Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Online Voting Should Be Verifiable -- But It's a Hard Problem 258

An anonymous reader writes with a link to a pithy overview at The Conversation of recent uses of (and nagging difficulties with) online voting and asks Regular 'internet voting too risky' arguments don't take some approaches into account like verifiability of votes by voters, observers, and international media. Could we have end-to-end verifiable online voting systems in the future? What are the difficulties? Where is it being done already? From the linked article (which provides at least some answers to those questions), one interesting idea:Another challenge to designing verifiability in online voting is the possibility of malware infection of voters' computers. By some estimates between 30%-40% of all home computers are infected. It’s quite possible that determined attackers could produce and distribute malware specifically designed to thwart or alter the outcome of a national election – for example undetectably changing the way a user votes and then covering its tracks by faking how the vote appears to have been cast to the voter. Whatever verifability mechanisms there are could also be thwarted by the malware.

One way to try to prevent this kind of attack is to make voters use several computers during the voting process. Although this is hardly convenient, the idea is to make it more difficult for an attacker to launch a co-ordinated attack across several computers at once.

Bug In DOS-Based Voting Machines Disrupts Belgian Election 193

jfruh (300774) writes "In 20 cantons in Belgium's Flanders region, voting machines are x86 PCs from the DOS era, with two serial ports, a parallel port, a paltry 1 megabyte of RAM and a 3.5-inch disk drive used to load the voting software from a bootable DOS disk. A software bug in those machines is slowing the release of the results from yesterday's election, in which voters chose members of the regional, national, and European parliaments. The remaining voting machines, which are Linux-based, are unaffected, as were voters in the French-speaking Wallonia region of the country, most of whom use paper ballots."

Voting Machine Problem Reports Already Rolling In Screenshot-sm 386

Several readers have submitted news of the inevitable problems involved with trying to securely collect information from tens of millions of people on the same day. A video is making the rounds of a touchscreen voting machine registering a vote for Mitt Romney when Barack Obama was selected. A North Carolina newspaper is reporting that votes for Romney are being switched to Obama. Voters are being encouraged to check and double-check that their votes are recorded accurately. In Ohio, some recently-installed election software got a pass from a District Court Judge. In Galveston County, Texas, poll workers didn't start their computer systems early enough to be ready for the opening of the polls, which led to a court order requiring the stations to be open for an extra two hours at night. Yesterday we discussed how people in New Jersey who were displaced by the storm would be allowed to vote via email; not only are some of the emails bouncing, but voters are being directed to request ballots from a county clerk's personal Hotmail account. If only vote machines were as secure as slot machines. Of course, there's still the good, old fashioned analog problems; workers tampering with ballots, voters being told they can vote tomorrow, and people leaving after excessively long wait times.

IEEE Standards For Voting Machines 221

kgeiger writes "Voting machine designs and data formats are a free-for-all. The result is poor validation and hence opportunity for fraud. An IEEE standards group wants all election computer systems to speak the same language. From the article: 'IEEE Standards Project 1622 is working on electronic data interchange for voting systems. The plan is to create a common format, based on the Election Markup Language (EML) already recommended for use in Europe. This is a subset of the popular XML (eXtensible Markup Language) that specifies particular fields and data structures for use in voting.'"

Kaspersky Calls For Cyber Weapons Convention 166

judgecorp writes with a synopsis of talk given by Kaspersky at CeBit "Cyber weapons are so dangerous, they should be limited by a treaty like those restricting chemical and nuclear arms, Russian security expert Eugene Kaspersky has told a conference. He also warned that online voting was essential or democracy will die out in 20 years."

1.9 Billion Digits: Brazil's Bid For Biometric Voting 140

MatthewVD writes "Brazil is on a massive fingerprinting spree, with the goal of collecting biometric information from each of its 190 million citizens and identifying all voters by their biological signatures by 2018. The country already has a fully electronic voting system and now officials are trying to end fraud, which was rampant after the military dictatorship ended. Dissenters complain that recounts could be impossible and this opens the door for new kinds of fraud. Imagine this happening in the U.S."

In Theory And Practice, Why Internet-Based Voting Is a Bad Idea 218

A few countries, like Estonia, have gone for internet-based voting in national elections in a big way, and many others (like Ireland and Canada) have experimented with it. For Americans, with a presidential election approaching later this year, it's a timely issue: already, some states have come to allow at least certain forms of voting by internet. Proponents say online elections have compelling upsides, chief among them ease of participation. People who might not otherwise vote — in particular military personnel stationed abroad, but many others besides — are more and more reached by internet access. Online voting offers a way to keep the electoral process open to them. With online voting, too, there's no worry about conventional absentee ballots being lost or delayed in the postal system, either before reaching the voter or on the way back to be counted. The downsides, though, are daunting. According to RSA panelists David Jefferson and J. Alex Halderman, in fact, they're overwhelming. Speaking Thursday afternoon, the two laid out their case against e-voting.

(Read more for more, and look for a video interview with Halderman soon).

