Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
United States

Florida County Asks Students To Crack Elections 370

imAck writes: "After the election fiasco last year in Florida, many have discussed the possibilities of using a computerized voting system to replace the old punch-card ballot system. Florida's Broward county is considering buying a $20 million dollar computerized touchscreen system to handle future elections. What makes the story interesting is how they are planning to test the system for security holes. The county plans on holding mock elections in high schools and at senior citizen communities. They are actually asking the students to try and hack into the system during the mock elections to learn of possible security issues." I wonder if Broward County would look into spending their money on hardware and supporting development of the GNU Project's existing electronic voting software.
This discussion has been archived. No new comments can be posted.

Florda County Asks Students To Crack Elections

Comments Filter:
  • So you Americans wanna record your votes on a potentially complex system, which will envariably be designed, developed and depolyed by the lowest bidder?

    Now that'd be a fun house committee to sit in on...

    And of course, next time, it won't be the Florida elections in dispute... Good ol' Californian brownouts will see to that.

  • But any other time you discover and expose a security flaw, they'll throw you in the brig and misplace the key. So get your H4X0R fix now...

  • First hack: php spellcheck
    All around hack: Jon Katz

  • won't we have use the phrase GNU/President?
    • by Anonymous Coward
      The GNU system will more than likely never be used in the United states. Being a US citizen the powers that be take great pride in making money for their pockets. How do you think we got some of these crappy and downright bizzare voting systems? Corruption. I have yet to see one voting system that is open so that the citizens can inspect it as we are allowed to do under the constitution. The big monster mechanical voting machines of the 50,60,70,80's were easily subverted and even if you didn't subvert the hardware you only needed to subvert the human operators (or overseers). The biggest problem with the GNU voting system is that it is open, is not in control of the government, and therefore not easily subverted as the election can be watched. by watching to see if the same IP address keeps submitting voting requests, and that IP address is not a voting station. Or other traffic modeling to catch ballot stuffing... but you cant stop the fact that a perl script running on the server could nicely stuff ballots... same as the ballot takers can stuff more in.

      You're dealing with a very powerful part of america... and the polotical parties will not allow their power to be diluted or changed.
  • If the election officials bungle paper punch cards, imagine what they will do with computers.

    Training people to do a proper job, with reasonably good materials, will go much further toward fostering a positive voter experience than any electronic devices will.
  • Slashdot can be used as a voting mechanism. Everyone will be given moderator points and will vote for the few candidates who will present themselves with short description as answers to articles. I wonder what kind of results will be collected: Bill Clinton 5 Interesting, Al Gore 3 Flamebait, Bush -1 Troll.
  • A danger (Score:3, Insightful)

    by Pludodog ( 181200 ) on Thursday August 16, 2001 @06:52PM (#2118073) Homepage Journal
    Of course, if someone found an exploit, would they report it? Or simply leave it be, and use it during the election?
    • Re:A danger (Score:5, Funny)

      by Tackhead ( 54550 ) on Thursday August 16, 2001 @07:11PM (#2126879)
      > Of course, if someone found an exploit, would they report it? Or simply leave it be, and use it during the election?

      When either Eric Raymond or Bill Gates is elected President, we'll know for sure.

    • Re:A danger (Score:5, Funny)

      by ackthpt ( 218170 ) on Friday August 17, 2001 @12:55AM (#2155302) Homepage Journal
      A danger only in the sense that the surest way to crack it is for whichever side has appointed the most justices, to appeal to the Supreme Court and have the results tossed out on some grounds, such as there being no hard copy, or could have been faked, or there was a smudge on the screen which made 'B-u-c-h-a-n-a-n' look like 'G-o-r-e'

      Pregnant pixels, anyone?

  • Two problems (Score:4, Insightful)

    by Fencepost ( 107992 ) on Thursday August 16, 2001 @11:45PM (#2119641) Journal
    First, anyone (especially high school students) who actually has the skills to productively participate in this should:
    • Present their credentials to the county commission and convince the commission that they do indeed want this person examining the system
    • Tell the commission that they'll be unable to assist unless they have written assurances of immunity from prosecution for their participation in the test from the relevant local, county, state and federal officials (DAs & AGs).
    While I don't expect that anyone would actually be prosecuted for participating unless they really pissed someone off (it'd be a PR nightmare - "County solicits hacker assistance, State prosecutes helpers!"), I kind of regard it as a "principle of the matter" thing and a way to get the point about silly laws across.

