DC Suspends Tests of Online Voting System

← Back to Stories (view on slashdot.org)

DC Suspends Tests of Online Voting System

Posted by timothy on Tuesday October 5, 2010 @11:18AM from the vote-erlich-and-often dept.

Fortran IV writes "Back in June, Washington, DC signed up with the The Open Source Digital Foundation to set up an internet voting system for DC residents overseas. The plan was to have the system operational by the November general election. Last week the DC Board of Elections and Ethics opened the system for testing and attracted the attention of students at the University of Michigan, with comical results. The DC Board has postponed implementation of the system for 'more robust testing.'" Update: 10/06 02:42 GMT by T : University of Michigan computer scientist J. Alex Halderman provides an explanation of exactly how the folks at Michigan exploited the DC system.

170 comments

"MORE robust testing" or "more ROBUST testing"? by Mike+Kristopeit+9 · 2010-10-05 11:24 · Score: 1, Troll

has there been robust testing yet or not?
1. Re:"MORE robust testing" or "more ROBUST testing"? by blair1q · 2010-10-05 11:32 · Score: 1
  
  He means "rigorous".
  You mean "robustness".
  0 marks all around.
  [Hail to the Redskins...
  Hail vic-to-ryyyyy...]
2. Re:"MORE robust testing" or "more ROBUST testing"? by BadAnalogyGuy · 2010-10-05 11:36 · Score: 1
  
  Hail to the Redskins...
  Hail vic-to-ryyyyy...
  Just hearing that makes me want to headbutt a wall!
  Go Skins!
3. Re:"MORE robust testing" or "more ROBUST testing"? by Michael+Kristopeit+1 · 2010-10-05 12:00 · Score: 0, Troll
  
  i most certainly did not mean "robustness"... i mean only to uncover the intentions of an ambiguous bureaucrat trusted with appointing my representatives.
4. Re:"MORE robust testing" or "more ROBUST testing"? by blair1q · 2010-10-05 12:15 · Score: 1
  
  Well, since you seem to come in packs of 10, I think you're not the one we want investigating voting irregularities.
5. Re:"MORE robust testing" or "more ROBUST testing"? by Michael+Kristopeit+2 · 2010-10-05 12:36 · Score: 0, Troll
  
  i assure you i am 1 person... and everything i am packing is loaded.
  it seems you come in packs of 1q... odd... the only other thing i know of that is distributed in 1q packs are IDIOTS.
  i think you don't want me investigating voting irregularities because you are scared that i will reveal THE TRUTH.
6. Re:"MORE robust testing" or "more ROBUST testing"? by Anonymous Coward · 2010-10-05 13:03 · Score: 0
  
  You did not win.
  And you only have yourself to blame.
7. Re:"MORE robust testing" or "more ROBUST testing"? by Michael+Kristopeit+8 · 2010-10-05 13:10 · Score: 1
  
  in a discussion of purported facts, there is the truth and there is lies.
  i have presented the truth, as can obviously be seen.
  your attempt to suggest a game was being played, seemingly to justify your continued attempts at lying is pathetic.
  you are NOTHING
8. Re:"MORE robust testing" or "more ROBUST testing"? by tqk · 2010-10-05 13:49 · Score: 1
  
  Moriarty, s'tat choo?
  Had to be asked.
  
  --
  "Tongue tied and twisted, just an Earth bound misfit ..." -- Pink Floyd.
open public review by Anonymous Coward · 2010-10-05 11:25 · Score: 1, Insightful

Every critical government system like this should be required to pass through a period of open public review before even being considered for use.
They could actually use prizes to be paid by the government contractor who submitted the bid. If they do a shoddy job on security, they'll not only lose the bid, but they'll also lose additional money (a refundable deposit) to whoever finds their security flaws.
1. Re:open public review by blair1q · 2010-10-05 11:47 · Score: 2, Informative
  
  It's open software, so you can look at it any time you like.
  Of course, so can the h4xx0rs.
  And they don't have to pwn it until election day. By which time you no longer have open access to the code in the box. You can try to hack it, but you probably won't be able to tell what other hacks have been applied by looking at the binary.
  The fact is, if the voting system is built on an operating system that allows a superuser access to all things, then it's ultimately vulnerable to all types of hack, as long as there's any exploit that allows superuser access.
  And if it has an IP component over the public interwebs, all bets are off, no matter what TLA you're using to encrypt it.
2. Re:open public review by blair1q · 2010-10-05 12:14 · Score: 3, Insightful
  
  But a paper vote can be audited by the original voter.
  And electronic vote can be manipulated just long enough to pass through the counting register, and when it gets back to the original voter it can look exactly like it did before it was manipulated.
3. Re:open public review by Anonymous Coward · 2010-10-05 14:21 · Score: 0
  
  He's not a coward. He's an American.
4. Re:open public review by Michael+Kristopeit+3 · 2010-10-05 14:45 · Score: 0, Troll
  
  uh... he IS a coward. of the anonymous variety... perhaps the most cowardly of the coward.
  you're an idiot.
5. Re:open public review by Anonymous Coward · 2010-10-05 20:18 · Score: 0
  
  In general, I do not think voting machines should be Turing-complete. That means customized hardware, so it'll be expensive, but that's just how it goes.
6. Re:open public review by Notquitecajun · 2010-10-06 01:52 · Score: 1
  
  Limited open source for electronic voting may be a good answer. The code shouldn't be proprietary, but I've no problem with private corps coming up with it. The code should be able to be essentially peer-reviewed by the public in some manner, but probably not created that way.
7. Re:open public review by Anonymous Coward · 2010-10-11 08:17 · Score: 0
  
  And you are a shithead without a brain. What is your point exactly?
8. Re:open public review by Michael+Kristopeit+6 · 2010-10-11 08:27 · Score: 0
  
  i'm not a coward, and as you have exactly suggested, i DO have a point...
  why do you choose to cower? what are you afraid of?
Electronic voting, yes! Online voting, no! by BadAnalogyGuy · 2010-10-05 11:28 · Score: 2, Insightful

Voting machines should definitely be electronic.
Online voting seems to be so problem-prone as to be useless. Something as simple as a smurf attack could potentially block every voter from casting their ballot in time.
1. Re:Electronic voting, yes! Online voting, no! by hedwards · 2010-10-05 11:33 · Score: 2, Insightful
  
  I have to agree, online voting has some very serious problems with it. Even if you solve the technological ones, you'd still have to figure out how to prove that the person that's actually voting is the intended voter and that there isn't anybody there that's suggesting how they should vote.
2. Re:Electronic voting, yes! Online voting, no! by hedwards · 2010-10-05 11:34 · Score: 2, Insightful
  
  Erm, on further thought, that would just make it like vote by mail.
3. Re:Electronic voting, yes! Online voting, no! by Obfuscant · 2010-10-05 11:55 · Score: 4, Insightful
  
  if we can't make online voting work, we can't function at all in the digital age.
  Current history disproves this your statement. We cannot yet make online voting work and yet we function pretty well in the "digital age".
4. Re:Electronic voting, yes! Online voting, no! by h4rr4r · 2010-10-05 12:29 · Score: 1
  
  You could try defining digital age if you want to make the argument that it has not begun or that we have failed at it. The current normal understanding is that we are living it right now.
5. Re:Electronic voting, yes! Online voting, no! by jd · 2010-10-05 12:30 · Score: 2, Insightful
  
  Not necessarily. It should be possible to devise an online voting system that worked securely and reliably. To defeat DoS/DDoS attacks, you would probably want to have virtual circuits (eg: MPLS) or bandwidth allocation (eg: RSVP) such that an attack cannot encroach on the voter's bandwidth. Alternatively, an ISP could run Snort or another NIDS system in such a manner as to detect a DDoS attack and block the source addresses. So long as it was done far enough upsteam that there was still available bandwidth, this would prevent an attack. Or they could use a packet-dropping scheme that is designed to handle "unresponsive flows" such as UDP and ICMP.
  In the case of RSVP, there would be a certain bandwidth reservation (via UDP) between the client and the central server. This bandwidth is guaranteed by the protocol and the routers enforce this. Because it uses UDP, you have to then use a layer on top of that to provide the reliability. There are plenty of file-transfer protocols using UDP that have such layers, so the code is out there.
  However, ALL of this requires cooperation by ISPs at one level or another. In other words, the ISP would need to be certified as capable of guaranteeing vote delivery in order to provide any kind of guarantee. This could be done. The ISPs won't like it, but it could be done.
  
  --
  It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
6. Re:Electronic voting, yes! Online voting, no! by Gofyerself · 2010-10-05 12:33 · Score: 1
  
  We can't even make paper voting work, what makes you think we will ever get online voting right!
7. Re:Electronic voting, yes! Online voting, no! by Cylix · 2010-10-05 12:40 · Score: 2, Interesting
  
  Nope,
  There several network appliances that can assistance and eliminate most of the overhead of a denial of service attack. This of course would not compensate for upstream saturation, but you have within your power to eliminate a good deal of it long enough to work with upstream providers.
  This is why lots of new denial of service attacks focus on exploiting content which has a high application cost. ie, find a page which has too much dynamic content or generates slowly due to dependent services being at threshold. With this mindset you can essentially pressure point an application host even if it is well protected.
  If you have to secure, enforce constraints or manage much of anything at the host level you are going to suffer quickly.
  