States Using Cloud Based Voting System For Overseas Citizens 125

gManZboy writes "If a ballot was lost in the cloud, would anyone know? Several states are using an online balloting website based on Microsoft's Azure cloud-computing platform to allow U.S. voters living overseas to cast their votes via the Web in 2012 primary elections. In addition to a now complete Florida primary, Virginia and California will use the system for their primaries, and Washington state will use it for its caucus. To ensure the ballots are from legitimate voters, people use unique identifying information to access their ballots online, according to Microsoft. Once received, the signature on the ballot is matched with registration records to further verify identity."

Man-In-the-Middle Remote Attack On Diebold Voting Machines 251

An anonymous reader tips news of a vulnerability discovered in the Diebold Accuvote voting system, which could be used to alter voting results without leaving evidence of tampering. Quoting Salon: "[T]he Argonne team's attack required no modification, reprogramming, or even knowledge, of the voting machine's proprietary source code. ... The team's video demonstrates how inserting the inexpensive electronic device into the voting machine can offer a "bad guy" virtually complete control over the machine. A cheap remote control unit can enable access to the voting machine from up to half a mile away. ... The video shows three different types of attack, each demonstrating how the intrusion developed by the team allows them to take complete control of the Diebold touch-screen voting machine. They were able to demonstrate a similar attack on a DRE system made by Sequoia Voting Systems as well."
Open Source

E-Voting Reform In an Out Year? 218

An anonymous reader writes "Most of us know the many problems with electronic voting systems. They are closed source and hackable, some have a default candidate checked, and many are unauditable (doing a recount is equivalent to hitting a browser's refresh button). But these issues only come to our attention around election time. Now is the time to think about open source voting, end-to-end auditable voting systems and open source governance. Not in November of 2012, when it will, once again, be far, far too late to do anything about it." It'll be interesting to see what e-voting oddities start cropping up in the current election cycle; Republican straw polls have already started, and the primaries kick off this winter.
United States

An Anonymous, Verifiable E-Voting Tech 236

Kilrah_il writes "After the recent news items about the obstacles facing E-voting systems, many of us feel it is not yet time for this technology. A recent TED talk by David Bismark unveiled a proposal for a new E-voting technology that is both anonymous and verifiable. I am not a cryptography expert, but it does seem interesting and possibly doable."
Open Source

US Elections Dominated By Closed Source. Again. 403

An anonymous reader writes "Another American election is almost here, and while electronic voting is commonplace, it is still overwhelmingly run by closed source, proprietary systems. It has been shown that many of these systems can be compromised (and because they are closed, there may be holes we simply cannot know about). Plus they are vulnerable to software bugs and are often based on unstable, closed-source operating systems. By the inherent nature of closed software, when systems are (optionally!) certified by registrars, there is no proof that they will behave the same on election day as in tests. The opportunities for fraud, tampering and malfunction are rampant. But nonetheless, there is very little political will for open source voting, let alone simple measures like end-to-end auditable voting systems or more radical approaches like open source governance. Why do we remain in the virtual dark ages, when clearly we have better alternatives readily available?"
The Internet

DC Internet Voting Trial Attacked 2 Different Ways 123

mtrachtenberg writes "University of Michigan Professor J. Alex Halderman and his team actually had two completely separate successful attacks on Washington, DC's internet voting experiment. The second path in was revealed by Halderman during testimony before the District of Columbia's Board of Elections and Ethics on Friday. Apparently, a router's master password had been left at the default setting, enabling Halderman to access the system by a completely different method than SQL injection. He presented photographs of a video stream from the voting offices. In addition, he found a file that had apparently been left on the test system contained the PINs of the 900+ voters who would have used the system in November. Others on the panel joined Halderman in pointing out that it was not just this specific implementation of internet voting that was insecure, but the entire concept of using today's internet for voting at all. When a DC official asked why internet voting could not be made secure when top government secrets were secure on the internet, Halderman responded that a big part of keeping government secrets secret was not allowing them to be stored on internet-connected computers. When a DC official asked the panel whether public key infrastructure couldn't allow secure internet voting, a panel member pointed out that the inventor of public key cryptography, MIT professor Ronald Rivest, was a signatory to the letter that had been sent to DC, urging officials there not to proceed with internet voting. Clips from the testimony are available on YouTube." Update: 10/09 19:24 GMT by T : Reader Cwix points out two newspaper stories noting these hearings: one in the Washington Post, the other at the Chicago Tribune. Thanks!
United States

Public Clearinghouse Proposed For Evoting Failures 114

Hugh Pickens writes "Alice Lipowicz writes in Federal Computer Week that Lawrence Norden, senior counsel to the Brennan Center for Justice at New York University School of Law, has reviewed hundreds of reports of problems with electronic voting systems during the last eight years. He is recommending a new regulatory system with a national database, accessible by election officials and others, that identifies voting system malfunctions reported by vendors or election officials and new legislation that requires vendors report evoting failures to the clearinghouse. 'We need a new and better regulatory structure to ensure that voting system defects are caught early, officials in affected jurisdictions are notified immediately, and action is taken to make certain that they will be corrected for all such systems, wherever they are used in the United States,' writes Norden. Adding that election officials rely on vendors to keep them aware of potential problems with voting machines, which is often done voluntarily and that voting system failures in one jurisdiction tend to be repeated in other areas, resulting in reduced public confidence and lost votes."

The best way to avoid responsibility is to say, "I've got responsibilities."