Slashdot Mirror
Pentagon Cancels Internet Voting System
Ben B writes "The Pentagon won't use an Internet voting system for overseas U.S. citizens this fall because of concerns about its security, an official said Thursday. The official, who requested anonymity, said Deputy Defense Secretary Paul Wolfowitz made the decision to scrap the system because Pentagon officials were not certain they could 'assure the legitimacy of votes that would be cast.' Computer security experts who last month reviewed the Secure Electronic Registration and Voting Experiment, or SERVE, had urged the Pentagon to scrap the system, saying it was too vulnerable."
The projects home page states that it "will let eligible U.S. citizens vote from any Windows-based computer with Internet access" WHAT? Making it harder for linux users to vote? (and as a result having less of them represented) Supporting Microsoft?
I don't see how this got so far already.
Today I drop my ballot in the mailbox (I live in a mail-in ballot state) and just have to trust everything is on the up and up from there.
What I would like instead is to have every voter to get a receipt when they vote, that uniquely identifies their precinct and vote, and shows a unique number for that vote/voter combo. Something like:
Vote #: 54353654354 Precinct: 58 Voted for: Mickey Mouse (or whoever)
Then I'd like those all those numbers published somewhere after every election so that anybody can download it. Note that my vote is still anonymous, nobody knows who vote 54353654354 is because of the nature of one way functions.
Any voter could go look at the published list to see that their vote was counted correctly. If it was counted incorrectly (I.e. the count showed my vote to be for Dopey instead of Mickey Mouse), then I could step forward with my biometric data to prove it. If enough people step forward, the election was clearly bogus and needs to be redone.
Any voter could download the entire list and count the votes for themselves, at least minimizing the chances of large #s of votes appearing out of thin air in any particular precinct, and making counting of votes very clear and open to all to verify.
Is it foolproof? Nope, but it is a lot more transparent process than we have today, where I have no visibility whatsoever into my vote being counted, what the real totals where, etc.
well i never thought I would see this happen.
Considering all the snafu surrounding the Diebold screwups, I think it's a good thing that the pentagon is finally listening to common sense instead of possibly covering up another voting screwup.
I'm from florida and the whole previous presidential election never sat well with me because of the morons we have down in south florida and the fact that we never really knew the truth about the actual voting results.
Those who trade in their freedom for security, deserve neither.
Internet voting presents far too many opportunities for hackers or even terrorists to interfere with fair and accurate voting, potentially in ways impossible to detect
Not just hackers/terrorists but I am sure some tech savvy candidate might even go the length and 'hire' someone to do it for him/her. That would give a whole new meaning to the term *booth capturing*.
I am glad Pentagon got it right before getting the system in place. Voting is not like the weather forecast. There is an 80% chance that we counted the votes right. No. We want to know the right tally. I can wait for the paper trail to be counted instead of electronic voting giving me the result instantly without 100% reliability.
Free XBox, PS2
Actually, I do have a partial solution to spam, but in involves changing the email protocol to require the SENDER to store the email, rather than the receiver. The current protocol was devised in uucp days, when it was common to store-and-forward email over several dial-up hops to it's destination. These days, everybody that has an email server also has a web server. If you sent only a URL and (optional) encryption/access key via the old protcol, then retrieved the rest of the message from the URL, this would elimate spoofing and put more of the burden on the sender and less on the receiver. It would also be more efficient -- currently, if I send the exact same message to 100 people, it uses up 100 times the size of the message in disk space on the receiver's servers. But if was stored on the sender's server, it could use the same copy for everybody! Yes, there is some additional overhead to track whether specific addressees have downloaded the message and determine when to delete it, but I think with some work it could be turned into a useful system -- certainly an improvement over the current system.
"Freedom means freedom for everybody" -- Dick Cheney
Yes. You are missing something. The fundamental problem with internet voting is that it needs to be able to assure three things:
First, that the person voting is eligible to vote. This is not too hard to do. We know how to verify identity, though there are a few issues with this that are not present in a financial relationship.
Second, that the person's vote is anonymous. Anonymous voting is trivially implmented. There is a problem when you combine the above verification requirement with the need to keep a given person's vote secret.
Third, that the election be auditable. THere was yeling and finger-pointing in the last American presidential election. Could you imagine what it would be like if votes just suddenly marterialized out of the ether with no way to audit them?