  --
  "You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
8. Re:Electronic voting, yes! Online voting, no! by Michael+Kristopeit+4 · 2010-10-05 12:40 · Score: 0, Troll
  
  We cannot yet make online voting work
  my personal ability to make online voting work disproves your statement.
9. Re:Electronic voting, yes! Online voting, no! by dkleinsc · 2010-10-05 14:53 · Score: 4, Insightful
  
  Voting machines should definitely be electronic.
  Why? What exactly do electronic voting machines give you that, say, an optical scan paper ballot doesn't? Electronic voting has more often than not been a solution in search of a problem.
  
  --
  I am officially gone from /. Long live http://www.soylentnews.com/
10. Re:Electronic voting, yes! Online voting, no! by NatasRevol · 2010-10-05 14:58 · Score: 3, Insightful
  
  Trivial? Yeah right. And you wonder why other moderators are rating you flamebait.
  Online voting is not trivial for one reason. Security from vote tampering.
  If you can get 300 million people to vote online, without vote tampering up to and including hacking 'your' system, then you're a hero.
  But you're not.
  
  --
  There are two types of people in the world: Those who crave closure
11. Re:Electronic voting, yes! Online voting, no! by Anonymous Coward · 2010-10-05 15:17 · Score: 0
  
  Allow me to lessen your ignorance. Paper ballots have at a minimum the following issues:
  1. Paper ballots are ambiguous. Just review the recent Minnesota senatorial election (Franken/Coleman).
  2. Paper ballots allow over-voting errors.
  3. Visually impaired voters can not vote without assistance on paper ballots.
12. Re:Electronic voting, yes! Online voting, no! by Mike+Kristopeit+16 · 2010-10-05 15:21 · Score: 0, Troll
  
  accurately recording 300 million records, and filtering out unauthenticated communication is as easy as it gets.
  do you run around in the front of gas stations screaming "if only you idiots could invent a fluid that would combust uniformly, then you could build a functioning engine, BUT YOU CAN'T BECAUSE YOU'RE ALL INCAPABLE"?
  in what ways do you stand to benefit from online voting succeeding? do you work in a paper mill? perhaps you rent out the church gym to the city for elections? or do you do it for free to get the access to the "vote totes" that you "promise" not to disturb?
13. Re:Electronic voting, yes! Online voting, no! by Mike+Kristopeit+16 · 2010-10-05 15:34 · Score: 1
  
  Security from vote tampering.
  are you claiming that vote tampering does not currently affect any paper based, hand-counted elections? are you claiming that online voting would certainly have more vote tampering? how? when a single person or small entrusted group can arbitrarily destroy any physical vote at their location, it's hard to argue in relative potentials.
  again,
  you're an idiot.
14. Re:Electronic voting, yes! Online voting, no! by Anonymous Coward · 2010-10-05 15:45 · Score: 0
  
  predictable radioactive decay
  LOL
15. Re:Electronic voting, yes! Online voting, no! by BadAnalogyGuy · 2010-10-05 15:56 · Score: 1
  
  Less waste. Even if you were to print out receipts and keep a running log, it would still be much less wasted paper (and all the resources necessary to produce it) using electronic voting machines.
  Immediate results. Even assuming the necessity of an audit, the paper log can be scanned many times faster than hand-fed ballots.
  Accurate results. This is strangely a problem for electronic machines, but theoretically they should be able to give you an exact count without error. No lost ballots. No forgotten ballot boxes. No hanging chads.
  Ease of use. Granted, this is always going to be a problem for most people. However, with an electronic voting machine, you can include such things as candidate-submitted photos to use on the touch screen as well as larger buttons and text for the sight-impaired. A short description or full text of referendums and initiatives could also be displayed.
  Reusability. The machines could be reprogrammed each election with the updated candidates and initiative information.
16. Re:Electronic voting, yes! Online voting, no! by Mike+Kristopeit+16 · 2010-10-05 15:58 · Score: 0
  
  obviously in combination with a one time physically transferred key library, similar to the RSA 6 digit devices in use by almost everyone that cares about online transaction authentication.
  how is this funny? because it's true? because it is as trivial as i claim?
17. Re:Electronic voting, yes! Online voting, no! by Anonymous Coward · 2010-10-05 16:05 · Score: 0
  
  There is no such thing as 'predictable radioactive decay' you epic retard.
  I guess you skipped that day of junior high.
18. Re:Electronic voting, yes! Online voting, no! by Mike+Kristopeit+16 · 2010-10-05 16:07 · Score: 0
  
  you do realize this is the defense against "tampering" that the nuclear submarines use to authenticate launch orders......
  i'm convinced... you work for a paper mill.
19. Re:Electronic voting, yes! Online voting, no! by Mike+Kristopeit+16 · 2010-10-05 16:12 · Score: 0
  
  do you also laugh at your smoke detectors every time you see them?
20. Re:Electronic voting, yes! Online voting, no! by Yaur · 2010-10-05 16:17 · Score: 1
  
  Online voting requires satisfying a set of unsatisfiable constraints. If you think its trivial you either aren't seeing the whole problem or haven't thought about it enough.
21. Re:Electronic voting, yes! Online voting, no! by Mike+Kristopeit+16 · 2010-10-05 16:20 · Score: 0
  
  ... perhaps you went to the amish junior high?
  you're an idiot.
22. Re:Electronic voting, yes! Online voting, no! by Yaur · 2010-10-05 16:24 · Score: 1
  
  In "almost everyone that cares about online transaction authentication" the central party is fully trusted and transactions are not anonymous. In online voting the central party is only partially trusted, all transactions must be anonymous, and each voter can vote at most once. This, not user authentication, is what makes the problem hard.
23. Re:Electronic voting, yes! Online voting, no! by Mike+Kristopeit+16 · 2010-10-05 16:28 · Score: 0
  
  i certainly have. vote by mail is acceptable... so whether or not voting while not present is acceptable is not relevant... it is allowed.
  so the risk is flooding of invalid votes. vote by mail limits this the physical limits of the postal service. a million invalid votes couldn't be dropped off at a single mailbox, so too a million communication signal requests could not originate from a single physical location... adding hops and delays to the network effectively mimic the limitations enforced by the postal system.
  allowing me to vote in the way that i can prove is most fair for everyone in terms of vulnerability to vote tampering can most certainly not be an unsatisfiable constraint.
24. Re:Electronic voting, yes! Online voting, no! by Mike+Kristopeit+16 · 2010-10-05 16:35 · Score: 0
  
  it isn't hard at all. authenticate, get a token, vote. if authentication fails because a token was already granted, get a human involved. track down offenders.
  how is this any more of a risk than individuals entrusted to "guard" large bins of paper votes?
25. Re:Electronic voting, yes! Online voting, no! by Anonymous Coward · 2010-10-05 16:46 · Score: 0
  
  Predictable rate of decay != Predictable decay.
  While the rate of decay for any particular substance is trivial to determine. Thanks to Heisenberg's Uncertainty Principle the actual incidences of decay are completely indeterminable. Random.
  SecurID tokens are essentially just PRNGs built up from cryptographic primitives, hooked up to a clock. A new number is popped off the PRNG at set intervals, and it is that number which the tokens display to you.
  The Psuedo in the PRNG is more than important, it is mandatory. The agent you are authenticating against has the seed of the PRNG and can thus calculate the same value that is displaying on the token. With a RNG (radioactive source), it is impossible for the agent you are verifying yourself against to calculate the correct value.
  tl;dr: you have demonstrated your idiocy in record time today. keep up the great work.
26. Re:Electronic voting, yes! Online voting, no! by Michael+Kristopeit+4 · 2010-10-05 16:58 · Score: 0
  
  the decay is a result of radioactivity, yes? and that decay is understood as a rate, yes? and that rate is predictable, yes?
  PREDICTABLE RADIOACTIVE DECAY
  i have demonstrated nothing but the truth.
  you're an idiot.
27. Re:Electronic voting, yes! Online voting, no! by Anonymous Coward · 2010-10-05 17:11 · Score: 0
  
  If that was the original intent of your phrase "predictable radioactive decay" (you and I both know it was not), then you are even stupider than was first apparent.
  The rate of decay of Caesium 134 works out to a halflife 2.0648 years. That number does not change.
  How exactly are you going to use that number, or a similarly unchanging numbers, to build up an authentication system? You won't.
  Lets face reality here:
  You (idiotically) mixed up the concepts of radioactive decay hardware RNGs with secure authentication, and like a moron thought that SecurID or similar tokens use RNGs. To try to save face (presumably from yourself, I can assure you everybody else here knows for a fact you are a retard), you've dug yourself even deeper, lying to even yourself about your original statement.
  The only thing that separates humans and apes is the ability to reflect back on ourselves, recognize errors, and improve ourselves. You are nothing more than your common shit-slinging zoo-ape.
28. Re:Electronic voting, yes! Online voting, no! by Lanteran · 2010-10-05 17:14 · Score: 1
  
  yes, I prefer the system where you just marked with a writing utensil beside the name of your selected candidate. Simple, unhackable, easily computer readable, and if worst comes to worst you've got hard copies. Digitally, however, you have to contend with the fact that so many people's computers are riddled with malware and are totally insecure. If you provide the machines, then you've still got line tampering, and its not best to base your system on always being on the winning side of the cypher/cracker war. Literally the only way to make sure you've got a secure system is to lock down the devices on each end jobs style (or make it a single possible purpose device) and guard or keep under surveillance every mile of cable. Online voting is just not practical at this time.
  
