Slashdot Mirror
Absentee Ballots by Email?
tordia writes "Bruce Schneier has come out against a plan proposed by the Missouri Secretary of State, Matt Blunt. Blunt's proposal would allow "soldiers at remote duty stations or in combat areas cast their ballots with the help of e-mail." The plan arose when Jim Avery, a Missouri State Representative and National Guard soldier currently on active duty in Iraq, told Blunt that the fax machines required by the current Missouri absentee ballot law are rare, but most soldiers have access to computers.
A spokesman for the Secretary of State's office downplays the privacy and security considerations by saying, "If the soldier is uncomfortable with this process, he or she should not consider this option".
I agree with Bruce when he says "This is troubling"." Like many things, this is a wonderful idea in theory; it's just that darn implementation that things get...messy.
Can't they just use an email -> fax gateway of some sort?
And, if they plan to use email, this seems like the perfect chance to try out digital signatures. The military could organize it.
"If the soldier is uncomfortable with this process, he or she should not consider this option"
:(
.mil or gc.forces.ca email addys to people handing out Gmail invites, to prevent personal info being circulated that could lead down a dangerous path if the enemy decided to look them up. This has been largely difficult to reign in, but for the most part it's a fairly anonymous exchange. No worse than name, rank, serial number. And that's the idea. But if you have to fill out an absentee ballot in this email scheme, it would require much more personal info or it could be easily abused.
That's the worst excuse for bad security I have ever heard, and I think that if it was applied on all other systems, it would be a huge disaster. Look at the ATM for example. What if instead of a bank card, we shifted to an email scheme for withdrawing and depositing money? Email cheques are fairly secure but they have a password scheme and they don't rely soely on email. There's also no private information being transferred with an email cheque, just a link that requires a password over a secure connection. But what if we just made up email money and passed it around? Huge security flaw there. Take it one step further, why not add salt to the wound, by suggesting that if you don't like the insecure system, don't use it! Duh.
If soldiers send their private info over email, this also produces a security risk if the enemy gathers intel on soldiers to use against their families. Bad bad bad idea.
I'm one of the admins of Gmailforthetroops.com and we've had to let everyone know that we only want soldiers to privately provide their
The dangers of knowledge trigger emotional distress in human beings.
This will help cement Bush/Cheney in for '04!
Oh crap, did I just say that out loud?
I'm sure many people will say this, but how secure can this be? Using email to vote? Heh, what if the enemy intercepts the emails and finds out that the soldiers want a new leader, how would this make them look?
Boxing Equipment Reviews
President Viagra your car is waiting
I run a few mailservers :). Every day the spammers and viruswriters come up with a new way to defeat whatever anti-spam and anti-virus measures I implement. It's a case of running as fast as we can to stay in the same place!
So maybe the spammers will decide who gets to be president this time, instead of the Supreme Court.
I'm going to call this election early:
John Kerry: 80,000 out of 150,000 votes
George Bush: 160,000 out of 150,000 votes
Seriously, after all the controversy over the heavily developed Diebold e-voting system, who comes out and says, "let's do it by email!".
If this refers to the SMTP/IMAP/POP3 email system then one wonders why such an insecure system would be considered.
With today's encryption technologies, it shouldn't be that big of a deal to do it securely, but suggesting to do this over standard email after all of the Diebold e-voting fear is rather bold.
I know cryptology is complex but christ, there are a few tenants that even I have picked up reading his most excellent newsletters. Am I the only one who reads these? I can see it now: the US government winds up in Schneider's 'dog house' along with the rest of the shady dealers.
And me having to vote from Vienna
Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
give soldiers ability to send regular postal mail?
a week before Nov 2, simply gather up everyone's ballots (sealed in envelopes), then mail them back home. IIRC, this is what was done in 2000, and many other elections pre-fax machines.
Wouldn't it be easy to spoof the email and cast fake votes?
with technologies such as GPG being used in email to authenticate messages, it's not too far-fetched to think there could be some stations set up to send absentee votes securely, probably more securely than a Fax message ever could be.
Last I remember the USA has a volunteer Army. If they're complaining, it's their own faul for signing up in the first place.
Honestly...it's a good technology, why not take it a step farther?
Of course, I'm sure someone here will be happy to point out to me why it's a bad idea.
I mean really, implementing this for a few people at remote locations seems only fair, given they are risking their lives for the country they should be able to vote.
On the other hand Missouri isn't a swing state, so none of this matters anyway.
autopr0n is like, down and stuff.
Why is it that politicians seem to do everything in their power to undermine public
confidence in the election process? What's wrong with having miltary poll stations
in Iraq and then simply flying the ballot boxes back? Sure, it's more expensive
that e-mail but if the US government can spend billions to put a democracy in the middle east
surely a few million dollars could be set aside to insure integrity of the US vote.
Simon
We should do it like the good old days where it wasn't secret ballot and your employer or other individuals with hired goons and large clubs paid very special attention to how you casted your public vote ;).
P.S. Anonymity is necessary for freedom of thought and speech, that is why voting is anonymous and why you should support I2P, Freenet and Mute.
This somehow got drowned out by all the other problems in Florida, but Bush/Cheney were very successful with cheesy absentee ballots from soldiers last time around.
Now this proposal is taking this approach to a whole new level.
Combine that with electronic voting with no paper trail and I'm sure the coming elections will be much smoother sailing then the last ones and the Chief Justices won't even have to be disturbed this time around.
Oh, I see. If you're worried about security, don't use the system. Right. So, what's to prevent someone from using this system for me in my name? Who decides which ballot is valid in the case of multiple submissions? I certainly hope someone rethinks this idea before it gets implemented. There is simply WAAAAAY too much potential for abuse.
-- Gargonia
Never play leapfrog with a unicorn.