Combine all three of the above requirements and you have a very tough problem at hand. We don't want to be able to have some political hack analyze the raw vote data and b able to say "Joe Blow voted for candidate X, as this could, for various reasons result in repercussions of one kind or another on Joe, thus allowing others to intimidate his vote.
This is one reason why I really dislike mail-in ballots. Mail ballots allow an agent of Party y to hand an absentee ballot to Joe, make sure he marks for the 'correct' candidate, and then mail it in, assured of the vote rendered. It is a also a sitation custom made for fraud on a massive scale. With in-person voting, party X can pay Joe $5 dollars to vote, but when Joe deposits the ballot in the box, there is no way to guarantee that Joe voted "correctly".
Now, there some bright fellows have proposed cryptographic protocols that solve the problems mentioned above. Unfortunately, you are dealing with an electorate too stupid to figure out how to punch holes in a ballot reliably. The Protocols for secure, anonymous internet voting are far too complex to ever be used in the real world.
This is an ex-parrot!
Whether it could or could not be made secure, it was made *insecure*, probably by design.
Many of those who are pushing this technology have intentions of committing or assisting massive vote fraud.
Today's US government is overwhelmingly corrupt. If it can miscount votes in favor of itself without it being seen, it will do so. The payoff is just too great, and the risk is minimal to nonexistant.
The probable reason for having the military use an internet-based voting system in a general election would be to ignore any ballots cast, and simply report the predetermined vote tally as if it were the result of actual votes.
The military usually can be expected to vote for an incumbent president, but in this election, there may not be an overwhelming majority for Bush and his crime gang. In order to create the extra votes needed to tip the election in favor of GWB, the system needs to be subverted.
How do banks manage with ATM cards and pin numbers?
Not secure?
Ever tried to hack into a bank?
Mind you, I also believe Internet voting should be used to allow people to vote on the issues throughout the year, assign proxy votes and basically allow democracy to be dynamic -- rather than this thing we have currently where you're stuck with some arsehole for four years and have no way to affect decisions on issues you actually care about.
It's bad enough that the internet was going to be used to count votes outside the country. How much worse would it be with all those illegals voting online here inside the U.S. borders?
They do that already.
With motor-voter you can crank out as many registrations as you want. (There's an illegal immigrant on my street who brags about how he goes from precinct to precinct on election day and shows off his >20 registrations. His reaction to questions about whether this is right: "They don't care. If they cared they'd do something to check.")
Don't expect any respect for law from people who grew up in a country where the government is totally corrupt (let alone the subset that then broke OUR laws to even BE here, rather than going through proper channels.) It's not their fault they grew up in that environment. But now that their opinions are formed you'll need to do more than set an example, if you want to get their attention and change their behavior. And you're not going to do that while it's ILLEGAL to review their elegibility, or even check their ID.
(Now think about how the "drug war" and the 55 MPH speed limit have similarly affected the Boomer generation's respect for law and established institutions.)
Think it's hard? Think they do any checking? Heck. *I*ve been double-registered twice in the last few years. (Changed my party affiliation - which is done on the same form - and had my name typoed and the form misprocessed as a new registration. I STILL get double jury-duty notices from the last instance.)
To motor-voter add no-excuse absentee ballots. Now anyone can:
- pick up a stack of forms in any government office,
- crank out fake voters as fast as he can fill them out and drop them in a mailbox,
- file for absentee voting as fast as he can check a box on the registration notice postcards and drop THOSE in a mailbox, and
- never have to show his face at a polling place.
There was one address in Berkeley that had over 4,000 absentee ballots in a recent election. (Tried to claim that they were a mail drop for some street people. 4,000 of em? Yeah, right!)
Then there are the ballot boxes that are found floating in the San Francisco Bay when there's an election in San Francisco.
And cheating on mechanical and electronic vote-counting, without audit trails, is nothing new. You've all heard about Diebold's touchscreens. But the vote counting a few decades back was done on minicomputers, by proprietary software, where you could pause the program and tweak a register from the front panel switches (and election officials were sometimes seen to do that).