  --
  "People don't want to learn linux" hasn't been a valid excuse since '03.
29. Re:Electronic voting, yes! Online voting, no! by Michael+Kristopeit+4 · 2010-10-05 17:40 · Score: 0
  
  are you joking? the authentication system requires a code library relative to time. an electronic device can be used to transfer the code library, and including a precise time record and measurement tool makes the interface easy for anyone with no maintenance.... "enter the displayed code"... no more instructions required.
  you're an idiot.
30. Re:Electronic voting, yes! Online voting, no! by Anonymous Coward · 2010-10-05 17:44 · Score: 0
  
  "i want to argue with you, but i am unable to do so because your factual evidence that you provided to disprove someone else who brought doubt to your claims" IS NOT "Flamebait"
  I am afraid there seems to be a problem with trying to parse that statement. Perhaps there is a syntax error?
31. Re:Electronic voting, yes! Online voting, no! by Anonymous Coward · 2010-10-05 18:19 · Score: 0
  
  Your lack of basic comprehension skills is astounding.
  Truly you are comedic gold.
32. Re:Electronic voting, yes! Online voting, no! by Anonymous Coward · 2010-10-05 20:29 · Score: 0
  
  Count the damn things manually, a machine count should *never* be trusted. Even if it's used for an initial count, a manual count should be used for *official* results. . Any member of the public or parties should be allowed to observe the count. This is how it's done in most democracies...
33. Re:Electronic voting, yes! Online voting, no! by Anonymous Coward · 2010-10-05 20:48 · Score: 0
  
  "Electronic voting has more often than not been a problem."
  There... Fixed that for you.
34. Re:Electronic voting, yes! Online voting, no! by HungryHobo · 2010-10-05 21:50 · Score: 1
  
  And when ballot boxes appear in the counting room what then?
  Or the dead rise to vote with pen in hand.
  Or people vote early and often.
  Or some of the counters are sure that the mark was on the other side of the ballot.
  etc
  etc
  etc
  paper voting is exceptionally far from secure.
  I'd not be too happy about voting over the net since the botnet herders would win every election but electronic voting in person? It should be possible to make a system far more secure than the current pen and paper one.
35. Re:Electronic voting, yes! Online voting, no! by Anonymous Coward · 2010-10-06 00:13 · Score: 0
  
  Mr. Kristopeit (or probably several persons posing as him) is pretty disturbed, he posts in a somewhat bizarre manner from at least 17 accounts which are all variations of his name. Sometimes his accounts argue with each other. You will gain nothing from correcting him except abuse.
36. Re:Electronic voting, yes! Online voting, no! by 2obvious4u · 2010-10-06 01:01 · Score: 1
  
  This will happen in my lifetime, we aren't there yet but it is coming.
37. Re:Electronic voting, yes! Online voting, no! by Michael+Kristopeit+8 · 2010-10-06 04:18 · Score: 0
  
  perhaps whoever taught you to read was a dumb as your mother?
38. Re:Electronic voting, yes! Online voting, no! by Michael+Kristopeit+9 · 2010-10-06 04:19 · Score: 0, Troll
  
  ur mum's face are comedic gold
39. Re:Electronic voting, yes! Online voting, no! by jd · 2010-10-06 05:04 · Score: 1
  
  If an ISP is using per-flow UDP-aqare QoS, no flow can exceed the bandwidth allocated. True, this wouldn't stop an attack based on draining CPU cycles, but it would stop any attack based on network flooding.
  If voting software on the host computer specifically filed the RSVP request (so the user has to do nothing and the user is aware of nothing - which is, sadly, likely the case anyway), then host-based resource allocation would not be an issue. Alternatively, let us say that the voting software mandates a permanent IP address that is also registered with the voting authority. Then the voting server can file the RSVP request when voting starts and terminate it when the vote is received or when voting ends.
  I do NOT advocate any kind of voting from a dynamic IP address or from anywhere. Nor do I advocate a pure web-based voting system. They are not secure and there is essentially no authentication you can do that can truly prove the voter is who they say they are. (A home browser can have client-side digital certificates, for example, but you could not do that with a library computer. You can have the user install additional software to deal with spyware, keyloggers and rootkits - at home. Users couldn't do that at an Internet Cafe. The user can install the necessary RSVP or MPLS driver on their own machine and, provided the upstream ISP honored those protocols, the bandwidth reservation would be totally assured. Public WiFi links are most unlikely to support these.)
  I would not consider electronic voting to be comparable to mail-in votes. (I regard mail-in voting as an evil that is only necessary because good electronic voting doesn't exist yet.) I consider electronic voting as being closer to an electronic version of a physical ballot box in an authorized location with all of the security and checks that are involved. Actually, because two-way authentication can take place efficiently electronically, it can have far more checks and be far more secure. At worst, though, it should be no worse than the physical system it is intended to be a substitute for.
  To me, this is the biggest problem facing secure electronic voting systems - most of the systems in place (such as Diebold) or being developed are horribly fragile and/or insecure. They are barely adequate as a substitute for postal votes, and then only because the post is so vulnerable. That simply should not be considered as "good enough". As a nation becomes more dependent on electronic information over physical information, it is vital that the electronic information should become more reliable, not less, than the system it replaces. The moment "good enough" fails even to meet the previously-held standards is the moment you codify decline. When one technology replaces another, "good enough" should not only exceed the previous standards, it should exceed them by more than the previous standards with the old technology could have been updated through natural development.
  Yes, yes, early versions are never going to be "good enough" according to such a standard. That's why we have prototypes, development cycles and the like. In software, this can be minimized by having competently-written specifications and proper testing. (Extreme Programming, where the tests are written first, is the ultimate form of Software Engineering.) You can use Release-Early, Release-Often (RERO) with Extreme Programming, because properly-modular software lets you release modules independent of one another. But you don't use a version on something mission-critical (such as a voting system in a Statewide or National election) until you're damn sure that the version is ready for mission-critical use.
  Ok, in the case of the Diebold voting machines, they were barely ready for playtime voting, let alone anything serious. The use of them was a serious blunder that those in positions of authority had no business making as it was obvious they were not ready. I think that when it comes to ANY system that involves Government, each type of use should
  
  --
  It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
40. Re:Electronic voting, yes! Online voting, no! by shadowfaxcrx · 2010-10-06 06:05 · Score: 1
  
  Why are we acting as though it will ever be possible to get a 100% perfect voting system? It won't be. Sure, paper ballots have flaws. Lots of them. And the system can be gamed - hell, my family's from Louisiana. I know all about the dead voting.
  But all those problems exist in the digital voting systems as well. The dead can still vote. People can still vote early and often. Election workers can monkey with the cards that store the voting data. They can misread the final output. The voter can hit the wrong button, and so on. . .
  But a guy sitting in a dark basement drinking Mountain Dew and eating Pop Tarts cannot possibly reprogram the paper to move the ink mark from one candidate to another during counting, and then back to the original candidate immediately thereafter. He can't program the paper to flip the positions of candidates only when you're using it, so that you're voting for Candidate A even though it looks like you're voting for Candidate B. There's all sorts of things that blackhats can't do to a paper ballot, and preventing them relies entirely on how good the (government-contracted lowest-bidder) e-security team is, and the hope that the people trying to tamper with the machines aren't very good at it.
  
