Slashdot Mirror
DC Internet Voting Trial Attacked 2 Different Ways
mtrachtenberg writes "University of Michigan Professor J. Alex Halderman and his team actually had two completely separate successful attacks on Washington, DC's internet voting experiment. The second path in was revealed by Halderman during testimony before the District of Columbia's Board of Elections and Ethics on Friday. Apparently, a router's master password had been left at the default setting, enabling Halderman to access the system by a completely different method than SQL injection. He presented photographs of a video stream from the voting offices. In addition, he found a file that had apparently been left on the test system contained the PINs of the 900+ voters who would have used the system in November. Others on the panel joined Halderman in pointing out that it was not just this specific implementation of internet voting that was insecure, but the entire concept of using today's internet for voting at all. When a DC official asked why internet voting could not be made secure when top government secrets were secure on the internet, Halderman responded that a big part of keeping government secrets secret was not allowing them to be stored on internet-connected computers. When a DC official asked the panel whether public key infrastructure couldn't allow secure internet voting, a panel member pointed out that the inventor of public key cryptography, MIT professor Ronald Rivest, was a signatory to the letter that had been sent to DC, urging officials there not to proceed with internet voting. Clips from the testimony are available on YouTube." Update: 10/09 19:24 GMT by T : Reader Cwix points out two newspaper stories noting these hearings: one in the Washington Post, the other at the Chicago Tribune. Thanks!
to mod me up to +5 informative, to show it does work perfectly!
> the inventor of public key cryptography, MIT professor Ronald Rivest,
Rivest is a brilliant, very accomplished man, and was one of the inventors of one of the earliest and best-known public-key cryptosystems. But it's misleading to refer to him as "the" inventor of public-key cryptography in general. He co-invented RSA with Shamir and Adleman (several years after Cocks came up with it and kept it secret). But the concept of public-key cryptography was described before RSA, by such luminaries as Diffie, Hellman, and Merkle. He is certainly one of the pioneers of public-key crypto, and deserves acclaim for that, but is not "the" inventor of the concept.
Incidentally, much of Rivest's recent work is in the area of electronic voting (how to make it simultaneously accurate/auditable, privacy-preserving, and usable by non-technical people)--so he's not just speaking as a luminary in the field, but as someone who has studied this specific problem.
What I've never understood;
Many of the companies famous for building voting machines also built their reputations building ATMs and such.
ATMs are, to the best of my knowledge, tremendously secure, even when you have physical access to the machine. Basically, when people money is on the line, they do not fuck around at all.
Why then are they making voting machines less secure than ATMs? The expertise clearly exists to do it properly, the only explanation I can see is intentional sabotage of the voting process.
The youtube videos are all well and good.. heres a few links to written articles about this though
http://voices.washingtonpost.com/debonis/2010/10/prof_explains_how_dc_online_vo.html
http://www.chicagotribune.com/news/chi-ap-dc-dcelections-heari,0,541741.story
You are entitled to your own opinions, not your own facts.
It was a terminal server, not a router, and the previously-published attack was shell injection, not SQL injection.
-insert a witty something-
You clearly don't understand enough about ATMs if you think they are more secure than voting machines.
Most ATMs are just barely secure enough to keep the cash from walking away as long as someone can keep a physical eye on the machine (something somewhat inhibited for voting machines by private voting requirements). ATMs generally do a decent job of recording and reporting transactions to a remote server so that when money invariably is stolen (physically or electronically) it can eventually be taken from the correct legally accountable bank account.
A variety of ATMs suffer from default passwords that aren't changed, physical cabinet keys that aren't unique, eavesdropping attacks in the form of card skimmers and cameras, unencrypted transmissions, insecure operating systems, administrative backdoors, etc...
ATMs and voting machines suffer from what are essentially illusions of security that rely on no one smart enough to bypass them having the real desire and resources to do so. When voting machines determine how real power in large amounts is distributed (say, in national elections), they can't hope to stand up to what's at stake unless they are simple enough to be essentially transparent in function to the public.
The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
Obviously it's easier to rig elections with electronic systems, which is a good reason to like electronic voting if you're a scumbag.
I think you answered your own question there...
In the long run, the number of votes cast would tend to be based on prevailing interest rates. If the winner's salary + bribes is $1 million, and the prevailing rate of interest is 2%, then spending $50 million would only get you prevailing interest. You should spend less, because there are risks to being an office holder, and you might also lose.
Ultimately, an options market should be built around the candidates, and we should dispense with voting and simply sell shares in each candidate. Insted of pork, they could just pay dividends.
Of course, on the way to this perfection there might be some problems with candidate derivatives being sold over the counter, and banks over-leveraging on a particular candidate that nobody thought would lose or get sick and die.
Nevertheless, we should proceed. I'll get in touch with the Grand Negis shortly...
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Yeah. Fuck democracy. It's not like keeping the voting system accessible by the public has any meaning. What's the difference between North Korea and America? Why, just a little cuisine and weather, right?
1) The vast majority of the public is too stupid to make any kind of sound decision about many issues
Go fuck yourself. Seriously.
2) Most candidates can only get anywhere by money
Martin Luther King? Desmond Tutu? Ghandi? There have been many political leaders, who didn't necessarily enter politics, who were able to force the state to change because the truth was no longer concealable. You cannot govern a population that does not want to be governed by you. Their desire to hold on to their positions of power is both a blessing and a curse. Even in communist China popular will has given way to reforms because the ruling party didn't want to be overthrown. There are some examples of states supported by outside powers, or in power because that state is under threat from other states, but especially in the developed Western world, the citizens of a nation determine their destiny.
3) You can never get rid of or mitigate the influence of money on politics since corporations are what makes the world go round.
Bullshit. People are what make the world go around. Do you really think life would stop tomorrow of AT&T and Exxon didn't exist? Civilization existed for thousands of years before the corporation. They are a human invention, not some magical organization that's any better or worse than any other hierarchy. But keep swallowing that line like an obedient intellectual prostitute.
4) Until their is something of a mass movement/revolt so that the power of corporations are reigned in, voting is irrelevant.
Bullshit. Countries around the world have voted to kick corporations out. Unfortunately, when they do, the United States often assassinates their leader or overthrows their democratic government through coups or terror campaigns. If you are an American citizen, you are one of the most powerful people on earth, because you have a vote that can change the way the world operates. But you've accepted the reality they sold to you, not out of struggle or just giving up because you don't have the strength to continue fighting, but because accepting that belief enables you to act immorally and pretend that it doesn't matter. You're nothing more than a sell out.
Democracy is a device that ensures we shall be governed no better than we deserve. -George Bernard Shaw
There's an even bigger problem: selling votes.
If I'm allowed to vote at home criminals can use threats and/or bribes to convince me to vote in their presence so they can be sure that I voted exactly how they wanted.
That's why vote must always be strictly secret and voters must always have plausible deniability about their choices. E.g. in most modern democracies voters are prohibited from taking photos inside the voting booth for exactly this reason: so anyone else cannot be sure of their votes, and threats and bribes to influence elections become much less effective.
There's a hidden treasure in Python 3.x: __prepare__()
Electronic voting still can't solve a simple thing:
To make each vote proven unique and untrackable at the same time.
With paper it's easy. Each piece of paper is unique by virtue of being a real object. Electronic votes are data, and data is limitless copyable, so the only way to warrant a piece of data is unique is giving it a unique ID, at which moment it becomes trackable.