Bush: 1,356
Kerry: 1,498
Nader: 1
L337 D00d Linus Torvalds: 82,239,123
Missouri is ALWAYS in play. The "Show Me State" has voted for the winner in the last X out of Y elections, where X,Y are +1 from last year, and X + 1 = Y, and Y is growing... :)
There is a county in there with almost as much success...
Missouri is right in the middle of the country, with some counties of all types of people.
It is definitely in play.
Alex
Are you for real?
Do you think fax lines are secure? Any enemey stophisticated enough to break into military computer systems probably isn't going to bother taking revenge on individual soldure's families.
And for a lot of these guys, the choice is between this and not voting at all given the unavailability of faxes and regular mail.
autopr0n is like, down and stuff.
If I understand it correctly its not just a plain email. It is a scanned signed PDF file that will be electronically transfered after being approved. Those can be forged but if they keep count on both ends of the number of approved votes then there really shouldn't be a problem. If there is a number difference.. however.. then would they have to throw all the email votes out?
This is a great idea!!! Now where can I dig up a list of overseas soldiers??? Ahhh yes...I knew there was a reason why I bookmarked this story...
I'll turn into a supernova and burn up everything. Well I'll turn into a black little hole and you'll turn into string.
An unknown new president was elected today. Apparently the new POTUS-elect won by making promises to keep Pr3_scr1ption Dr_ug C0st down. And delivering free V1agra with every product purchase. In a strange turn of events, Ticketmaster will be the new Vice-President.
"There is only a one in six billion chance that you actually exist"
In any case, he would *not* get 8/15ths, or more than 50%, of the military vote. Sure, I don't know the best cross-section personally, but it will be more like 35% or so from what any sane person would guess - and it should be much less than that, but 30 years is a long time to get forgetful. That, and the billionaire has somehow convinced people he cares for the poor person's plight.
Why are you using a established standerd, that tends to be insecure. why can you just write software for voting and distribute it via cd-rom or the web. or install it on computers designated as "voting machines" over a secure connection of course
I think it could work assuming that some strong method of verification were including to ensure the integrity of the sent message. That and some sort of pre-registration that would facilitate a follow-up phone call to verify info.
A heavily automated system using e-mail as is would be disasterous. I could see it now. The next president of the US... Viagra!
Let's say I am an employer, and I say "you'll get fired if you don't vote for candidate X". If the only methods of voting are by secret ballot, the voter is protected. Otherwise the voter might be forced or coerced into using the "optional" un-secret method. (And yes this has happened before!)
On top of that concern, we're using e-mail? I don't trust the e-mail system for anything important at all. Last semester we had to turn in our homework via e-mail in one of my classes, which I had qualms about. Lo and behold, at the end of the semester, two of my assignments didn't get counted by the professor. He insisted that the e-mail system was perfect. This idea, very bad.
A spokesman for the Secretary of State's office downplays the privacy and security considerations by saying, "If the soldier is uncomfortable with this process, he or she should not consider this option".
So I wonder what they'll say afterwards...
Spokesman: See, this plan worked perfectly - we got 100% turnout.
Soldier: 100%? How? I didn't use the email voting system.
Spokesman: Sure you did, we have your vote right here. You voted for Kevin Mitnick, and used the reply-to address "haX0r-v0t3r@133t.ru."
Soldier: What?
Spokesman: There you have it folks, as we said beforehand, if they didn't trust it, they wouldn't use it. 100% used it, so clearly 100% trust it. And if 100% of our fighting men and women trust a system they know nothing about, who are you to question it? It's a simple question really: Do you support our soldiers, or are you a terrorist? The terrorists don't want our soldiers to vote.
Stop-Prism.org: Opt Out of Surveillance
Missouri is not a swing state, so this will have no effect on the election.
autopr0n is like, down and stuff.
It's not as bad as it might sound. The only "internet-type" involvement in the process is actually data being moved over MILNET. Very little of MILNET is publicly accessible. When the ballots get to the DoD, they are faxed to the appropriate election officials in Jefferson City, MO.
Not ideal, but it's not as insecure as I would have imagined.
"There is no night so forlorn, no mood so bleak, that it cannot be infused with pleasure by tender meat..." - R.W. Apple
Okay, emailing a vote is not exactly secure, but how secure is faxing a vote?
Oh sure, they can "see" a signature but how many people in the voting office are going to check the signature against the one on file? (IE, how many dead people vote in elections?)
As my commander used to say: A soldier is only happy when he is complaining. It's when they stop complaining that you have to be suspicious.
Who says the US government wants to put a democracy in the middle east? Who says the US government wants to insure the itegrity of the US vote? These cynical questions are brought to you by the number "2" (number of de facto allowed political parties) and the letter "O" (oligarchy).
Until someone created this rule...
'Apply this rule after the message arrives
with republican or bush in the subject
permanently delete it'
I think we should just let them try to count chads again. There is already enough room for counting errors (regardless of which candidate you support you should aggree) with the limited methods of voting. No need to introduce more error. Let's get the ones we have now working before we pile on more.
Here come 400,000 votes for "C0wb0y N3al!!!1"
Yeah it's their fault for not being able to predict the future.
Indecision is the key to flexibility.
My brother is over in Iraq right now. Most of them aren't pissed that they are there. If anything, they are pissed because there's no exit strategy, and because no matter when they leave--next year or the next decade--there's going to be one hell of a bloody civil war with Iran, Syria, Russia, China, and God only knows what other nations involved.
I agree, there is a serious problem with the attitude of "if you think it's insecure, just don't use it". I've run into this same attitude with regards to touchscreen electronic voting machines. I have been told that if I don't trust the ES&S systems, I should just vote by absentee ballot. It doesn't matter if I use a known secure voting apparatus if the other people who are voting do not. It doesn't help that my vote gets counted accuratly if someone can add an arbitrary number of votes for the candidate of their choice.
Hypothetical Example:
1000 people eligible to vote.