  --
  "I disagree with you" does not equal "flamebait."
41. Re:Electronic voting, yes! Online voting, no! by GasparGMSwordsman · 2010-10-06 07:14 · Score: 1
  
  perhaps whoever taught you to read was a dumb as your mother?
  Ahh, exactly the kind of calm and level headed debate I am used to on /..
42. Re:Electronic voting, yes! Online voting, no! by Michael+Kristopeit+5 · 2010-10-06 07:24 · Score: 0
  
  how else should you respond to someone that claims to not understand simple english?
  claiming ignorance to comprehension to a counterpoint deserves a furthering of ignorant labeling and a questioning as to the cause.
  you're an idiot.
43. Re:Electronic voting, yes! Online voting, no! by Doooh_head · 2010-10-06 14:59 · Score: 1
  
  Why do people think that paper ballots are automatically better than any form of electronic voting? "Because thats the way we've done it for years and years" And how has that worked out for ya? I'm sure you've never heard of stuffing the ballot box or of mishandling of the ballot boxes, losing ballots, miss-reading of the ballots. Paper ballots have just as many problems as you can cite "e-voting" supposedly has. You can't judge "e-voting" by these buffoons using PDF's as a secure ballot. Must have been bought and paid for by Adobe. Go out and educate yourself on what is actually out there and available with regards to "e-voting", try it out, have your government, PTA, Union whatever, try it out. How many of you guys out there spewing how bad e-voting is do online banking, or have bought something from eBay? Do you use bank machines, how secure are they? Everyday just about everyone with a bank card uses it in some way or another either online or in some flakey ATM or a bank machine somewhere. Your (supposed) money is nothing but a few binary 1's and 0's somewhere in some banks' mainframes. If "e-banking" is good enough for ya then why isn't "e-voting"? Its got, or at least should have at least the same security banking has, if done correctly. Ignorance. Not in the rude-sense. Just pure "I don't know anything about it, so I am going to piss on it with all my heart and I can't stand change, its new so I don't like it" ignorance. All I can say is that I've at least tried "e-voting". It seemed fine to me. "Well how do you know your vote was actually cast for the person you chose?" I don't know. Do we ever really know with paper ballots that the ballot actually got counted, correctly? We may stuff that paper ballot into the ballot box but there is still no guarantee that it actually got counted, ever. You shouldn't fool yourself into thinking that the people working the elections don't necessarily have their own agenda's with regards to voting and the outcome of the election. Every bad thing you can imagine has already been done with regards to paper ballots and counting them etc. It was great sitting at home in my nice comfy chair during a late October storm. The wind and rain blustering about. Me with my laptop sitting on my lap and me voting for Mayor, online. Done in minutes. Didn't have to go out, didn't get wet, didn't miss my Grand daughters first steps. I'm just happy that I live in a fairly progressive city where doing "e-voting" is just one of the perks. Anybody know how many Municipalities in Ontario Canada are doing "e-voting" this October? Many. Guess how many are using PDF's as secure ballots? Zero (AFAIK!)
  
  --
  
  doooh
It's okay, that election doesn't count anyway by Anonymous Coward · 2010-10-05 11:30 · Score: 0, Offtopic

DC elections are decided in the Democratic primary.
1. Re:It's okay, that election doesn't count anyway by gmhowell · 2010-10-05 15:14 · Score: 1
  
  DC elections are decided in the Democratic primary.
  And since the city council has limited power and their representative in Congress has no vote, it's a moot point anyway.
  
  --
  Jesus was all right but his disciples were thick and ordinary. -John Lennon
2. Re:It's okay, that election doesn't count anyway by azadrozny · 2010-10-06 08:34 · Score: 1
  
  I found it ironic that during the 2000 Presidential Election, one of the DC electors abstained from voting because DC does not have a voting representative in Congress.
Unfortunately, by Anonymous Coward · 2010-10-05 11:31 · Score: 0

This will just be used by The Powers That Be as further evidence that the current system of notoriously shady Diebold voting machines is the Best Alternative and ensure that election results can only be hacked by Rich White Men.
Inline PDF forms!?! by dgatwood · 2010-10-05 11:38 · Score: 5, Insightful
One of the articles mentioned that some browsers submitted blank forms because they don't support inline PDF forms. Who, exactly, thought that using PDF was a good idea? The whole point of the web is that it provides layout standards. Why even bother using a web browser if you're just going to try to hack around it by using a completely different content format, PDF, shoved in using browser plug-ins. It might has well have been Flash. Use the web or do not. There is no halfway.
And of course, their servers were obviously insecure, as evidenced by someone managing to alter content on the servers.
What does all this tell us? Well, it tells us that:
- For anything approaching secure content delivery, the actual content (the HTML pages, the javascript files, etc.) must be signed prior to installation on the servers, not signed by the servers that provide it.
- Web-based clients lack the infrastructure to verify signatures on the content itself except for the signatures provided by the servers.
- Web-based clients are therefore inherently insecure.
Not that this shouldn't have been anything less than obvious to anyone with even a basic understanding of computer security.... Real secure networks built on top of HTTP use client applications that verify signatures on the content that the servers provide, ensuring that it is legitimate before acting on it. This also, of course, requires that people obtain the client software in a secure fashion, which is a problem in and of itself, in much the same way that obtaining the client on-the-fly from a web server is a problem, and for precisely the same reason.
--
Check out my sci-fi/humor trilogy at PatriotsBooks.
1. Re:Inline PDF forms!?! by dgatwood · 2010-10-05 11:40 · Score: 1
  
  Err.. it might as well have been Flash. Stupid typos.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
2. Re:Inline PDF forms!?! by Jah-Wren+Ryel · 2010-10-05 12:03 · Score: 2, Informative
  
  And of course, their servers were obviously insecure, as evidenced by someone managing to alter content on the servers.
  Bad sign that what with the fact that one of the OSDV directors, also its nominal CTO sells himself as a security consultant.
  
  --
  When information is power, privacy is freedom.
3. Re:Inline PDF forms!?! by guanxi · 2010-10-05 14:19 · Score: 5, Insightful
  
  Web-based clients are therefore inherently insecure.
  Web-based clients are insecure simply because you don't have physical control over them. You don't control the network, the routers, or the client machine. Give me (or some malware author) the client machine, and who cares what you signed on the server or how?
  Imagine this: You're a security consultant. A client says: Secure this system, it can change the course of U.S. history (so it has a little value). And by the way, the system extends to 150 million clients running every kind of hardware, software, and configuration imaginable, maybe 25% of which are infected with malware, and to which we have no access and over which we have no control. Oh yeah, and any computer on earth could be a vector of attack and everything from foreign intelligence agencies to corrupt politicians to radical political groups to greedy businesses might have a motive.
  Why are we even discussing this as a possibility?
4. Re:Inline PDF forms!?! by Lehk228 · 2010-10-05 15:28 · Score: 1
  
  that's an easy problem, beat the tar out of him with a large trout, then go home.
  
  --
  Snowden and Manning are heroes.
5. Re:Inline PDF forms!?! by dgatwood · 2010-10-05 15:29 · Score: 1
  
  The difference is that if somebody hijacks the client's machine, that person's ballot might be forged. If somebody hijacks the servers, everyone's ballots might be forged. Also, a properly written (non-web) client can take a lot of steps to secure itself from malware corrupting the results, starting with not allowing keyboard input, using positional randomization to thwart any preprogrammed click event modification, and having dozens of internal consistency checks throughout the code to detect tampering, ending by sending a complete memory image of the process address space (instead of just sending the result data), signed with the user's key and letting the remote end do a final verification and throwing out any results from altered executables. Foolproof, no, but orders of magnitude harder to compromise than even the best web clients (which are inherently a joke, security-wise).
  Of course, to be secure, we would need a national public key infrastructure in which people could preregister their public keys used for signing the ballots... the lack of which is just one of the many reasons that vote-by-electronic-ballot isn't going to be all that secure. On the flip side, neither is vote-by-mail. Someone could easily tamper with the ballot or even intercept it, fill it out, and send it in, and many people would never even notice. And since they're sent out on the same day... a guy with a pickup truck driving from mailbox to mailbox is really not that improbable an attack vector.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
6. Re:Inline PDF forms!?! by guanxi · 2010-10-05 16:20 · Score: 1
  
  The difference is that if somebody hijacks the client's machine, that person's ballot might be forged. If somebody hijacks the servers, everyone's ballots might be forged.
  It's not hard to imagine an automated attack on a very large number of client machines. And in addition to forging, we risk the confidentiality of the ballots.
  I agree security could be improved, but it's a valuable target on a ridiculous distributed system; it seems like a long shot that security will ever be sufficient. A large scale attack on paper ballots is much more expensive ... though there are always the scanning machines, tabulators, etc. ... I think we're going to need to vote at live meetings and count them right there.
7. Re:Inline PDF forms!?! by dgatwood · 2010-10-06 05:06 · Score: 1
  
  Yes, but a targeted attack on computers requires hiring shady programmers for probably a few hundred grand. A targeted attack on mail-in ballots could be done by going to each city and hiring either one unscrupulous illegal immigrant with a car or a handful of not-so-bright kids with bicycles for a few bucks a day.
  And with many counties in California having vote-by-mail rates as high as 50%, it's much easier to skew their results far enough to affect the election results without people noticing than it is to skew the votes of overseas military far enough with only their mere five or six percent of total votes to work with.
  
  --
  Check out my sci-fi/humor trilogy at PatriotsBooks.
Foreign influence. by Anonymous Coward · 2010-10-05 12:08 · Score: 0

How many of our brethrean like to voice their opinion? I appreciate the voice. No wonder suspended. Though we do want a mass vote. I tell ye. Mass vote is in. Let's do it let's do it secure and singular.
Conspiracy? by supernatendo · 2010-10-05 12:20 · Score: 2, Insightful

I find it scary that at the same time as trying to make it unlawful to use encryption that the government doesn't have a "backdoor" into, they are also trying to push "secure" internet voting. Goodbye democracy, we hardly knew you...
1. Re:Conspiracy? by Anonymous Coward · 2010-10-05 14:45 · Score: 0
  
  I find it odd that everyone is focusing on the addition of the U of M fight song, and no one is reporting on how the hack replaced all the votes with its own (according to some of the people involved).
2. Re:Conspiracy? by kilfarsnar · 2010-10-06 02:26 · Score: 1
  
  It's already gone. Google "Stephen Spoonamore". The electronic voting machines have been compromised from the start. Paper ballots are the only way to go. They are not foolproof by any means, but they are far more reliable than electronic voting machines or online voting. Seriously, who thought online voting wouldn't be hacked?
  