Even mechanical voting machines had opportunities for cheating: It was common to find little stickers in the bottom with "0000" on them - the trace of a voting scam. The wheels would be set to a non-zero value and covered with a sticker. Lock the machine, let the official certify it's zeroed, put it into service. One vote for the stickered candidates knocks the stickers off.
Internet voting isn't necessary for election corruption. It just simplifies automating it.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
There is an analysis on the Unlimited Freedom blog of how Trusted Computing (aka TCPA/Palladium) could solve the problems with Internet voting. The idea is that the voting application could be protected from tampering from other software or the user himself. The secure I/O and sealed storage help as well. Once Trusted Computing technology is widespread then it may be time to take another look at voting on the net.
I'm sure many of you have seen this before, but in case you haven't, I like Cringely's take on how to fix the voting system. Then again, since I'm a Canadian, my opinion is not without bias. But it certainly is nice to know who your new Prime Minister is the same day the ballots were cast! And hardly a computer involved, imagine that...
Yeah, I remember when they canned the Sgt. York. Instead of a whiz-bang modern electronic system, our military was stuck with old, flawed, antiquated tanks. That worked.
Problems solved by current electronic voting systems: tabulation
Problems introduced by current electronic voting systems: more possibilities for vote tampering, verification that any recorded vote actually happened the way it was recorded, verification that the voter is actually qualified to vote, privacy problems
Electronic voting is currenty in the "Sgt. York" phase--a marvel of technology that just doesn't do the job it's supposed to do. However, eventually, the military DID get better, more modern tanks. Ones that even worked. We can only hope that this happens for voting too.
"Good enough" beats the hell out of "shiny new gadget that sucks"
Back in the day people were ignorant and there were far fewer voters to persuade in order to determing an election by a) buying votes or b) forcibly compelling them.
In the present day there are millions of voters and we have very good methods of criminal science and investigation to deter lawbreakers. (Now this may not be relevant to regional elections as the number of voters as well as imperative to dissuade criminal activities are lessened.)
SO if someone did want to buy off an election how much would they have to spend to get even 2% of the vote? The CIA factboook says there are a little over 290 million people in the USA, around 60% of whom are of voting age... minus inelligibles, lets say 45% just to be safe, that's a little over 130 million people, lets say that 10% actually vote.. 13 million. 2% of that is 260,000 people for a presidential election. I don't know anyone who'd sell their vote for $10 but just for the hell of it... that would cost 2.6 million dollars to buy 2% of current voters. Now if you brought in all the non-voting but elligibles... the chances are greater that more people would sell their votes but the percent of total voters would change accordingly, meaning that the more voters there are, the less an individual vote counts, so it would take even more money to buy 2%.
Granted that 2.6 million isn't a lot compared to how much the candidates or their parties spend already... but it is illegal, so they would have to somehow pay off that number of people for that large sum of money AND hide it all from the government, the people, the media, etc.
This assumes that people would be willing to commit fraud a federal crime for $10 and risk going to federal prison for any number of years (I don't know the penalties).
As far as extortion goes, extortion is a crime. How many lackeys are really willing to put pressure on people for this? Knowing that they personally can't possibly convince enough people to make a difference.
The question is... do we really need an anonymous vote in the present day? SO what if your friend give you a hard time, you probably already tell them who you voted for anyways and already suffer the ridicule or whatever. We have anti-descrimination laws already on the books that could be extended to cover this as far as your job or any other official relationship is concerned.
Why not have your vote tied to you? The biggest drawback I can see is that you'll open yourself up to election related spam and direct mail campaigns every 4 years.
I'd like to hear about other real concerns and why we still need anonmous voting. bring it.
A fool throws a stone into a well and a thousand sages can not remove it.
Ever watch the old Dilbert cartoons that used to be on UPN? There was an episode called "Ethics" where Dilbert was assigned the task of building the internet voting system, and how he dealt with the thought of creating a back door for himself or not. In the end, he decided not to, but some h4x0rs got in anyway and added the candidate "Harry McButtcrack" (or some similar name, I forget) as a joke. The american public voted for him.
But hey, it could have been worse. They could have voted for Bush.
Etiquette is etiquette. He kills his mother but he can't wear grey trousers.
Interesting to see how much effort they make in getting overseas soldiers vote, who are much more likely to vote for Bush
Peace
Well, I say if amazon can pull it off charging millions of folks securely over this magic internet, there should be no `technical' reason not to have voting online.