    For high school students, the risk of participating is being branded a "hacker" by your school - they're not interested in what you're doing (e.g. helping the county election board), they're going to screw you over because of the skill set you have.

    Second, I'd be relatively unconcerned about the danger of someone hacking an individual voting machine - anyone wanting to significantly bias an election would be better off arranging some changes to the new tallying systems that will have to go along with the new voting machines.

    For the individual voting machines, it'd be possible to do things like record votes both to disk and to a continuous paper tape (perhaps in a sealed unit). By putting timestamps on the tape every X minutes (15? 30?) and comparing those to the number of people who voted during each time period (as recorded by the elections staff) it would be possible to identify statistically anomalous patterns of extra or dropped votes.

    One problem with paper tape in particular is that there's at least a potential for abusing anonymity with anything that records votes sequentially, particularly if the local election staff has access to the recording media/paper tape. "Hmm, Bob was the third to last person to use that booth. I wonder who he voted for?"

  • by chuckw ( 15728 ) on Thursday August 16, 2001 @09:43PM (#2120402) Homepage Journal

    Picture Dan Rather reporting the latest election return results: "And tonight we have the election returns for the state of Florida. Apparently 31337 hAx0r has won the election by an unprecendented landslide..."

  • Do you feel better now? The only the Federal Govt. would allow computerized elections is to put a Federal computer security and law enforcement agency in charge of it. Welcome to the CCCP where the secret police run the elections.
  • These kind of tests stay in your record and if gov any time in the future sees you as a threat, you can be sure they're going to use that knowledge against you.

    "This man hacked into our systems and he's well able to cause serious damage over computer networks. Just look at this: he cracked Florida's new ballot system!"

    Don't help officals or suits, it gets you screwed big time. If you can code or hack or crack, keep it under the lid in the public and don't brag about it. It doesn't do any good to you.

  • by quintessent ( 197518 ) <my usr name on toofgiB [tod] moc> on Friday August 17, 2001 @04:08AM (#2130853) Journal
    Well, gee whiz, we've had that for a long time. Just download the Slashdot source code, find the part that does those nifty polls, and boom! Instant electronic voting.
  • Why exactly are they having kids try to hack into this again? It seems rather redundant to me. Any system used for something like this shouldn't require testing for security, it should be _proven_ to be secure (ie: written in ADA, if it comes to that).

    I don't know about everyone else, but I'm nervous that this is going to be a solution written by crappy government contractors in VB and SQL server (or PHP and MySQL, for that matter), without any of the rigor associated with Real Security.
  • by Khalid ( 31037 ) on Thursday August 16, 2001 @07:14PM (#2135341) Homepage
    This will be the best guaranty that all the holes will be quickly found. Also I feel that it's the right of every citizen (or at least the knowledgeable ones) to know exactly what kind of system is used to gather their votes, this is a basic right.
    • Also I feel that it's the right of every citizen (or at least the knowledgeable ones) to know exactly what kind of system is used to gather their votes, this is a basic right.

      You're one hundred percent correct, which is exactly why the day a federally-sponsored electronic voting system is announced, there will likely be several hundred FOIA requests [well.com] fired off, mine included.