600 actually vote:
200 use secure method. They vote 150 for candidate A, 50 for candidate B.
400 use insecure method. They vote 220 for candidate A, 180 for candidate B.
Total legitimate votes: 370 for A, 230 for B.
Now Mr. Vote-Hack adds 200 phantom votes for B, through the insecure method.
Did anyone's vote count, aside from Mr. Vote-Hack?
In some systems, unless the entire system is secure, securing parts of it doesn't really matter.
Just make the system work. Spend your limited political energy insisting that people who work hard in a field you know nothing about get the technical details correct. Write your senator and congress person and insist the procedure look more like the following:
- Require the soldier to acquire a legitmate absentee ballot through the regular mail. (Upside: No forging a million servicemen. Downside: Screams about huge costs of sending physical paper in a war zone. Also, military on extended operations would not receive the mail.
- The ballot should have clear instructions, including a direct order from the Commander in Chief or Joint Chiefs that the soldier be allowed to make his or her own choices, that the officer should allow privacy for these choices, and that the officer should not order, insist, or inquire about the vote of anyone in his or her chain of command. Upside: clear orders in the chain of command may prevent local abuses. Downside: trivial.
- The mail would have a code required to put in your email correctly. It would also have a blank where where the soldier could either keep his or her own votes or some easy hash. (Upside: no forging the sender of the email without touching the physical mail. Downside: may be too complicated for some voters).
- The email responds with a "thank you for your vote, your confirmation code is: . (Upside: soldier knows he or she has voted. Downside: very little.
- The voting bureau sends another physical mail to the soldier confirming this hash code. (Upside: soldier knowns vote was properly received by voting bureau without tampering. Any forgery or tampering by third parties is evident. Downside: Another expensive physical mail.)
You know, only the US (of developed Western democracies at least) makes such a big fricken' mess out of the whole voting process. Pieces of paper and ballot boxes actually work. They may be slower, they may be more expensive, but they WORK and they are transparent. They are scaleable and the hardware is cheap. Recounts are easy and verifiable.
Prediction: the US will be convulsed over the reliability and fairness of its elections procedures every four years for the forseeable future.
Countries using ballot papers and boxes will get their results a bit slower, but will not be convulsed.
As for the argument that e-voting makes it easier for people to vote, thus increasing democratic participation, all I can say is, if you care so little about your vote that you can't be bothered to leave the house to cast it (I"m assuming those who are housebound are catered for) you don't deserve to vote.
Sheesh. I have used up my 'fricken' quotient for today but it was worth it.
Some old technology is very good. Like the bicycle. When I worked in TV we used to bike tapes around rather than using the internet, because as our tech director used to say, "Never underestimate the bandwidth of a man on a motorbike".
I'm not wrong. You haven't thought about it hard enough.
More than digital signatures are needed. There has to be feedback to the soldier that his vote was cast and counted at the central polling place. There is a technology that can do this from the company "vote here" which allows the voter to call in later and check that their vote was recieved unchanged without actually telling them the vote (basically it tells them an encrypted checksum that cant be reversed to reveal the vote even by brute force). This does not prevent the client computer casting the ballot from making a mistake or being corrupted malicously or otherwise. But it does solve the transmisson and feedback problem. I oppose this tehcnology for general public use (favoring paper trails due to their ability ot be recounted) but for soldiers overseas prompt ballot collection may take priority over recountability since the risk is greater that your ballot wont be counted at all than it will be miscounted.
Some drink at the fountain of knowledge. Others just gargle.
Outlook. All military computers have it, just use the voting feature built in. Spam a message out to the troops, and watch the votes roll back in.
"Anyone who is capable of getting themselves made President should on no account be allowed to do the job."-THG
This is a great idea. And I have the perfect idea for an ISP too - let's base it in Florida!
after all the problems with diebold and e-voting, the powers that be are still very keen on e-voting.
Voting by email could work, but probably not with the scheme being proposed.
Every military member has a CAC card which serves as a military ID but it is also a smartcard. Every person in the DoD is issued a digital certificate by the DoD when the card is issued. It should just be an academic exercise to create a voting station where the user inserts his CAC, votes and receives a confirmation that is encrypted with the user's public key and signed with the appropriate private key as an audit trail. I think this scheme fulfills the requirements for a "trusted" voting system. Voters are securely authenticated, votes are audited and cryptographically secured. Of course, the flaw usually lies in the implementation...
We should do it like the good old days where it wasn't secret ballot and your employer or other individuals with hired goons and large clubs paid very special attention to how you casted your public vote ;).
P.S. Anonymity is necessary for freedom of thought and speech, that is why voting is anonymous and why you should support I2P, Freenet and Mute!
i don't think that their ballots should be transmitted in any way, shape, or form electronically. If ballots are supposed to by annonymous, how do they expect to be emailed or faxed, and how do they assure against ballot stuffing by fax or email. I think every soldier in Iraq should get one PAPER ballot, if he chooses not to vote, he should write something like "no vote". and those ballots will be physically delievered back to the US to be counted. but everyone should have the right to vote, as securly, safely, and anoynomously, as possible.
and i'm worryed if they decide to have email ballots, or fax ballots, that someone will spoof emails or something and stuff the ballots.
I've always known instinctively, that if you're going to do a job, do it right from the ground up. There are more secure systems than email for doing absentee ballots that would not take very long to set up, correctly.
In Canada, we have proxy voting. I think if I were a soldier overseas, I would much rather proxy my vote to my wife or someone I trust. That could be handled using snailmail and it would be fine.
I think the point you're missing is that email sniffing is arm's length and can successfully be achieved from anywhere. Therefore an easier action than hacking phone lines, sniffing faxes or gathering intel on snail mail from soldiers. It's not the security level I was talking about, but more the level of criminal commitment. In any of the things you're suggesting, there exists much more perceived danger than simply sniffing email.
The dangers of knowledge trigger emotional distress in human beings.