  --
  "What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
3. Re:Conspiracy? by Doooh_head · 2010-10-06 15:49 · Score: 1
  
  This "example" of online voting has got to be one of the dumbest ever conceived. Don't let this be the rule by which you judge online voting. You don't need to spread your ignorance. There's already enough out there!
  
  --
  
  doooh
GNU Free by Albanach · 2010-10-05 12:20 · Score: 5, Informative

Many years ago there was a GNU project to create an online secure voting software. It's a great idea.
In 2002, they finally stopped development. They explain why here: http://www.gnu.org/software/free/
Quoting from that page:
"As Bruce Schneier points out "a secure Internet voting system is theoretically possible, but it would be the first secure networked application ever created in the history of computers."
and...
"Mr.Schneier points out, 'building a secure Internet-based voting system is a very hard problem, harder than all the other computer security problems we've attempted and failed at. I believe that the risks to democacy are too great to attempt it.'"
I think anyone wanting to build a secure online voting system should give those quotes some really serious thought before starting. Then before they write any code, they should be to explain why they believe they are right and one of the field's most respected experts is wrong.
1. Re:GNU Free by Anonymous Coward · 2010-10-05 13:01 · Score: 0
  
  It wouldn't be hard if every voter had a secure hardware token (eg. smartcard). These can be cryptographically proven and provide some level of hardware protection (PIN code or whatever).
2. Re:GNU Free by zoom-ping · 2010-10-05 13:25 · Score: 1
  
  Has been done already.
3. Re:GNU Free by Albanach · 2010-10-05 14:15 · Score: 2, Insightful
  
  They could also be collected by political parties from voters through theft, bribery or coercion then used to cast multiple votes.
4. Re:GNU Free by Albanach · 2010-10-05 14:38 · Score: 2, Insightful
  
  It wouldn't be hard
  It's thoughts like those that land coders in trouble.
  We have an expert on the record saying it's very very hard, and an AC posting saying the opposite. Who to trust???
  What if there's a flaw in the smart card hardware that allowed votes cast to be transmitted differently? What if the master key were to be exposed and someone launched a MITM attack? What if there's an exploitable flaw in the operating system of the server collecting or collating the votes?
  You have a solution to just one tiny part of the giant jigsaw puzzle. Still think it wouldn't be hard?
5. Re:GNU Free by Lehk228 · 2010-10-05 15:30 · Score: 1
  
  that would tie the voter to the vote, exactly what we are trying to avoid, and exactly what makes such a system the next best thing to completely impossible
  
  --
  Snowden and Manning are heroes.
6. Re:GNU Free by Anonymous Coward · 2010-10-05 16:36 · Score: 0
  
  We don't have a democracy, we have a republic. ..and a republic isn't good enough for me. I don't trust anybody to vote the way I want them to on my issues. Get them the **** out of my way.
7. Re:GNU Free by TheLink · 2010-10-05 20:14 · Score: 3, Insightful
  
  A lot of them miss out another important requirement for elections and voting systems, at least in actual democracies.
  
  Requirement #0: Convincing enough of the losers that they've lost.
  
  Doesn't matter if your fancy system is actually secure and proven. If the losers think they lost because "too much magic" happened, you could have riots on the streets or even civil war.
  
  While paper votes have problems, they are easier to explain to voters. And if you do them right, the losers tend to agree with the results- they might dispute with a few problem constituencies, but you won't get massive riots.
  
  You get riots when you do them wrong e.g. having one party do the counting in secret. And riots might even be justified or at least understandable since since having just one party count paper votes secretly is rather fishy.
  
  In my country I think they rig it with postal votes. The counting is done in front of various observers from different political parties and a few 3rd parties even.
  
  So where they can rig it is with postal votes, or in places which are more obscure - nobody bothers to show up to watch the counts, ballot boxes etc (but those places often don't make much of a difference ;) ). So that puts a limit to the cheating - so when enough voters get pissed off enough with you, despite your efforts you can still lose the elections - there are just so many postal votes to go around.
  
  Whereas most electronic voting systems tend to do their counts in a way that cannot be observed by others. There's too much magic :).
  
  And all for what? Make things faster? You want to do it right, take the time and money to do it right. What's so hard about scaling? Your education system should be good enough so that you have enough volunteer counters who can actually count.
  
  I find it funny that the US spends billions to supposedly hold elections in Iraq (regime change right? ;)), and they can't seem to be able to do it right at home... With Diebolded elections and all that.
  --
  
  Too many replies beneath your current threshold
8. Re:GNU Free by chrb · 2010-10-05 21:24 · Score: 1
  
  Bruce is a perfectionist, but the real world isn't perfect. The existing voting system is not perfect (it has >0% error), and so any system that replaces it does not need to be perfect either - it merely has to be better. In the UK, voting cards (really a "right to vote" card) are mailed out through the postal service, and you must hand one over before being allowed into the voting booth. This has many theoretical problems. You could buy and sell the card. You could manufacture a fake card (there are no security features) and vote multiple times at different polling stations. The monitors could switch out the boxes of votes. The people counting the votes could miscount. Essentially, the system relies on most people being honest, but it still seems to work reasonably well.
  One system for secure online voting (which I think is in Applied Cryptography) ensures anonymity by giving each voter a randomised token (single-use-number), and allowing them to use that number to vote. The numbers and votes are published after the vote, allowing anyone to verify and prove that their number was tied to the correct vote. Of course, the voter could still accidentally or deliberately vote for the wrong person, but as long as the number of people complaining is less than some percentage error threshold, that is fine. This system is simple, and guarantees post-vote verification and anonymity (as long as the numbers are randomly assigned, which can be checked by oversight). It is also more secure than the existing system. I would have no problem using such a system, but on the other hand, I also have no problem with paying millions for a regular, old hand count voting system - it is a pittance compared to the amount spent on campaigning, or the management of the country as a whole.
9. Re:GNU Free by anUnhandledException · 2010-10-06 02:23 · Score: 1
  
  The problem is the end user's system can't ever be guaranteed secure.
  Imagine a malware which infects voter's computers just prior to the election.
  User logs into the voting site (or application), uses PIN & smartcard votes for candidate X. The malwae hijacks all that information and votes for candidate Z instead. It then hijacks the response from the server and shows a confirmation for candidate X.
  As far as the server is concerned a valid registered and authenticated voter cast a vote for candidate Z.
  As far as the voter is concerned the valid voting server accepted and confirmed the vote for candidate X.
  There is no electronic security if the endpoint is compromised. Given the easy and scope of malware infections the belief that all voter endpoints will be secure it naive at best.
  A similar scenario would be online banking protected by SSL, a smartcard, and strong password. All that does nothing if the customer's computer is comrpomised.
  You can't have secure networks without secure endpoints. We are nowhere close to secure endpoints.
10. Re:GNU Free by Teacher's+Pet · 2010-10-06 04:48 · Score: 1
  
  Rob Rivest presented on this topic - his position was clear: "The risks of "internet voting" more than negate any possible benefits from an increase in franchise." Reference: http://csrc.nist.gov/groups/ST/UOCAVA/2010/Presentations/RIVEST_2010-08-05-uocava.pdf/
  
  --
  I promise to be different...
11. Re:GNU Free by fgouget · 2010-10-07 09:05 · Score: 1
  
  Essentially, the system relies on most people being honest, but it still seems to work reasonably well.
  More importantly the system relies on an attacker having to bride a lot of people to have a meaningful impact on the election result, thus making it pretty hard to not get caught. Electronic voting does not have this type of security: bribe the right guy and you change the election result. That's why it's dangerous.
  
  ensures anonymity by giving each voter a randomised token [...] numbers and votes are published after the vote
  This also makes vote selling possible and thus is no better than having the votes be fully public (it's just more insidious).
Welp by Frogbert · 2010-10-05 12:21 · Score: 2, Insightful

I suppose its a good thing they tested the system.
Isn't this the type of thing testing is supposed to identify?
Sad yankee system by iris-n · 2010-10-05 12:28 · Score: 3, Insightful

Has anybody the comments section in the Washington Post website? It is disgusting to see how much hatred and ignorance is going on there. I hope they're not a representative sample of the USian population.
Meanwhile, in Brasil, we just had a presidential and local election. About 100 million people voting, in an all-electronic process. There were no reports of fraud whatsoever, and the election results were available just 2 hours after the polling stations closed.
Can't the US do better? Your voting system is just laughable.