      Speaking of which... Has anyone tried to do a FOIA request for mundane (ie, not carni^H^H^H^H^H DCS1000, Echelon, or nuclear simulation) government software? I'm sure some of it must be almost laughably bad. Taking it a step further... What about submitting a FOIA request for the source code to a government website, or network infrastructure, or anything else that while not "national security" may be potentially sensitive?
      • Much government software is produced under a contract in which the contractor holds ALL copyrights and the government is granted the rights to use the software. FOIA requests will have no effect, any more than a FOIA request could produce the source code to Windows just becuase the government uses it.
    • Since the $20 million is being paid to a corporate contractor, I wonder what the DMCA or, some area of copyright law is going to do to that concept.
  • And next, this may even happen in Florida.
  • by Apuleius ( 6901 ) on Thursday August 16, 2001 @07:15PM (#2137883) Journal
    The most important thing about electronic elections is not that Haxor Doods can't hack into these machines after they draw the curtain. What's important is that there still be a trail of paper ballots for later audits, in case the election officials are corrupt. If you're going to use these machines, make sure they print an unambiguous ballot that the voter sees and deposits in the box. That way any mishap can be corrected.
    • How about one of those 2-d barcode things like fedex uses that contains like a PGP signature or something to ensure consistancy with the system. Have the code programmed into the machine right before the election booth opens up, then when someone goes to vote, it processes the voteing info accordingly. Not only is this secret (do YOU know how to read a UPS 2-d BarCode?) but it's a little more secure, eh? (No, I'm not Canadian.)
    • Yep a paper trail would be good but how about you ensure that it is also uncorruptable! I think it should be more like a machine where to the on the top of the monitor is a "window" into a "till roll" where a printer logs your vote and your acceptance of the vote (i.e. you must say "Yes the paper is correct" or "No it has not printed what I wanted. Let me vote again."). The paper is never in the voters hands and should be pristine if it is ever examined. Then network it up so it can feed the printer spool to another machine or few which in turn form a network of integrity (running back to the paper, but should the machine be burnt out results can be used). Add a scanner to the devices so that it can check itself and then there would be no excuse for cracking more than a few samples open every election. Finally you could add a video camera to record the votes, and maybe even do voice and face recognition (eyeball, fingerprint ... choose your hardware) learning each vote to reduce to near nil the odds of voter fraud. Your way you just end up with hand counts of pieces of paper ... always riskier and more labour intensive! My way you end up with a few security guards and a couple of "clerks".

      Did you forget this is /. News for Nerds when ou suggested handing pieces of paper around?

  • Watch as we see some articles and letters in the next issue of 2600 [2600.com] [? [everything2.com]]. "How to hack ballots and stuff the votes."

  • So if we fix the Florida elections, then everything's fine. Ok.

    That's nonsense. This could have gone down to any, even the smallest, of the 50 states. Every state has vote counting problems. It seems strange that we're only applying fire protection to the one place that's already burned down.

  • by smagruder ( 207953 ) <stevem@webcommons.biz> on Thursday August 16, 2001 @09:33PM (#2144809) Homepage
    Also note the EDD initiatives forming here [technodemocracy.org] and here [democracy2.org].
  • by Karpe ( 1147 ) on Thursday August 16, 2001 @07:54PM (#2147641) Homepage
    ...are inside attacks. That is, not to garantee that the system is immune to crackers, but that it is immune to attacks by the government. Unfortunately, we don't have that second garantee here in Brazil, where we had an election with 100% of electronic ballots last year. The worse is that government won't allow researchers to audit those ballots.
  • That...

    1. the responsible parties in FL think that this is a remotely good idea, and
    2. the responsible parties in FL think that "electronic" voting is feasible.

    Don't these people consult experts that know about such things, and have informed opinions? Or do they just listen to brain-dead consultants.

    Check out a Crypto-Gram article for a better explanation than I can provide:
  • "Have you Meta Moderated the Presidential Election Today?"
  • Hello! (Score:3, Funny)

    by Guppy06 ( 410832 ) on Friday August 17, 2001 @01:07AM (#2154752)
    How are you? I send you this vote to get your advice.
  • Choose One:

    Cheap $3.00 Crack

    The Good Shizzit(TM)

  • I hope that is far from the only testing they will do.

    It is a classical mistake to have a competition with big prizes for cracking any crypto or similar system, and then assume that if nobody succeeded, it must be safe. Money is, after all, the only real motivator in the world, right?

    Well, lets say Brandon K Cracker managed to find a way to circumvent the voting system. Let's assume there was a cash-prize of $10k for cracking it. Would he disclose his success in cracking the system?

    The answer is that he most likely would, if (and only if) the value he got out of doing so now would be greater than the value he would get out of disclosing it when Florida already uses the system.

    There are lots of people in the world that would pay very handsomely to influence or DoS elections, even in a small country. And when its the american elections, they would pay even better.