You mean it's their fault that they were told that they'd have 6 month to 1 year tours that's been extended to 2 years because the U.S. military's been streached too thin?
1f u c4n r34d th1s u r34lly n33d t0 g37 l41d
Please, don't get caught up in all the media hype about soldiers in Iraq.
It's their job.
A hero is someone that is selfless in their pursuit of something to benefit people. For example the person that rescues someone from a burning house.
Some soldiers are heroes of course.
While North Carolina doesn't allow you to cast ballots via email (which is inherently retarded), we are allowed to use email to request absentee ballots.
That is, until this year. They changed the law so now I have to send them a HANDWRITTEN letter requesting an absentee ballot. Why?
World.People[linus torvalds].nationality!= "American" ...
sorry to ruin your fun
...citizenship oaths over IRC will be right around the corner.
Soldiers in combat are rarely cut off from the rest of America's physical presence for very long. Ammunition, food, and other materiel are supplied by American supply lines, even far forward at the front. Those lines also deliver mail, as part of the US Postal Service extended to military requirements. These ballots can be sent securely through those supply lines, as they always have been. Most soldiers can send their ballots in advance of deployment to the front, which is almost always planned long before. Their disadvantage in access to "late breaking news", after their vote but before Election Day, is consistent with the other liberties soldiers voluntarily suspend when accepting military command. Corruption of their right to secrecy, and corruption, through selective demographic ballot under/service, of the people's right to equal access to all voters, is not consistent with military service defending the Constitution.
--
make install -not war
Why not for all U.S. expatriates, if you're going to do something like this at all?
People say I'm crazy, I got diamonds on the soles of my shoes...
Dis counts on Vo tes SAV E up to 80% on Popular Vo tes! ***HOT SPECIALS*** We run a Canadian Votery that will save you thousands of dollars each year on the exact vot es you buy in the United States - Ge orge W. B ush, Joh n KerRy , Va lium, and Cialis and more - No doctor visits or hassles - Quick delivery to your front door
No, the UK will of course try to copy any bad ideas the US comes up with (and probably make them more expensive in the bargain). For example there were recent elections in the UK which were "all-postal" ballots, where "community leaders" were seen filling out a whole bunch of forms (hey, don't worry about that complicated voting business, let us fill out the forms for you :-). So no doubt the UK govt will continue trying to move voting to ever less secure forms...
This is a push. An e-mail is just as good as a fax. Neither are, or were meant to be, secure.
If they could use PGP I'd have less a problem with it. You could scan the ballot and then encrypt the file to the state's public key and send it off. But you can still track the file to the sender so short of using anonymous remailers this still isn't private.
Slashdot, home of supporters of free software, free music, and free speech.Except for Moderators that disagree with you.
Here's an idea?
Just spend the money to setup private voting booths over there. Travel from company to company and allow our guys to vote.
The most dangerous thing you can do in Iraq right now is travel from company to company. I am all for making voting easy for the soldiers, but I would prefer a method that doesn't incur huge risks (if at all posible).
"I'll have a Guinness, no wait, make that a Coors Light" -Grad student I work with, who shall remain anonymous...
Absentee ballots cast statewide by Republican voters following the illegal solicitation of absentee ballots by the Florida Republican Party: 50,000?
Absentee ballots that could not be read by voting machines, but were illegally "duplicated" by county election officials: 10,000 (60% Bush?)
Overseas military ballots that were not legal, but were counted because of massive pressure from the Bush campaign: 680 (71% Bush)
http://democrats.com/display.cfm?id=181
Absentee ballot law (FL GOP)
The Florida Republican Party sent a letter with Jeb's signature and the Florida state seal urging Florida Republicans to vote by absentee ballots. But Florida law (which was made even stricter in 1998) is not a "vote-by-mail" system - voters must have a valid reason for voting by mail. The Republican Party was thus encouraging Republican voters to break the law.
Florida's absentee ballot laws were tightened because of the 1997 Miami absentee ballot scandal that resulted in the voiding of ALL absentees and the overturn of the election. The man who engineered that massive fraud - Mayoral candidate Xavier Suarez - played a key role in the GOP absentee effort in 2000.
Absentee Ballot Law, Voting Rights Act (FL GOP, Seminole County, Martin County)
With the active assistance of GOP Election Supervisors, FL GOP officials sent GOP operatives to illegally alter over 2,500 defective Republican absentee ballot applications, while at least 550 Democratic applications were ignored.
FL Absentee Ballot Law
Pressured canvassing boards in Republican counties to violate Florida's election laws and count clearly illegal overseas Republican absentee ballots, while fighting to prevent Democratic counties from counting similar absentee ballots
14th Amendment, Voting Rights Act
Forced hand counting of heavily Republican absentee ballots that the machines couldn't read - while delaying and blocking hand counting of poll-cast ballots in heavily Democratic counties that the machines couldn't read, thus treating ballots differently and discriminating against black voters
http://democrats.com/display.cfm?id=239
But it is in the "low-tech area" of absentee ballots, as Miami Herald columnist Jim DeFede puts it, "that things get really funky." Most critically, Hood and Gov. Bush have championed a new state law that abolishes Florida's longtime requirement that absentee ballots be witnessed. While some other states, like California, do not require witnesses, no state has Florida's history of institutional vote fraud.
http://slate.msn.com/id/2105524/
So now please tell me if there isn't a reason to be concerned.
After all, nobody's ever stolen a ballot box, stuffed a ballot box, altered a paper ballot, discarded a paper ballot, or anything at all like that.
If the US government can't manage to let the servicemen vote properly and get the votes back to America in time, maybe they shouldn't go to war. Period. Because other countries manage to do so.
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
I came up with the idea of voting on the Internet all by myself. I really did. It was about 1994, and some new fangled browsers supported things called "forms" where they could accept input data from the end user and do something with with.