The system just has to be designed `right'. With possibly 10 different open source implementations (implemented by different teams/companies) working as one... (have the client machine talk to 10 different gov servers at the same time - each running it's own implementation), and their results compared. If any one of them is not `correct', then the whole system is taken offline and fixed.
The major issue is correctly determining who is actually at the terminal, but that's not technology (more like faith in that the system works - anyone hear that dead folks can't vote?)
"If anything can go wrong, it will." - Murphy
It's all about whos responsible if it fails in some way. No one can come and take you away if you're in Australia let's say and you cheat on the American vote. You can't use the Internet to vote plain and simple because there is no liability to do so.
To have a succesfull electronic means of voting, you'd have to have some kind of Intranet. Then you'd be able to make legitimate accusations against people. My work can fire me for misusing the internet but what i do at home is pretty much the hell i want to be. It's pretty easy to track the blame to me at work but think about how you'd have to track people through the globe, it's impossible.
Internet voting is dead even before being born.
Trolls dont like to be Flamebait, because they burn so well. Protect our Troll heritage!
But not the confidence problem.
The problem with SERVE is that it got caught in the crossfire from the Diebold issue. It is an easier target in some ways because people are used to ATMs, they are less used to the Internet.
There is a big difference in the two problems, with Internet voting it is much easier to perform one off frauds that afftect single votes. You can trojan a machine if you know a voter is going to use it. It is actually very hard to preform a fraud on a wide enough scale to affect the outcome to any significant extent. It is also relatively easy to create log files etc since there can be redundant machines auditing the IP stream.
The Diebold issue is the reverse. It is quite hard to compromise a system, but if you can compromise the system you can control the vote absolutely.
The other factor that comes into the Diebold story is the incompetent coding, the lack of security knowledge and the refusal to seek any.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
If your going by the Constitution, the recount should have proceeded and, since whichever side lost probably would have taken it to Congress, Congress should have decided.
i on.overview.html
Could you show me where in the constitution it says that a contested slate of electoral votes would allow the issue to devolve to the senate (linked below). Once the Court made its ruling on how and when the votes were to be counted, there would be no grounds or avenue for subsequent appeal. It's the supreme court, and the name means just that. In the event that no decision was reached on the votes then, yes, the vote would have gone to congress, but not in the way that you describe. Each state has 1 vote and Bush won more total states, so he would have won that election (unless you want to make the case that senators and representatives from a state that voted for bush would have cast their vote for Gore and lost any chance of being reelected)... We only have a democracy when we follow the proscribed rules, and while it may be convenient to avoid the rules at times, doing so makes the united states a dictatorship.
http://www.law.cornell.edu/constitution/constitut
It's in the Twelfth Amendment.
If Florida had failed to choose electors by the time the President of the Senate opened the certificates to count votes, then neither Bush nor Gore would have held a majority of possible electoral college votes. Under that interpretation, the House of Representatives would choose the President (in the manner the parent described) and the Senate would have chosen the Vice President. In a 50-50 split Senate, Gore (as the outgoing President of the Senate) would have been in a position to choose Joe Lieberman to be the Vice President under George W. Bush.On the other hand, if Florida appointed no electors (eliminating 25 electors), it could be said that Gore won votes from the majority of appointed electors (266 votes to Bush's 247)...in which case we'd be looking at a Gore/Lieberman Presidency.
One could arrive at either theory if the Florida legislature appointed electors but the Supreme Court found that the appointment was in contravention of state law--see Article II, Section 1 "Each state shall appoint, in such manner as the Legislature thereof may direct, a number of electors..." In principle, the Court could determine that the selection of electors had been unconstitutional and void.
Per the usual disclaimer, IANAL, but even an amateur can see that this is very much all untested legal ground. Further, virtually any action taken could be seen to have some degree of unconstitutionality. The election of 2000 was the sort of exercise to be dreamed up by a law professor--nobody ever expected something like it in real life, I'm quite sure.
I've begun a political party here in Australia:
www.neteffect.org.au
with the intent of using the internet to allow members to vote on policy formation etc.
I want to do this using open source software, whether we build it ourselves or not. Surely there exists a group of programmers out there who together can craft such a system?
