Slashdot Mirror
Researchers Find Critical Backdoor In Swiss Online Voting System (vice.com)
An international group of researchers who have been examining the source code for an internet voting system that Switzerland plans to roll out this year have found a critical flaw in the code that would allow someone to alter votes without detection. New submitter eatmorekix shares a report: The cryptographic backdoor exists in a part of the system that is supposed to verify that all of the ballots and votes counted in an election are the same ones that voters cast. But the flaw could allow someone to swap out all of the legitimate ballots and replace them with fraudulent ones, all without detection. "The vulnerability is astonishing," said Matthew Green, who teaches cryptography at Johns Hopkins University and did not do the research but read the researchers' report. "In normal elections, there is no single person who could undetectably defraud the entire election. But in this system they built, there is a party who could do that."
The researchers provided their findings last week to Swiss Post, the country's national postal service, which developed the system with the Barcelona-based company Scytl. Swiss Post said in a statement the researchers provided Motherboard and that the Swiss Post plans to publish online on Tuesday, that the researchers were correct in their findings and that it had asked Scytl to fix the issue. It also downplayed the vulnerability, however, saying that to exploit it, an attacker would need control over Swiss Postâ(TM)s secured IT infrastructure "as well as help from several insiders with specialist knowledge of Swiss Post or the cantons."
The researchers provided their findings last week to Swiss Post, the country's national postal service, which developed the system with the Barcelona-based company Scytl. Swiss Post said in a statement the researchers provided Motherboard and that the Swiss Post plans to publish online on Tuesday, that the researchers were correct in their findings and that it had asked Scytl to fix the issue. It also downplayed the vulnerability, however, saying that to exploit it, an attacker would need control over Swiss Postâ(TM)s secured IT infrastructure "as well as help from several insiders with specialist knowledge of Swiss Post or the cantons."
So the takeaway is that the Swiss make their voting systems the same way they make their cheese: full of holes.
Online voting is folly. Even mail in voting lacks adequate chain of custody policies.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
The state of the art is inadequate to ensure secure, valid, accurate vote acquisition and tabulation. And there is no reason to expect it will be any time soon.
Just stop. Those most interested in electronic voting are either profiting from the deployment, or profiting from manipulating the results.
deleting the extra space after periods so i can stay relevant, yeah.
There is *no* way to verify your vote was counted correctly with online voting. It's conceptually impossible -- at the end of the day, you're always reduced to trusting that the thing on the screen in front of you in some way corresponds to reality and isn't just telling you what you want to hear.
What's worse is, quite a lot of quite clever people -- certainly much cleverer than the average voter -- are heavily invested in saying that you can, in fact, verify an online vote reliably. So they create and describe complex and elaborate protocols that they solemnly swear (or fervently believe) are 100% effective. But an average voter can't begin to know whether the protocols are effective. The complexity of these systems is well beyond their comprehension -- which is no slur on the average voter, I include myself in that category. Ultimately, we're still reduced to being asked to put our faith in a black box coupled with various people saying "trust us, it's totes legit".