I also came up with the idea that internet voting is bad, all my myself. That was in 1994, about 20 minutes after I came up with the idea for internet voting.
But after all these years, "smart" people are still coming up with the idea, over and over again. Voting by email? That's worse than web voting! When will people realize that the internet is not secure? Sure, you can encrypt, you can obfuscate, you can encode, but at the end of the day, data is travelling over a long distance, and in a situation like voting, where the Bad Guys know where, when, and what type of data it is, it's just crying out for a lawsuit. And in that lawsuit, no intelligent technologist is going to day "there's absolutely no way it could have been tampered with".
Even if they don't break it right then and there, what if they snag all the encrypted data, and break it a year later, and come out and say "that other data was bogus, THIS is the real data!".
cross posted here: http://derosia.com/phlog/post.php?post_id=237
yadda
Only a fool would volunteer for military service with the expectation that they would never actually be expected to go to war.
Blow out the economy, ship out millions and millions of blue collar entry level jobs, and now white collar entry level jobs, leaving millions of recent high school grads puzzled what they heck they gonna do for a living-check
Offer huge cash bonuses, sign up offers, dangle the carrot of "free college" to join up, along with exciting video games turned to reality-you too can shoot off all sorts of weapons and kill people, well not people, near-people, animals really, ragheads, sandniggers, filthy muslims, this generations gooks, slopes and slant eyes-and become a hero! Defend das homeland! Adventure! Something every young guy wants, I mean, saddam took down the WTC towers, right? And he was 15 minutes away from launching WMD equipped ICBMS, right? That's what the glorius leaders said, and they always tell the truth and stuff-check
"willing volunteers"-check
uh huh "willing"., Well, in a way they are I guess.
import oblig.disclaimer.I-am_USian;
Its pretty sad that this kind of stuff is necessary given the climate here...
in general?
I've not done it myself, but I seem to remember that you have to sign the ballot when you send it in. (To verify you're the one making the vote).
On the flip side, with email voting you don't have to do it in front of the commander. I presume the limited fax machine availability means they're in the CO offices.
"The fax machine is already in use...just leave that ballot on my desk Private Johnson, I'll see to it that it gets sent!"
* opens ~/2004-election/.procmailrc *
There are probably a million ways to tamper with email ballots... One could even use the linux iptables "mangle" module, for an election-tampering router.
Hey, if you don't like it, just don't vote!
Why can't they ever just say "We need a way for soldiers to easily cast an absentee ballot" and then let people who know what they are doing come up with the proper system?
This is a problem where I work as well.
Its a decently reliable service that isn't too expensive. If anything, they should give the service to them for free and get some good PR!!
Have Americans forgotten this?
Of course, we Canadians take election ballots very seriously. For example, it is illegal to eat your ballot. This upsets some people. (No, ballot eating has nothing to do with the topic at hand, I just wanted an excuse to post that.)
The instances you provided are certainly heroic, but they don't happen all the time. Riding around in a hummer on security detail or fixing fighter jets is not heroic. Dangerous, yes. Worthy of respect, yes.
The point is, a blanket statement that all men & women in the service are heroes is false. Heroic status is assigned on a case by case basis. Saying everyone in the armed forces is a hero waters down the meaning.
First we give you John Ashcroft, then we become the first state to constitutionally ban gay marriage and now this brilliant idea. Just ignore us and maybe we'll go away.
Voting by email:
* Eliminates anonyminity
* Eliminates voter verifiability
Each of these are an important characteristic of our voting system.
If we can't manage to pull the men and women fighting and dying for their country off the front line long enough to get a single vote in, then what the hell are we asking them to die for?
May we never see th
Problem:
.mil has all the soldiers data in place and communication channels with each soldier well established
Loss of anonymity. But then, i dont think soldiers would mind that much.
All the rest would be good though, cause this could be through the internet, completely out in the open, and
NO SIG
Write an ActiveX application that will run on client's IE and it will communicate with the server running on... IIS! Totally secure !
getSexySig();
I would use this system without concern.
Military computers are normally highly secured, and I imagine these ballots will be being transmitted via the militarys own internal email, not over the public internet.
It would be no less secure than your own internal email - the email doesn't go out to the internt so it is as secure as your own private network is, which in the mili9tarys case is likely very secure.
The problem remains though that the alternatives also have holes. Snail mail can also be intercepted, but the worst of that is that the ballot fails to arrive at the intended destination. I suppose you could set up a precinct count over in the warzone, but that's even more risky to the people running the tally.
So frankly, you can't win, you can only reduce the odds of problems.
I guess I'm fully against electronic voting for the same reason that I sneer at places like Petitiononline.com - electronic data in this fashion can be futzed with far too easily, and therefore it can't be considered valid.
This sig no verb.
Comment removed based on user account deletion
I don't think we'll know for sure until at least eight years after the election.
OT: Sorry to hear that autopr0n is down (and stuff). It's a very interesting piece of code, and I've often recommended to web developers that they study it. Some of them probably don't study it in the way I meant, but I don't see myself as the guardian of other peoples' morals, so I don't care.
(A) The Libertarian Party is not going to win this election, no way, no how. That's just cold truth.
(B) Our voting system is set up in such a manner as to eliminate the possibility of third parties becoming influential.
(C) People who tell you to vote third party want you to spend your vote on someone that will not win, thus weakening your political power WRT who *will* win the Presidency. They are most likely politically opposed to you.
There is a way, a legitimate way, for Libertarians and Greens and the like to get a candidate in, and that is to push through vote reform, be it preferential or some other improvement, so that third parties have a chance of becoming a player. Until vote reform happens, though, third party voters are, even in the best light, nothing more than a lobbyist group.
May we never see th
1.) The application has to get to the voter somehow. This is not as much of a problem as it once was, because one can email the town clerk and ask for it to be mailed, one's relatives can send it to you, or you can print it out from the Secretary of the State's web site.