I think it could be one of the most important examples of how open source benefits the greater good if we could pull it off, and the flow on effects could be enormous since it would be open for anyone to use across the globe. I'm more than willing to make our political party site the home of it if you are interested.
Come on Slashdot, if we as a group of geeks can't solve this problem, what hope is there that anyone else will?
You are welcome to post in our forum about such a system, and download our Constitution which lays out the rules we plan for online voting, so please have a look at what we're hoping to accomplish and see if it can indeed be done successfully.
Visceral Psyche Films
Well, the current administration can't even get electronic voting to work using custom hardware, let alone using a public infrastructure. The original post isn't as absurd as you say. He's not blaming the internet's lack of intrinsic security on the bush administration, just their lack of commitment to secure (or even truthful) voting.
The reason the recount was so confused in Florida was the lack of rules for the recount. The Florida legislature never took the time or effort required to lay out what counted and what didn't. Specifically, they did not include the common mandate "The intent of the voter should take precedence over all other issues."
This mandate is spelled out clearly in most states (ironically, including Texas) and makes perfect sense. For a real world example, a ballot is issued with the holes misaligned. Just looking at the ballot, it would be difficult to tell which candidate someone voted for. But since votes should count (what a concept!) the effort would be made to see what the effect of the misalingnment was and to give credit to those candidates the voter actually pulled the lever for. Obvious, right? Makes perfect sense?
What happened in Florida was that the Republicans argued that since this mandate wasn't included in Florida law, it didn't have to be honored. In the infamous hanging chad firestorm they said that a paper punch which didn't quite fall off should not be counted. So although the voter had obviously punched out the hole, their vote was invalid and shouldn't counted because they hadn't noticed the punch was still hanging by a thread.
The most crucial areas for this strategy were those that contained a large population of the elderly. They tended to vote for Gore, and they tended to suffer from arthritis, making it hard to manipulate the small stylus. The Republicans saw their chance to stop those votes from counting and took it. They then ran a smear campaign about how these old, infirm, probably senile, fogies couldn't even understand how the voting system worked, so how the heck would we even know who they intended to vote for?
And that's the modern Republican party in a nutshell.
You said:
With motor-voter you can crank out as many registrations as you want. (There's an illegal immigrant on my street who brags about how he goes from precinct to precinct on election day and shows off his >20 registrations. His reaction to questions about whether this is right: "They don't care. If they cared they'd do something to check.")
This sounds like some Rush Limbaugh FOAF. It doesn't make sense. An illegal immigrant got twenty licenses? From your state DMV? With 20 different addresses? Paid all the license fees 20 times? And each time he took the trouble to register to vote? Man, that's a guy who really wants to screw up the system!
Sorry, it just doesn't pass the BS test.
You do realize that, while governor of Texas, Bush signed a law mandating recounts in close elections?
And you do realize that the Republicans were planning on suing for recount after recount if the original count had gone against Bush, even if it meant keeping it in the courts for months? Were they getting ready to whine?
What happened was a neocon takeover of the election process, no more no less. If the election had gone against Bush, recounts would have been sacred. Since it went to Bush, they demanded all recounts stopped.
And you do realize that Bush had demanded at least one, maybe two, recounts in other states at the time the Florida recount was being hijacked? Recounts were fine in OTHER states. Just not Florida.
And there was no problem in counting the votes. A major privately funded recount was conducted during the late part of '01; the results were misreported and supressed by the very news organizations that sponsored it. Because of 9-11, they thought it unwise to baldly state that Gore won, if all votes, including "overcounts" (people who both punched and wrote in Gore's name) were counted.
By all standards but one, Gore won.
Bush issued the ultimate takeback when Scalia and the other neocons stopped the recount. He had lost.
That's a problem in that case.
In my native Sweden absentee voting has to be done either in a post office or a foreign embassy or consulate. In either case there is a an enclosed private area to do your vote in, and an employee that makes sure anonymity procedures are followed.
I've lived in the US for 9 years, and it's fairly shocking how sloppy the voting system is here. It's not really hard to design a fool proof system, if you actually try. It costs a little more money, but come on, it is the entire power foundation for the society. So I have to wonder how much of the sloppiness is there by design. After all the people in power got there through the current system...