--
entropy happens
1. Re:Sad yankee system by Tanman · 2010-10-05 12:55 · Score: 2, Insightful
  
  We are doing better.
  If you take the viewpoint of The Man.
2. Re:Sad yankee system by Anonymous Coward · 2010-10-05 13:55 · Score: 0
  
  RTFA. This isn't about electronic voting machines, this is about voting absentee over the internet. Also, Brazil's governmental corruption is far more severe and systemic than the USA's. The election wasn't even really a competition, more like a coronation of da Silva's hand picked successor. At least here we try to mask our corruption and graft.
3. Re:Sad yankee system by Anonymous Coward · 2010-10-05 14:10 · Score: 0
  
  Meanwhile, in Brasil, we just had a presidential and local election. About 100 million people voting, in an all-electronic process. There were no reports of fraud whatsoever, and the election results were available just 2 hours after the polling stations closed. Can't the US do better? Your voting system is just laughable.
  Unfortunately, all of the German scientists from WWII are now dead; the veneer of technological supiority is lost.
4. Re:Sad yankee system by YrWrstNtmr · 2010-10-05 14:27 · Score: 4, Insightful
  
  There were no reports of fraud whatsoever
  
  Indeed.
5. Re:Sad yankee system by Anonymous Coward · 2010-10-05 15:10 · Score: 0
  
  Brazil is about 15 years ahead of the rest of the world in electronic voting. So... rub it in why don't you.
6. Re:Sad yankee system by M.+Baranczak · 2010-10-05 15:16 · Score: 1
  
  Keep in mind that this was a test of a voting system, it never actually made it into official use.
7. Re:Sad yankee system by iris-n · 2010-10-05 16:20 · Score: 1
  
  I'm aware of that, I RTFS. A good test, btw, I find it surprising that the government would want to make it.
  I'm talking about the existing voting system of the US; it is inconsistent, archaic, slow, and every now and then there's a report of fraud.
  
  --
  entropy happens
8. Re:Sad yankee system by iris-n · 2010-10-05 16:24 · Score: 1
  
  Mind you, it is very hard to rig an election without raising any suspicion whatsoever. Actually, plenty of time there's suspicion even when no one is trying to rig the election.
  If you grant that the bralisians aren't dumber than USians, no report of fraud indicates less fraud than actual reports of fraud. Which you have.
  
  --
  entropy happens
9. Re:Sad yankee system by iris-n · 2010-10-05 16:26 · Score: 1
  
  Actually, I do know of an example in the 60's where the military tried to rig a regional election. They failed miserably.
  
  --
  entropy happens
10. Re:Sad yankee system by Low+Ranked+Craig · 2010-10-05 16:42 · Score: 1
  
  Anytime there's a close election there's a report of fraud. It's kind of like companies suing other companies - if they can't win in the market place the other guy must be cheating. Don't confuse reports of fraud with actual fraud. I'm not saying there isn't fraud, statistically I think is must exist to an extent in any election. I'm just saying that it's likely not at all as bad as it sounds from the media reports.
  Likewise, one should not assume that because there are no reports of fraud that there is no fraud.
  
  --
  I still cannot find the droids I am looking for...
11. Re:Sad yankee system by Anonymous Coward · 2010-10-05 17:18 · Score: 0
  
  Make a system that is,
  1. 100% secure to systemic tampering (1 or 100 votes don't matter). This means 100% secure from being cracked.
  2. Only allows for 1 vote per person
  3. Allows only anonymous ballots to be cast
  Now, all internet voting systems fail at #1 automatically. But even if they did not fail there for some reason (eg. internet moved to IPv6 and you only allow voting from certain local IPv6 ranges that are "eligible" for voting). You have distributed infrastructure. Let's assume it works.
  Then how to do you #2 without breaking #3? Do you trust the system not to keep your ID associated with the vote? You have to authorize the vote somehow... With paper voting or even electronic voting at a polling station, #2 and #3 are *physically* separated. With Internet voting, they are intertwined. It comes down to trusting "The System".
  So either #3 becomes moot and we have police/military that swear allegiance to The People over anyone at the government, or we don't have safe and secure internet voting. #2 and #3 is there to prevent voter tampering and intimidation and it's there for very good reasons.
12. Re:Sad yankee system by Anonymous Coward · 2010-10-05 20:42 · Score: 0
  
  You don't even do manual counts of most of your elections. That's insane. Even if machine counting is used for election night counting (it shouldn't have to be if you have enough volunteers), a manual count with public insight into the process is the only way to verifiably count the votes, and should always be used for the official results.
13. Re:Sad yankee system by Anonymous Coward · 2010-10-06 00:35 · Score: 0
  
  And I know where the aliens park their saucer... I'm not telling either!
14. Re:Sad yankee system by wiredog · 2010-10-06 01:32 · Score: 1
  
  Have you ever browsed slashdot without filtering the comments? Just as bad here.
  
  --
  
  Best Slashdot Co
15. Re:Sad yankee system by tibman · 2010-10-06 01:41 · Score: 1
  
  I know of an example where Veterans had to save an election by force of arms.
  The Battle of Athens: http://www.constitution.org/mil/tn/batathen.htm
  
  --
  http://soylentnews.org/~tibman
16. Re:Sad yankee system by Raenex · 2010-10-06 01:57 · Score: 1
  
  Maybe it just means that the system has become so opaque that observers wouldn't be able to spot fraud. These researchers demonstrated they could hack the system without detection. How do you know the Brazilian system was secure?
17. Re:Sad yankee system by StormReaver · 2010-10-06 02:06 · Score: 1
  
  About 100 million people voting, in an all-electronic process.
  Was it all Internet; or all electronic, but within designated and staffed polling stations? There's a huge difference. This article is talking about the former, not the latter.
  
  There were no reports of fraud whatsoever...
  If it was Internet voting, lack of reports is not equal to lack of fraud.
  
  Your voting system is just laughable.
  Yes it is, but not for the reasons you're giving. The US voting system is laughable, by way of example, for our primaries in which we vote for parties instead of people.
  I love the idea of not having to go to a polling place to cast a vote, but I despise the total absence of integrity controls that such a system would require.
  It isn't even the technological controls that worry me the most. Its the lack of people controls that are technologically unsolvable that worry me the most.
18. Re:Sad yankee system by eulernet · 2010-10-06 02:09 · Score: 1
  
  Actually, I do know of an example in the 60's where the military tried to rig a regional election. They failed miserably.
  It depends on the type of fraud.
  I think their main problem was that they did not hide their fraud, or it was too obvious.
  When a hacker enters a system, it tries to keep the smallest foot-print, and it's the same thing when you try to hack a voting system.
  If you change all the votes to one of the candidates, it will be obvious that there is a fraud.
  In France, even though we use paper ballots, there is still a common way to change the votes !
  During the counting, the papers are taken by people.
  The guy in charge of taking the papers out can:
  1) change them into another ballot (one well known case is someone got caught by putting them into his sockets). This also can be done when transferring the ballot box
  2) Mark the opposite ballots with some graphite pencil. A vote is cancelled when there is a mark on a vote.
  I'll let you imagine other systems...
19. Re:Sad yankee system by geschild · 2010-10-06 07:18 · Score: 1
  
  It's always nice to hear from citizens of budding democracies. Brasil has had a democratic government since 1985. A full 25 years. Take it from a citizen from an 'old' democracy, now over 160 years old: democracy needs defending. Always. Even if an electronic process works now, if people start to trust it someone can still take advantage of the flaws at a later moment. Lets do a small mental excercise:
  - 2010, electronic elections are a complete succes. No fraud whatsoever.
  - 2014, people welcome a new democratically elected leader only two hours after the close of polls.
  - 2018, even though the democratically elected leader seems to have less support, he or she wins again, this time by a narrow margin
  - 2022, the elected leader, now less popular than ever cannot run for president again. He, however, has a protege that is 'acceptable' to many Brasilians. Polls are uncertain if he will take the lead on election day. The president has managed to influence the electronic voting process in an unexpected and mostly covert way to get his protege into office. The president and the protege assure everyone the elections were democratic and honest, even though the difference with the nearest opponent was less than 2%... Are you sure your new president is truly the man the people wanted?
  The funny thing? The US has demonstrated that even a small amount of 'automation' might lead to such results and we all know how that ended.
  To summarize: STFU and go insist on paper ballots all the way or don't come and complain that your rights have been 'eroded' come next elections. The chance that Brasil reverts to some form of dictatorship is quite a bit greater than the same thing happening in the US, or most western european states.
  
  --
  Karma? What's that again?
20. Re:Sad yankee system by Doooh_head · 2010-10-06 16:13 · Score: 1
  
  "The chance that Brasil reverts to some form of dictatorship is quite a bit greater than the same thing happening in the US, or most western european states."
  LOL How would you even know if it happened in the US or not? By listening to Fox news? LOL
  Believe me, if such a thing was possible, no one in the US would even notice. **That's my "ignorance of the day" **
  
  --
  
  doooh
21. Re:Sad yankee system by geschild · 2010-10-07 01:17 · Score: 1
  
  "How would you even know if it happened in the US or not?"
  
  Great point. Let me rectify my statement:
  The chance that Brasil openly reverts to some form of dictatorship is quite a bit greater than the same thing happening in the US, or most western european states.
  