    Then there's always the possibility that for Brandon money isn't the Grand Only Force that some people think it to be for everybody. Maybe he is in fact politically or religiously a very engaged boy, he might see the potential to use his knowledge for making sure that <insert nasty organization here> wins the next election.

    So using this kind of testing to verify security of any system is always a mistake, at least if it is given any large value in the final evaluation.

    But of course it doesn't hurt as a part of a much larger evaluation. Some "honest" boy might find a big hole and report it. And, if not else, it is a great way to do "monkey testing" to see if the system crashes under load.

    Just don't trust it.

  • Hundreds of would be hackers rounded up in computer sting!
  • by bwt ( 68845 ) on Thursday August 16, 2001 @07:04PM (#2155111) Homepage
    I just cracked the voting system they are proposing to use. Unfortunately, because of the DMCA, I cannot share the technical details, other than to say that it does involve a double application of the rot-13 technology.
  • The county plans on holding mock elections in high schools and at senior citizen communities. They are actually asking the students to try and hack into the system during the mock elections to learn of possible security

    Grownup: "Hey you! You're a teenager, you must know something about these copmuter-ma-thingies. You listen to MP3's, that means you're a computer-hacka ... whatchamacallit ... hacker. Right?"

    Kid: "Uh yeah, sure. I guess so"

    Grownup: "Great! Great! Try to hack into this computer and ruin the election".

    Kid (Avid reader of Pointy Haired Weekly for Teens) logs into computer, discovers that there is no C:\ prompt, and give up.

    Kid: "Well sir, this computer is unhackable."

    Grownup: "Yes! Yes! We are secure! SECURE! We'll see if those half-blind, senile senior citizens can screw up the *next* election!" ...

    Why not make this contest open to the public ?

  • by Anonymous Coward on Thursday August 16, 2001 @07:05PM (#2155400)
    What is it with American elections? Isn't ticking the box on a voting slip good enough? It seems to be good enough for just about every other 1st world country. Is there some farcical requirement in the constitution that elections be complicated, weird and produce dubious results?

    This is just like that episode of "The Simpsons" where they're holding a referendum by blowing out candles, flushing toilets, droping pebbles in jars, pulling on one-armed bandits and other such nonsense. Now we introduce computers. Hell, I wouldn't trust any large scale software project I've ever worked on to count my vote.

    One word, KISS.
    • Damn Anonymous Coward. Your name's probably Chad.
    • Well there are two problems here:

      1. the punchcards like to put a mark between two check boxes.

      2. it is apparent that the general population is incredibly confused when it comes to using the systems (as simple as they are).

      KISSing can never be simple enough.
    • What is it with American elections? Isn't ticking the box on a voting slip good enough?

      You obviously didn't pay attention to our last election.

      • You obviously didn't pay attention to our last election.

        I did. Canadian election happened on November 27 (several weeks after US) and we knew the results the next morning (several weeks before US). The entire country used paper ballots which you mark with pencil and drop in the box. No pregnant chads. No butterfly ballots. No punchcards. No nonsense.

      • by Platinum Dragon ( 34829 ) on Thursday August 16, 2001 @07:53PM (#2147637) Journal
        You obviously didn't pay attention to our last election.

        No, but he might have paid attention to the Canadian election that took place in a single night, Nov. 27, while the US was still trying to decide what a dimpled chad signified, and whether a full recount was really worth it.

        In my opinion (you didn't ask, but you're getting it anyway:), every vote should have been counted, and if there was any ambiguity in the vote, toss it. Lesson learned; don't use overly complicated voting systems. Seriously, what's the problem with having the names lined up on one side, and the marking points on the other? Who the drizzling shit came up with those 50 000 different voting systems, anyway? Doesn't anyone take that shit seriously enough to think that maybe, just maybe, voting systems should be consistent?

        Sorry for the rant; I just can't figure out how the country that's supposed to be a model of democracy gets itself in such a stupid mess in the first place.

