leaning ("I am committed to delivering ...") Diebold to be in charge of conducting elections. If it was the State Department (Colin Powell) it would make sense but the Pentagon (Donald Rumsfeld) ? There is no democracy in the Defense Services and None at the Pentagon - what makes them so confident that they know what democracy needs.
    Defense Department spokesman Glenn Flood said the Pentagon was confident the system is secure. "We knew from the start that security would be the utmost concern," Flood said. "We've had things put in place that counteract the things they talked about."
    Again forgive me for bringing it up, but they seem to be brushing off concerns like the did before attacking Iraq. (We have it all under control, and it will cost less than 1.5 billion dollars ...)
    "We knew from the start that security would be the utmost concern ..."
    Yes, but they said the same before attacking Iraq. Knowing something does not mean that they have planned for it. It is like a doctor who knows the name of the disease but that does not mean he/she knows how to cure it. And the Pentagon has not addressed the legitimate concerns.
    But the Pentagon is standing by the system, which could get its first test Feb. 3 in South Carolina's primary election.
    Bring 'em on.

    --
    To see a world in a grain of sand, and then to step back and see the beach where the sand lies ...
  10. They'll probably recognize that something's... by Undefined+Parameter · · Score: 4, Funny

    ... not working right when 700,000 Privates with the last name of Chen vote for the Communist party candidate. Who needs a Manchurian Candidate when you can just elect Chairman Jia Qinglin himself? :-P ~UP

    --
    Eat the Path.
  11. Re:Yea! EVERYONE gets to vote! by andreMA · · Score: 4, Interesting
    Answer: Most Americans don't care enough to vote
    Alternatively, some care deeply but think the candidates on the ballot all suck and stay away from the polls in disgust. Allowing them to vote "None of the Above" and having that total reported with the other results would likely increase turnout to fair degree, since their voice ould then be 'heard'.

    I seem to recall that at least one state (Nevada?) does this and "NOTA" has on occasion 'won' in state-wide races.

  12. Re:One idea by Zontar+The+Mindless · · Score: 4, Insightful

    > I've heard the idea batted around that only those
    > residents of the actual States should get the
    > right to vote as they're vote has a direct bearing
    > on the policies that will affect them, whereas
    > expats are removed from such policies by living in
    > foreign countries.

    Yeah, I've heard lots of ignorant and unfair ideas batted around in my time, too...

    We're just as American as you are, thank you very much. And it's not like we're unaffected by US Government policy... For example -- you think Americans living abroad are exempt from paying taxes? If the US declared war on Australia tomorrow (granted, that's an unlikely event, but nevertheless), do you think the Aussie would just let me hop the next flight out of Brisbane Internaitonal back to LA? Hell, no -- I'd be interned as an enemy national.

    In addition, living abroad gives us a unique advantage in seeing just how US foreign policy affects other countries and US relations with them.

    > This suggestion also leads to the debate about
    > allowing illegal immigrants the right to vote.

    Apples and oranges. And what, pray tell, is there to "debate"? Answer: Zero. Nada. Zilch.

    If immigrants can qualify for US citizenship, then they get to vote in US elections. Non-citizens are not allowed to vote. I think that's pretty easy to understand.

    As for me, I was born and raised in the USA of native-born American parents; my American ancestors fought in the Revolution, the Civil War, and both World Wars; I hold a US passport; I pay US taxes. I am definitely a US citizen, and I definitely am enitled to vote in US elections.

    Some people obviously have very fucked up ideas about what "citizen" means and no clue as to what it's like to be considered a foreigner.

    --
    Il n'y a pas de Planet B.
  13. Fundamemtally Insecure by igaborf · · Score: 4, Insightful
    My problem with any such system is that it doesn't protect against coercion. One reason traditional polling booths are set up the way they are is to prevent anyone from knowing how you voted. If you're voting from home via the Internet, that's not possible. Imagine someone who has power over you standing behind you while you vote to ensure you vote "right." (If you're a leftie, you can think of that person as a representative of the evil corporation. If you're a rightie, you may want to think of a union shop steward.)

    Note that this is not a computer security problem. Even if the voter's identity is established to a certainty, it doesn't ensure the voter is not being coerced.

    There is simply no substitute for casting your vote in a manner that ensures your choice is unknown to those who might wish to coerce you. The only viable method for doing that is to have your privacy ensured in a public polling place, by poll watchers.