2.) Once the application is filled out, it must be mailed back to the Town Clerk. Currently, the law allows one to fax the application to ensure the ballot goes out in a timely manner, but it must be mailed at the same time it is faxed. If the application is not received in the mail be the close of polls on election day, the ballot is rejected.
3.) When the Town Clerk receives the application, he prepares a ballot and mails it.
4.) Then I get to vote. And mail back the ballot. And hope that it's received in time.
That's a cycle of three or four mail trips across the world. Anybody overseas who wants to vote absentee needs to get going right now to make sure their votes are counted! Incidentally, look at the audit trail absentee balloting leaves in its wake: the completed application, an outer envelope for mailing, an inner envelope to ensure ballot secrecy, and the ballot itself. With the potential for mischief that absentee balloting presents, I am glad all this paperwork exists. However, in the interest of timeliness and of not disenfranchising remote voters, I think the application process, but not the voting itself, can be shortened by using email without sacrificing security. Imagine this process:
1.) The voter emails the town clerk with the required information and a digital signature.
2.) The clerk mails the ballot.
3.) The voter mails back the ballot.
That's two mail trips. That's still a wait, but the process is simpler, there's still an audit trail, the identity of the voter is still verifiable, and the ballot is on good old paper. Why can't states adopt a sensible, middle-ground process like this one? And why doesn't Missouri's chief elections official understand the importance of an auditable vote?
How can a sarcastic post about voting security be marked as a troll in a discussion on voting security? Please MOD UP.
For every problem there is a solution that is simple, obvious and wrong.
Everyone's welcome to give blunt but constructive feedback about The Security Mentor. It's a free newsletter aimed at the mass market, but trying to give more accurate and current information than the press.
For example, all the SSL certificate chaining bugs, padlock UI spoofs, bad certificate issuance practices, and CRL's being unused by default got summarized as something like "the little padlock is supposed to guarantee that you're really talking to the right web site, but it only works if a lot of people you don't know do their jobs right."
I've had some articles about e-voting.
It's http://www.berylliumsphere.com/security_mentor , please be gentle (I'm on cheap hosting right now).
If military personnel have scanners in Iraq, then couldn't they just scan the ballots and use their fax-modems to send them? So why are we proposing to email scanned ballots when the problem is (quite obviously) that they don't have scanners.
One of the main reasons to vote third party is that eventually, third parties will be permanently on the ballot. They will only get that when they poll significant numbers. The Rs and Ds don't have to jump through hoops every single election to get their candidates listed (or in any televised debates). Third parties (states vary, speaking in general terms now) have to every time go through petition drives and use up their meagre contributions just to get on the ballot, and it's heavily skewed against them.
As to wasting your vote, the only vote wasted is one not cast-or one cast then hacked and altered inside a blackbox voting scam.
The problem with email voting is not that someone might sniff and read your email on the way, or even falsify votes. Those are pretty easy to fix. The problems are those of:
* Loss of anonymity. This is an important characteristic that prevents vote-buying or reprisals against people who vote "incorrectly" (since there's no way for a political party to find out who voted which way). If you're sending via an email system, and the system is secure, it's a pretty damn good bet that you're exposing your identity (via signed, encrypted email or whatnot).
* Loss of the local privacy guarantee. Voting booths are secured. Who might be looking over your shoulder when you vote?
* Loss of the non-coercion guarantee. If I can just fire off an email, someone can have a *gun* to my head forcing me to vote a particular way.
* Loss of a controlled voting environment. How many Outlook worms does it take to convince people that email clients and desktop systems just aren't all that locked down?
* Loss of voter verifiability. With a paper ballot, I can verify that the card contains the hole that I punched in it. Short of physically substituting cards (something that's a hard to do and much easier to guard against), someone can't attack your vote data. With e-voting, there are a huge number of places to allow a different vote to be submitted than what you wanted -- in the client OS, in the client email system, in the vote-counting system, etc, etc, etc. There are a *lot* of programmers that can be bought off or act in a partisian manner -- and any one can compromise the entire system.
I do think that the men and women dying for our country should have the right to vote. But they also deserve the same guarantees on their voting process that they and the rest of us have enjoyed for a long, long time. If we can't pull them off the front lines long enough to vote...what is it, exactly, that they're fighting for?
May we never see th
A soldier is only happy when he is complaining. It's when they stop complaining that you have to be suspicious.
I can only imagine *my* boss having that philosophy. Ugh.
May we never see th
the democrats won't try to throw their votes like they tried in the last election...
..comming to a 4 digit password user near you!!
In view of the current permanent state of hightened security and the eternal war against terrorism, henceforth all government employees will cast votes for the current reigning president. All yay votes will be cast automatically via email. Any argument of this new practise will be regarded as high treason and is to be reported to your nearest Republican representative. Thank you for your cooperation. Heil Bush!
kin242.net
Well, my nephew got killed and wrote in his letters that this war was started by a morally bankrupt government that lied to its own people to further the tunnel vision that a small elite had been putting forth all the way back to 1996.
Keywords for you here: The Project for the New American Century.
If you want to hear the real signed letters and stories of the families and soldiers who are in Iraq right now, go here:
http://http//www.mfso.org/
Mr. Cheney: Colin, Can you believe that we have over 1 million Republicans in Iraq and only 150 Democrats?"
Mr. Powell: "Yes Dick, With that many soldiere, its no wonder the war is costing so much." "Wait, how many did you say?"
In Canada, we can pay each other via email. EMT (Email Money Transfer) is available through all banks. From your on-line banking site, you can transfer money to any person who also does on-line banking and have an email address. So, you pay them at your bank site, they get an email from the bank, click on it and deposit the money in to their account. It's very secure. So, you're paying through email, not by email. If email voting also followed this principle, it might work.
No way should a soldier's superior officer have any way to tell how that soldier voted. No way. That's fundamentally un-American.