        *walks away shaking head*
        • In my opinion (you didn't ask, but you're getting it anyway:), every vote should have been counted, and if there was any ambiguity in the vote, toss it. Lesson learned; don't use overly complicated voting systems. Seriously, what's the problem with having the names lined up on one side, and the marking points on the other? Who the

          With a punch-card system, if the names are all lined up on one side, they have to be really tiny [single-lines]. Then you get flack from people who couldn't read the ballot. A butterfly ballot allows candidate names to be double-height.

          drizzling shit came up with those 50 000 different voting systems, anyway? Doesn't anyone take that shit seriously enough to think that maybe, just maybe, voting systems should be consistent?

          Um... the counties? The Federal elections weren't the only ones going on on Nov. 7'th, you know -- state and local candidates were running, also. A county with 200 candidates for a given position may feasibly need a different ballot design than one with 2.

        • Doesn't anyone take that shit seriously enough to think that maybe, just maybe, voting systems should be consistent?

          The differences in voting systems are considered a benefit: one compromise can't rig the whole system.
        • In my opinion (you didn't ask, but you're getting it anyway:), every vote should have been counted, and if there was any ambiguity in the vote, toss it. Lesson learned; don't use overly complicated voting systems.

          Here's my opinion. Every vote was counted, and they did toss the ones in which there was ambiguity. There were some problems with the voting system in Florida. I saw the ballot and relly don't think it was really confusing. VOters do have a responsibility to take a little bit of time to make sure they understand what they are doing. If they couldn't look over the ballot carefully, then their right to vote wasn't that important to them. A different system will just result in different mistakes.
          There was another problem that did concern me. There were punch card machines that hadn't had the chads cleaned out of them for years. It is likely that because these were full, the chads did not completely detach on some people's cards. That was due to unacceptable incompetence by the people in the local elections offices. They are supposed to ensure that the voting equipment was in good working order. They didn't do their jobs. However, that fact was mostly ignored, and those people weren't held responsible for their mistakes. Why? It just didn't make as good of a news story as the system being out to disenfranchise minority voters. The system needs fixing, but it's not going to be fixed until there's some accountability for the local elections officials who didn't perform their responsibilities.
  • by Mignon ( 34109 ) <satan@programmer.net> on Thursday August 16, 2001 @08:02PM (#2155542)
    First of all, how do the county officials plan to get immunity from prosecution for violating the DMCA for all participants in this test? Second, how do the officials plan to limit the scope of what is allowable hacking? If, for example, someone manages to subvert the results with some social hacking, does that count against the test system (or does the hacker get thrown in jail?)

    Third (and here's where the paranoia shines through), what about the list of people who try to hack the voting system? Is it going to be destroyed after the test, or will it somehow wind up in the hands of some law enforcement agency to be used as as self-selected suspect list the next time something bad happens to a computer somewhere?

  • What an excellent idea! I wish that more companies/entities would utilize this excellent security measure. Imagine how much better M$ would be if they just took after Florda, and had a crack me IIS server. You know everyone would want to crack it, and some of the insecurities would get opened before they cause damage. Florda's new policy rules.
    • by diablovision ( 83618 ) on Thursday August 16, 2001 @07:15PM (#2137886)
      I thought I sensed a hint of sarcasm in your first sentence, but I guess you really believe what you are saying. Do you really think that this is such a wonderful security measure? A hacker challenge? How about a provably secure system, based on formal methods?

      Let's review why black-box testing is a weak form of testing:
      1. Just because no one finds an exploit doesn't mean the system is secure.
      2. If someone discovers a flaw, it may in fact be more lucrative for them to keep it a secret and exploit it later.

      If you were a malicious group wanting to cause havoc in America, do you think you would enter a "hacker challenge" to demonstrate flaws in a system, then reveal the flaws for a moderate compensation, or do you think you would wait quietly until the system was deployed, at which point you could massively influence the elections through the flaw you discovered?
      • In order to use formal methods to prove something is secure, you have to find a way to represend all the possible variables. In even a system specifically designed for voting, this is likely an impossible task. Each component from the OS, as simple as it may be, to the device drivers that run the touch screen, would have to be designed with an extremely rigorous process to ensure that your formal methods would have any validity. I'm not saying that formal methods shouldn't play a role in the design of a secure system. I just don't think you're going to be able to really prove a system is secure. You can however do better than just throwing a system together and patching the security issues that come up in limited testing. If they want the system to be secure, the first thing they need to do is isolate the network, and strictly limit access. If it's attached to the internet then security will be a much greater risk.
      • I'm not sure what you can mathematically prove about a real-world system like this. What havoc can I cause by dropping a pencil stub in the printer that creates the paper record of votes? What if I pull THIS plug at THAT time? (And, hmm, what if I then stick that plug into my laptop?) Or what if I adjust the vertical on the display to hide the bottom candidate from that sweet, but mentally fragile grandmother behind me in line? What happens to a touch screen if I stick a little piece of gum on it? Can I somehow damage the touch sensors without making this fact evident? Exactly how much fun can I have with a strong magnet? In short, I'm not sure that formal methods buy you much in such an informal environment.