  --
  Karma? What's that again?
22. Re:Sad yankee system by alexo · 2010-10-07 02:55 · Score: 1
  
  Has anybody the comments section in the Washington Post website?
  I accidentally the comments section in the Washington Post website. Sorry.
23. Re:Sad yankee system by iris-n · 2010-10-08 00:55 · Score: 1
  
  There seems to be a widespread belief amongst yankees that paper ballots are somehow more secure than electronic voting. May I remind you of the fiasco of your presidential election in 2000? Al Gore won by popular vote, and probably in the electoral college as well, but your courts forbade the recounting. Now tell me what use are the paper ballots if you can't use the paper trail to actually audit an election?
  And need I remind you that all problems began exactly because the system was so slow and unreliable?
  The fact is, paper ballots are way less secure than electronic voting. The attack surface area is much greater, and is easier to tamper them without leaving evidence. Of course electronic voting is not perfect, we still have a lot to improve in its security. But the solution is not to move backwards in time.
  Also, it is obvious that democracy needs active defence. Look what happened in Venezuela. No, really, look. Did they use electoral fraud to become a one man's tiranny?
  The defence of democracy is way deeper than screaming "paper ballots". But hey, it is much easier to press on a single issue than to actually understand what is happening. A real enemy of democracy in the US is your bizarre two-party system, paid for the large corporations. It exists right now and does not depend on electronic voting. What are you doing about it?
  And finally, "STFU"? Are you twelve? You look like my cousin, "la la la I can't hear you!".
  
  --
  entropy happens
24. Re:Sad yankee system by iris-n · 2010-10-08 01:01 · Score: 1
  
  It was plain old fraud, not a bloody military coup. Of course they tried to hide it. But the candidate that had actually won in the popular vote noticed that there was something wrong, and dug up the truth.
  I'm sorry, I can't seem to find a link in english. http://www.pdt.org.br/diversos/prconsut.html
  
  --
  entropy happens
25. Re:Sad yankee system by geschild · 2010-10-10 01:30 · Score: 1
  
  1) I'm not a 'yankee'. I'm European.
  2) http://politics.slashdot.org/story/10/10/09/1750214/DC-Internet-Voting-Trial-Attacked-2-Different-Ways
  3) The problems with the 2000 presidential elections were exactly what I was refering to, as the problems were with votes that were to be counted electronically. The fact that they were paper ballots makes no difference whatsoever.
  4) Are you mad? Paper voting is more secure than electronic voting according to all people that have studied the subject in depth (see point 2). The only real proponents are manufacturers of electronic voting systems and lazy politicians and government employees who only look at the glossy folders made by said manufacturers. In the Netherlands they've reverted back to paper voting exactly because people in-the-know were able to fully convince the government electronic voting is unsafe.
  5) What has the current government in Venezuela to do with this topic?
  6) I agree completely that the US political system is a mess. They have to fix that for themselves. Making sure at least the voting results reflect reality is a different issue and needs to be taken seriously no matter what political system is in use.
  7) With 'STFU' I meant to say: if you keep pushing electronic voting, don't come back and complain once it blows up in your face. You deserve all the negative fallout you get and then some for being too lazy to read up on the subject on your own and unwilling to look further than 'oooh, fast results'.
  8) Sorry to hear about your annoying cousin. On the plus side, he might grow out of it. :)
  
  --
  Karma? What's that again?
online voteing just makes it so the boss can force by Joe+The+Dragon · 2010-10-05 12:35 · Score: 1

online voteing just makes it so the boss can force you to vote his way or you can lose your job.
Failure Now = Failed Design by Anonymous Coward · 2010-10-05 12:37 · Score: 0

The failure of the system now indicates fatal flaws in the design and testing process. Although the current vulnerabilities might be patched there are probably many more. They need to learn from NASA about software design (read Feynman's comments about NASA software design in the Challenger report).
The Victors by Anonymous Coward · 2010-10-05 13:03 · Score: 0

Every time someone refers to "The Victors" as "Hail to the Victors" I die a little inside.
Good work. Go Blue!
~MMB '01-'05
1. Re:The Victors by germansausage · 2010-10-05 14:08 · Score: 1
  
  I feel the same way when someone calls "Whiskey in the Jar" Whiskey in the Jar-oh" (I blame Metallica).
2. Re:The Victors by pipedwho · 2010-10-05 15:47 · Score: 2, Funny
  
  And I too die a little whenever I see Jar used twice in the same sentence. I die a lot when George Lucas does it.
Seems like by shoehornjob · 2010-10-05 13:21 · Score: 1

They need to pay more attention to that crack problem and spend less money on frivolity like evoting systems. Evoting is a great idea but voter turnout has been less than stellar since I can remember so what are we really hoping acomplish here?

--
"We are just a war away from Amerikastan. When god vs god the undoing of man." Dave Mustaine
Re:online voteing just makes it so the boss can fo by shoehornjob · 2010-10-05 13:25 · Score: 1

Sorry I'm not following here. If the man can't see your votes while you are behind the curtain how is he going to know when you send your vote in from home.

--
"We are just a war away from Amerikastan. When god vs god the undoing of man." Dave Mustaine
Appropriate slogan by ebcdic · 2010-10-05 13:32 · Score: 1

I see the OSDV Foundation's slogan is "Re-inventing How America Votes".
Re:online voteing just makes it so the boss can fo by Chris+Mattern · 2010-10-05 14:15 · Score: 1

If you *have* to make your vote behind a private curtain, the man can't see it. If you can make your vote from any internet connection, then the man can use his power to insist that you vote while he watches.
Yes, this applies to absentee balloting as well. That's why absentee balloting *used* to be controlled with the voter needing to demonstrate a need for it before being allowed an absentee ballot, and why it disturbs me that it is now generally allowed without any controls at all.
300,000 tax dollars by RingDev · 2010-10-05 14:28 · Score: 1

Really? We're going to blow over a quarter of a million dollars in tax money on a project damn near every IT pro in the US can say "This is a bad idea". Where we've already seen horrendous results from states and local municipalities trying ot impliment digital voting. Really? There was nothing better to spend $300,000 on? No other small business grants that could have been funded? No research grants? Nothing?
I mean, it's not a huge amount of money, when compared to the scope of the budget. But it is could have been a huge amount of money for a few start ups, small businesses, or researchers.
-Rick

--
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
I can do everything else online. by Anonymous Coward · 2010-10-05 15:06 · Score: 4, Insightful

I can check my bank accounts online.
I can pay my bills online.
I can order almost anything imaginable online.
I can participate in auctions online.
I can date online.
I can gamble online.
I can see my credit reports online.
I can file my taxes online.
Why is voting so different?
1. Re:I can do everything else online. by mhotchin · 2010-10-05 16:11 · Score: 4, Insightful
  
  Because these other endevours do not require anonymity.
  
  Voter coersion is a real problem.
2. Re:I can do everything else online. by Anonymous Coward · 2010-10-05 19:11 · Score: 0
  
  One possible reason is that if anything goes horribly wrong with any of the activities you've described above, it's either not a big loss to you, or you have some alternate process by which to fix what went wrong. In a close election, if someone changes a couple votes without being too obvious about it, how will you know? And what is the backup plan?
3. Re:I can do everything else online. by Anonymous Coward · 2010-10-06 00:37 · Score: 0
  
  Your vote has to be both anonymous and verifiable, and the system has to be "cost-effective".
4. Re:I can do everything else online. by martyros · 2010-10-06 01:49 · Score: 1
  
  Because controlling your bank accounts doesn't give someone the power to decide where billions of pork-barrel dollars are spent, much less control of the most powerful military on earth.
  
  --
  TCP: Why the Internet is full of SYN.
5. Re:I can do everything else online. by Anonymous Coward · 2010-10-06 02:31 · Score: 0
  
  You can also personally audit the reliability of the data in all these examples. No voter can verify that his vote was properly handled, kept anonymous, and counted accurately in any electronic voting system. Therefore no voter should have faith in such a voting system.
  In the study of logic (a part of both computer science and philosophy) it is trivial to show that one cannot prove a negative. This is why, in American judicial systems, the onus in upon the state to prove (beyond a reasonable doubt) that the accused committed an act that is illegal.
  Prove that you were not present inside your neighbor's house last night. You offer witnesses, and a receipt from a restaurant in a distant town. I reply, "that witness is your cousin, and the receipt could have been obtained by anyone supplied with your credit card." Yet proving that you WERE in the house only takes a glass you used that matches the set of glasses in the house...
6. Re:I can do everything else online. by Just+Some+Guy · 2010-10-06 02:53 · Score: 1
  
  Why is voting so different?
  Because it's physically impossible for the union boss / supervisor / Godfather / policeman to stand in the voting booth with you while you vote against their interests. It's very easy for those same people to set up a voting computer in their office so they and their assistants can "help" you vote exactly like they want you to.
  
  --
  Dewey, what part of this looks like authorities should be involved?
7. Re:I can do everything else online. by david_thornley · 2010-10-06 03:48 · Score: 1
  
  All of what you've listed involves your real identity, whereas votes need to be anonymous. The financial matters are reversible, in that if fraud is found it can be put right, and the others have no great lasting effects. Vote fraud can have major effects, and is difficult at best to reverse.
  Anonymity is important in voting. It also means that elections cannot be fully auditable. It's not possible to go to a random sample of voters and confirm that the system correctly recorded their votes. Any audits have to be of artifacts of the voting process, and the only way to make sure they're representative is to make sure they were visually verifiable by the voter at the time of voting. This requires physical presence, or there's no way for the voter to tell if their vote was correctly counted.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
8. Re:I can do everything else online. by Doooh_head · 2010-10-06 16:24 · Score: 1
  
  "No voter can verify that his vote was properly handled, kept anonymous, and counted accurately in any electronic voting system."
  