Money has an inherent feedback. the transaction is not anonlymous like voting. You can tell when you have been cheated. Voting you do not know. this is the difference.
All the military branches are issuing CAC "cards" (Common Access Cards) to
all military personnel, which allow military personnel to digitally sign and
encrypt e-mail (as well as access secure areas and more!). The voting
offices should acquire some similar PKI certificates (like the one used with
this e-mail), this would allow a soldier to encrypt the e-mail containing
the PDF file of the absentee ballot and send it directly to the election
official. If the e-mail wasn't digitally signed by the soldier or one of
his agents, it would be a serious military security problem as well as
voting problem.
If anonymity is not an issue, digital certificates could be used to do the
whole process electronically just as effectively.
Basically, they could save some effort and add security by skipping the
Pentagon step.
Thanks,
IMarvinTPA
Trusting software vendors is no smarter than trus
As someone very interested in ensuring Kerry wins, I am very comfortable with this process. This would produce lots of opportunities to enhance their votes!
"Vote early, vote often."
The issue is, don't rely on these so called experts until time enough has elapsed to determine whether or not it is a success.
As far as I am concerned it is a success. It will save hundreds if not thousands of lives, possibly hundreds of thousands, and for very little cost compared to other wars.
The only problem I have is that everyone is too busy jumping up and down about Iraq and ignoring the stench from Africa. UN and US alike are all ignoring a tragedy in Sudan. Honestly we should go there as well but alas there isn't that much slack in American military right now. Hopefully some other country will step up to bat.
My real concern for the future, what will the ayatollah's in Iran do to stay in power? Wars are a great way of focusing one's own people...
Back to the story in question. My boss's son has been there 3 times and will go back when asked. He has wired schools and hospitals. He says the difference is easily noted. One thing he made clear, press people don't want to talk to soldiers with a good outcome story, they just walk away.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
I am a military memeber and voted absentee from a rather liberal area of California. At the time, I lived in a military housing neighborhood for officers, of about 500-1,000 families or so. Anyway, about a month after the election, my ballot showed up in my mailbox. No postmark, no "incorrect address", no "incorrect postage", no marks of any kind. IICR, the letter was pre-addressed, but at any rate, I remember verifying that I didn't do anything stupid like address it to myself. I spoke with another person who had the exact same thing happen to him in the election.
Can anyone tell me how this could have happened? Until I hear a good explanation, I will cynically cling to my belief that a postal worker intentionally prevented my ballot from being delivered, knowing that the ballots would be slanted heavily Republican...just curious.
"It takes considerable knowledge just to realize the extent of your own ignorance." - Thomas Sowell
The bitch in charge of the Florida Elections Commission is - get this:
Counting the ballots for her own election!
Without a watchdog!
And has printed PARTY AFFILIATION on each envelope to be used to return absentee ballots in order to make sure she can tell which ones are "reliable"!
Plus thousands of absentee ballots have "gone missing".
Plus she's a "Republican turned Democrat"!
It doesn't get better than this.
Bush and Karl Rove have got plans for all those people who think absentee ballots are going to save them from corrupt voting machines.
And if that doesn't work, there's always Iran and North Korea waiting in the wings.
Five US military aircraft penetrated Iranian airspace a couple days ago to test the air defenses - obviously preparing for an attack on Iranian nuclear facilities.
And the US and Japan are scheduling "nuclear interdiction naval exercises" near Korea in October.
Oh, yeah, "October Surprise" is on the board.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
* Alfred French, who signed an affidavit accusing John Kerry of exaggerating his war record, is in trouble after it was revealed that he didn't serve with Kerry and did not actually witness his behavior in Vietnam. Lying in affidavits is obviously not a good idea when you're a county prosecutor. Oh yes, he also got caught lying about an extra-marital affair.
* After Ken Cordier's departure from Team Bush (see Idiots 167) it was the turn of Benjamin Ginsberg to quit last week when it was revealed that not only was he a lawyer for George W. Bush's campaign, he was a lawyer for - surprise - Swift Boat Veterans for Truth. We hear the door did not hit him in the ass on the way out.
* Jim Russell (who, unlike the Swift Boat Veterans for "Truth," was actually there the day that Kerry pulled Jim Rassmann out of the river) composed a stirring letter contradicting their story. "The picture I have in my mind of Kerry bending over from his boat picking some hapless guy out of the river while all hell was breaking loose around us, is a picture based on fact and it cannot be disputed or changed," he wrote.
* Larry Thurlow signed an affidavit accusing Kerry of lying about being under fire when he rescued Rassmann, saying "no return fire occurred.... I never heard a shot." This directly contradicts his own Bronze Star citation (see Idiots 167). But a third Bronze Star was awarded that day, to another Swift Boat skipper, Robert Lambert. Lambert's recently-released citation says that "all units came under small arms and automatic weapons fire from the river banks," and that Lambert "directed accurate suppressing fire at the enemy." The citation praises his "coolness, professionalism and courage under fire." Thurlow claims that Kerry faked the citations by falsely describing events to superior officers. But Kerry is not the eyewitness on Thurlow's citation - Lambert is. Can it be any more obvious that Thurlow is lying?
* John O'Neill has been making a big stink lately over whether John Kerry was in Cambodia or not during the Vietnam War. It appears that nobody - including Kerry - is really sure. But O'Neill - as usual - made himself look like a complete ass by claiming to CNN that he (O'Neill) had never been in Cambodia and in fact it was impossible to cross the border by river. Whoops! It turns out that O'Neill appears on an audio tape recorded in the Oval Office telling the complete opposite to Richard Nixon. O'NEILL: "I was in Cambodia, sir. I worked along the border on the water." NIXON: "In a swift boat?" O'NEILL: "Yes, sir." Ah, credibility. We hardly knew ye.