    • They did that with some test Windows 2000 box, which nobody broke into as I recall. (Golly, Windows 2000 must be secure!) However, Windows 2000 started getting cracked once Microsoft started shipping the negligent bloatware (yup, still have not fixed that virus-bearing document format). This is due to crackers getting to sit a Windows 2000 box down, rip it apart, and otherwise get their hands on it, rather than poking sticks at an ivory tower somewhere.

      Plus, with the recent SMDI thingy, I think some folks would be wary to take up a corporations offer "hack this, please, we won't beat you up with the DMCA. honest."
  • ...since they can already deliver their own state by hand, they will use the information gained to use the Internet to remotely subvert the Constitution in other states.

    • Re:And then... (Score:5, Interesting)

      by mmaddox ( 155681 ) <oopfoo@[ ]il.com ['gma' in gap]> on Thursday August 16, 2001 @07:03PM (#2138531)
      Having worked for the Secretary of State here in Florida (and working on the first couple of election results systems for the Florida Dept. of State, Division of Elections), I feel confident saying that the problems in Florida are mostly due to sheer incompetence. The few people who actually know anything aren't compensated enough to stay on, and the rest rely on Peter Principle to stay in their positions. Problem is, this incompetence allows those who are truly evil to have free reign over the elections. It's not some big, carefully orchestrated plot, it's pure opportunism - wait around for a big enough screw up, and have your fun during the resulting confusion.
      • While manual counting may be reliable, it would take a pretty huge chunk of resources. That's just silly. Hundreds of people labouring for days to count things. And you need to oversee every part of the process to make sure no-one cheats. One of the attractions of electronic counting is that once the method has been scrutinised and approved by participants, you can (provided the _deployment_ has a secure procedure as well) know that exactly the same method will be deployed everywhere.

        Here (Canberra Australia) we are going to be testing electronic voting. The code is GPL and available to anyone for validation, the process is transparent and anonymous and the security is physical (they treat the voting servers/stations just like sealed ballot boxes).

        You won't get fair voting systems without good people, the systems should lt them exert more control over how the system works.

        • [ it would take too long to count ], he says.

          I beg to differ. In Florida, home of PBC's now widely infamous ``butterfly ballot'', we have 67 counties. Of those, one used an advanced system of ballots where people were issued pieces of paper with pre-printed candidate names upon entry to the polling place. The people who were issued the pieces of paper made marks beside those names which most pleased or least displeased them.

          At the end of the day, in 11 precincts around the county, the pieces of paper were sorted and counted. First, the papers were sorted according to the selection in the first race, then counted. The papers were then sorted according to the selection in the second race, and again counted. This advanced procedure (known as ``tabulation'') was performed for each race on the ballot.

          The number of voters per precinct worked out to about 500. Union County had its results reported before midnight. No one doubted the results: the counts were quite reasonably accurate.

          In Volusia County, which used a similar system except that the pieces of paper were counted by machine, we had results but not the same week as the election. We also had about 500 voters per precinct. There were disputes about the accuracy of the results, though in the weeks following the election they were pretty well settled.

          So tell me, if Union can correctly hand-count their ballots and be home before midnight, why should we believe your claim that it'd take too long? If they had results before the machine-count counties, why should we believe that machine counting is better and faster faster?

          Consider also the problem of Dade County. If you were to provide a balloting method which did not leave countable pieces of paper, do you believe that there is any chance of honest results?

          • > So tell me, if Union can correctly hand-count their ballots and be home before midnight

            Correctly? By what alternate means of counting was the correctness of the count asserted?