  You say this like its something unique to e-voting. There is really no guarantee that once you stuff your ballot in that box that it will be properly handled, kept anonymous and counted properly. If you believe that, then that is your first mistake.
  
  --
  
  doooh
9. Re:I can do everything else online. by jonaskoelker · 2010-10-06 21:19 · Score: 1
  
  In the study of logic (a part of both computer science and philosophy) it is trivial to show that one cannot prove a negative.
  If we take "a negative" to mean a statement on the form "not exists x: P(x)" for some predicate P, what you're saying is that you can prove "not exists V: is_proof_of(V, 'not exists x: P(x)')".
  In order words, "You can't prove a negative" _is_ a negative: it's the statement that for each negative, there isn't a proof of it. So proving that you can't prove a negative is a contradiction.
  (Maybe that takes second-order rather than first-order predicates, and I don't know _all_ of logic, so take it with a grain of random password padding data)
Re:online voteing just makes it so the boss can fo by damonlab · 2010-10-05 15:58 · Score: 1

I tried to get an absentee ballot in Michigan so I could avoid going to the polls. I read the fine print and the restrictions made it so that I would have to perjure myself to do so. I opted not to get an absentee because of that.
Re:Oblig by Anonymous Coward · 2010-10-05 16:33 · Score: 0

Yeah? Fuck Ohio State -USC Fan
According to the articles... by azrider · 2010-10-05 17:09 · Score: 1
The "web site was hacked".
Who in their right mind uses a web served application for something such as this?
This calls for a secured, encrypted application, with a protocol that maintains it's own data security.
It can be done. I built one for the government in 2001:
- No remote login
- No ports open except for the three being used for the protocol:
  - Incoming request for software
  - Outgoing Datalink
  - Incoming Datalink
- Special protocol used for the communication
- End to end encryption (with AES-CBC signing on all packets except the software download link)
- Active firewall and IPDS
On a server with one side connected to a classified network (here it would be the counting facility) and one connected to an unclassified network (here it would be the Internet). Gee, it took me and another guy less than 2 weeks from design to active testing.
You would need physical access to the server in order to compromise the end to end system.
Total cost of the demonstration system (excluding our ~60 hours total development) was less than $2000 in 2001. Imagine what we could do with modern equipment.
--
And ye shall know the truth, and the truth shall make you free.
John 8:32(King James Version)
1. Re:According to the articles... by Anonymous Coward · 2010-10-06 01:45 · Score: 0
  
  Sooooooo... who gets physical access?
Ruby scripts and duct tape by wiredlogic · 2010-10-05 17:10 · Score: 1

So it's all held together with Ruby scripts and duct tape. If you're going to open something like this up to the world you need to digitally sign everything and continuously validate against an isolated server that can shut everything down when it detects a compromise.

--
I am becoming gerund, destroyer of verbs.
For this particular problem, RTFAFGS by azrider · 2010-10-05 17:27 · Score: 1

Web-based clients are insecure simply because you don't have physical control over them. You don't control the network, the routers, or the client machine. Give me (or some malware author) the client machine, and who cares what you signed on the server or how?
These are military personnel voting (absentee) from overseas. I can guarantee you that I can control the originating network, the terminating network and the client machine.

And by the way, the system extends to 150 million clients running every kind of hardware, software, and configuration imaginable, maybe 25% of which are infected with malware, and to which we have no access and over which we have no control.
See above. If the machines which are eligible to be used to cast the vote are not under some sort of control, there is no way of doing this. However, the number of machines can easily be limited to the command and control structure, which makes this facet of the problem trivial.
If you are talking about people being to vote from home, I heartily agree with Bruce Schneier that the problem may well be intractable, not for reasons of malware, but for the impossibility of testing every potential configuration.
If you limit the problem to the overseas (or otherwise deployed) military, where the time between the absentee ballot becoming available and the last available date to return it, the problem becomes manageable, simply because the change management process for the available terminals can be controlled. Hell, simply send (under cover) a live cd with the software on it to each deployed service member. Now, no malware, no unknown configuration (at least what matters) and enhanced security.
BTW, see my post below.

--
And ye shall know the truth, and the truth shall make you free.
John 8:32(King James Version)
1. Re:For this particular problem, RTFAFGS by Anonymous Coward · 2010-10-06 00:38 · Score: 0
  
  OT:
  
  And ye shall know the truth, and the truth shall make you free.
  John 8:32(King James Version)
  If we knew it, it might, but we never will; and anyone who claims they can tell you it is either a con or living a fantasy.
First, we need a decent foundation by bradley13 · 2010-10-05 19:51 · Score: 1
A random anecdote having nothing to do with e-voting, but probably a lot to do with the quality of voting IT systems: Last year, I asked for an absentee ballot, and never received it. This year, I asked for an absentee ballot, and received three, sent at different times, over the course of several days.
Electronic voting may be a disaster, but there are some other really fundamental flaws in the system:
- If someone dies, or for that matter if they move, there is no system in place to ensure that their voter registration is cancelled. Makes "voting the graveyard" trivially easy, especially since...
- Most places make little or no effort to identify the people casting the votes. You should be required to present a government-issued photo ID in order to vote, and that ID ought to be checked. I specifically know of an incident where a "little old lady" went to vote, but her number was already crossed off on the list.
- Most places make little or no effort to prevent people from casting multiple votes. Referring to the little old lady above, what do you supposed happened? The person at the desk said, "oh, terribly sorry, must have been a mistake", and the little old lady was allowed to cast her vote.
Get decent administrative systems run by competent people in place first. Then, maybe, we can think about electronic voting.
--
Enjoy life! This is not a dress rehearsal.
Right idea, wrong exploit by Rogerborg · 2010-10-05 20:29 · Score: 1

Making the hack obvious before the "results" were in was exactly the wrong thing to do.
The right thing to do would have been to subvert the results, then mail the chosen numbers and other evidence that you'd owned the system to various news outlets just prior to the tally being announced. Let them embarrass themselves by claiming that the system worked and was secure.
Remember, the worst vulnerability is the one you never discover, or admit to.

--
If you were blocking sigs, you wouldn't have to read this.
Denard Robinson was probably involved by DarthBender · 2010-10-05 21:01 · Score: 1

That kid can do anything, except tie his shoes.
shell-injection vulnerability by Anonymous Coward · 2010-10-05 21:57 · Score: 0

"The problem, which geeks classify as a "shell-injection vulnerability," .. By formatting the string in a particular way, we could cause the server to execute commands on our behalf" link

In this day-and-age, how could the programmers be so f*****g dumb, what are they teaching them in tech school lately ...
Internet voting system by weicco · 2010-10-05 22:42 · Score: 1

Internet voting system would be great, great thing! I could finally observe, with 100% profe, that my wife votes correctly.

--
You don't know what you don't know.
This by ThatsNotPudding · 2010-10-05 23:47 · Score: 1

This should be a competition at the two yearly Blackhat conventions, which I suspect will prove it impossible to come up with a bulletproof e-voting system. What is wrong with paper ballots again? Oh yeah; Conservatives know millions of dead people and illegal aliens taint every election. As opposed to partisan election officials with untraceable access to a vote tally database and no paper trail to prove shenanigans.
Not to be outdone... by ultraexactzz · 2010-10-06 00:11 · Score: 1

Not to be outdone, an Ohio State CS Professor had his class change the logo of the Federal Election Commission to a Buckeye urinating on a Michigan Wolverine.

--
Never underestimate the potential of Human stupidity. -Heinlein
There were no reports of fraud whatsoever by anUnhandledException · 2010-10-06 02:26 · Score: 1

"There were no reports of fraud whatsoever" != "no fraud."
Well now I feel better. by Anonymous Coward · 2010-10-06 02:30 · Score: 0

But officials now say the voters will only be able to download their ballots via the system and will then have to send them in separately — via post, e-mail or fax – to be counted.
Thank goodness they had such unquestionably secure systems to fall back on.
Wait...
Fail by Anonymous Coward · 2010-10-06 02:50 · Score: 0

Online voting is a fail from the start, there are too many attack vectors and the stakes are too high.
Electronic voting could be done, but it would require paper ballots anyway, if the results are going to be verifiable:
1) sign into polling place
2) enter booth, cast vote on computer
3) computer prints out ballot that has vote printed in ascii (unicode whatever) and some optical scan code on something like receipt paper
4) voter verifies that the ballot is correct, places it in the ballot box
5) votes are counted by scanning the code, a random sample is also scanned to ensure that the scan matched the ascii text
6) local counts are sent via signed/encrypted email and snail-mailed paper (redundant to detect forgery), the paper could again be a scan/ascii receipt
This would allow the voter to trust that their vote was cast as they intended, repeat counts of the ballots if called for, quick counting (scan-code) or verifiable counting (ascii), a reduction in the amount of paper used.
Whats the point by edrobinson · 2010-10-06 04:20 · Score: 1

If they know who the absentee voters are why not just mail them a ballot instead of spending the typical fortune that gov. bodies spend on such useless projects?