* Even George W. Bush admits John Kerry is a war hero, saying last week, "I think him [Kerry] going to Vietnam was more heroic than my flying fighter jets. He was in harm's way and I wasn't." So now it's clear that either George W. Bush or the Swift Boat Idiots are lying. One or the other. Who can it be?
A few years ago, a friend of mine was running for Nevada State Senate, as a Libertarian in a two-way race. She was well-connected locally, and her "official" vote results were 45%. The local elections clerk, a Democrat, was busted shredding "unused absentee ballots" right after the election, in an election with high absentee ballot submissions, and the local Republicans estimated that the amount of fraud was about 6%, based on the differences between their polling for their candidates' races and the election results. The state senate would have been split 10-10-1 had she won.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Both Windows XP and OS X have built-in fax software. If these soldiers have access to a computer, surely they have access to an analog phone line, if fax machines proper are scarce. Wouldn't a fax from the computer be more secure than e-mail?
jf
Unless you think massive stores of WMDs in Iraq is/was "plain, indisuputable, and solid fact" - in that case you may be correct. Most people *I* know, however, refer to that as "bullshit." Actually:
Democratic lawyers did initially ask that overseas ballots adhere to law, but the Gore team later suggested that the ballots be re-evaluated and they never challenged any subsequent additions even though, at the request of Bush lawyers, selective counties recounted military ballots using different standards. Can you say, "Equal protection violation"?
The Dutch Government sponsored the development of an Open Source, GPL-ed solution that is probably more appropriate and less costly in manpower than the proposed matter (not to mention the human chain of trust that has to be established). Allow me to refer you to the paper and an article in The Register, although the paper is in Dutch.
You can also have a look at the code . The Dutch text surrounding the link to the ZIP file is mainly explaining the ZIP file and showing an MD5 checksum for the archive.
In conclusion, there is verified code out there for expat/remote voting, open and accessible. I would start asking questions if anything less was used. Consider the amount of people you need to trust to make this system democratically sound, and the privacy you need to give up. Conspiracy theorists would at this point strongly suspect alterior motives, and in this case I'd actually agree with them..
Insert
Standards exist to verify receipt of messages and are implemented in most popular mail clients. If users choose not to use those features, they have only themselves to blame. The students should have requested read-receipts and the professor should have sent those receipts.
...fraud by the fist-full? Is this government going to expend the resources to do this right? Anyone with even a light background in cryptographicly secure communications knows this is not simple problem this is.
Ignorance kills, complacency kills, hatred kills, but usually not the ones guilty of them.
Here's more --- JFK was whacked by the CIA and fluoride is really a communist plot to subvert the populace!
My mom recently got a call with what is apparently George Bush's recorded voice saying she is getting an absentee ballot in the mail soon. Since she did not request the ballot and literally lives around the corner from the place she would normally vote, the phone call sounds suspect. Anyone know about these things? I already warned her that it could be a scam.
-- "Makes Little Debbie look like a pile of puke!" - Moe Szyslak
OK, Bruce knows that I usually agree with him, but not this time. I don't think this is troubling. I think this is fucking insane! Please forgive me my vulgar language, but we are talking about the very fundament of democracy, for God's sake! What the hell is so hard with writing an "X" on a damn paper?! I just can't believe it, this is completely insane and utterly stupid.
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
. . . that the true enemy is Audi Arabia?:
In 2001, Saudis lead by the Saudi Osama Bin Ladin, financed by Saudi Money attacked the United States of America. From the point of view of his attackers, your nephew is an invader. Iraq is like Spheron 1. Pissing off the Iraqis just drives them to Al-Qaida.
Right from the start, I knew that it was a war for making Cheney rich (Where does Halliburton.Com end and USMilitary.Mil begin?), but I figured that getting rid of Saddam Hussein would be a good thing. The new dictator is Dr. Iyad Allawi. Dr. Iyad Allawi worked his way through medical school as an assassin. This is my vission for Iraq in 2020:
Dr. Iyad Allawi will have killed over a million of his own people.
Iraq cost money, lives, ties down our military (if China wanted to annex Taiwan or North Korea wanted to annex South Korea, we, as things stand could not do a thing about it because of Iraq), weakens relations with our allies and is the best thing for Al-Qaida-recruiting to come along in years.
The fact is that the Bin-Bushes bend over for the Bin-Ladins. Dubya Shrub is a Saudi-lover -- Saudi-mite!
Impeach Bush
If they get enough absentee ballots that say "ENLARGE YOUR PENIS SIZE" or "FREE VIAGRA" or "K1DD1E PRON", will Bill Clinton be re-elected?
--Petey
Mod Parent UP UP UP +5 Insightful
1 081553/qid=1094331320/sr=1-3/ref=sr_1_3/102-547092 0-4605741?v=glance&s=books
Anybody who tells you to vote for a third party that does NOT support vote reform is either completely ignorant or serving some other interest. Without election reform, even if hell DID freeze over and a third party bumped off one of the current "Big 2", we'd very quickly be left in the same despicable "Least Worst Choice" voting situation that we are now stuck in.
Scoff all you want, but this is the absolute truth. Now, if you prefer milquetoast issues and bland, dissimilar parties, that's another topic altogether. But as it stands right now, 3rd parties ARE a waste of your vote.
If you want to learn more about the arguement for election reform, possible changes, and their pro's and con's, read the very well-written book "Real Choices / New Voices" by Douglas Amy. http://www.amazon.com/exec/obidos/tg/detail/-/023
Repetition does not transform a lie into the truth. - FDR
I know that sending a plain text e-mail ballot would be rediculously unsecure (not insecure, right?). But, what would be the security problem of sending an e-mail with a properly encrypted, and I mean very strongly encrypted, ballot as an attachment to an e-mail. Couldn't that solve the problem of securing the ballots and verifying their integrity? Matt
crap post
praise allah
he will strike down his enemies
all praiese to him
glorious jihad
amen
main(0)