            Since we assume that hand-counting is the last resort and most correct method, resorting to it first results in the assumption that we have made the count correctly and avoided the error-prone methods.

            But why do you think we started using polling machines in the first place?

  • by tbmaddux ( 145207 ) on Thursday August 16, 2001 @07:38PM (#2157926) Homepage Journal
    Caltech and MIT have studied voting technology. [mit.edu] Their report released last month [mit.edu] found that hand-counting and optically scanned paper had the lowest counts of unmarked, uncounted, and spoiled ballots in presidential, Senate and governor elections over the last 12 years. And over the same time period, electronic voting systems were the second worst!

    Who needs hackers if the electronic systems already suck?

  • by DuncanMurray ( 448670 ) on Thursday August 16, 2001 @07:34PM (#2157989) Homepage
    And the new President is...

    Cowboy Neal??

  • Once we get election problems in Florda fixed, maybe we should then focus on fixing problems here in the USA (particularly in the state of Florida).

    BTW, I'm having trouble finding Florda on my world map.

  • subject (Score:2, Funny)

    by Anonymous Coward
    if(gore > bush) {
    printf("Gore wins\n");
    elseif(bush > gore) {
    printf("Bush wins\n");
    else {
  • by Skyshadow ( 508 ) on Thursday August 16, 2001 @07:29PM (#2158159) Homepage
    Am I alone in thinking that just a "touch the screen pick the President" thing is wasting the potential of a computerized voting center? For example, what if each candidate was allowed to submit a 1-page position paper that the voter could access when they're voting (hit "Details" or something?). I think that would be terrifically helpful in, say, local elections where you might not know the differences between the candidates or even what the office entails (WTF is a city controller?). Or what about having the booth voice-enabled for the vision impared (especially the elderly)? What about vote confirmation ("You have voted to xxx; press 'Change' to alter your ballot or 'Commit' to continue")? Can anyone think of other useful features? I mean, you want it to be clean and straight-forward, but why squander the potential?
    • Can anyone think of other useful features Yeah, I can think of a few, but I'm afraid that the first one that will be added is advertising. "You have selected George W. Bush. Please enjoy this informational video by the NRA."
  • Give each voter a simple ballot paper and a pencil.

    Get rid of all hole punches, chads, butterfly ballots, etc etc etc.

    Remember the KISS principal at all times.

  • by coyote-san ( 38515 ) on Thursday August 16, 2001 @07:22PM (#2158286)
    High school students and retirees are good for usability testing, but anyone who thinks they'll be good for security testing is crazy.

    N.B., I am not saying that no teenager (or retiree) can do good security testing work, but they're the exception. They'll be able to provide valuable usability feedback (e.g., no more butterfly ballots, or multiple selections made by shaky hands), but thinking it will say anything at all about security is a joke.

    Good security testing requires a specific mindset and a good knowledge of previous attacks. This is rare, at any age, and requires the type of behavior that I'm sure the administrators will try to discourage. This sounds like a situation set up to guarantee a false sense of security.

    • I think the reason behind this is that they're enlisting a stereotype. Other articles [sun-sentinel.com] on the subject talk about 'teen hackers' and 'whiz-kids'. It seems that the people planning this believe 'hacker' is another word for a punk kid who spends too much time online.
    • The biggest threat of v0te h@cking does not arise in the voting booth. What concern me more are -
      • Are the voting booths on a network that can be reached from outside on election day?
      • If the votes are h@x0red after the election, will it be possible to detect that fact? (I.e., there won't be any physical ballots to recount.)
      • If the machines are rigged before the election, will it be possible to detect that fact?
      IMO, the risks of computerized elections are not worth the payoff. Alas, the last election set up a situation where counties all over the nation will have an excuse to eagerly spend our tax dollars on snake-oil solutions.
    • High school students and retirees are good for usability testing, but anyone who thinks they'll be good for security testing is crazy.

      These two age groups are the actual voters themselves... they will be the ones physically voting at the polls. I guess the idea is if teenagers can figure it out, and the seniors can figure it out, then 30 - 50 year olds can figure it out. This is an excellent test to perform in tandem with your security test.

      The hacker group is a separate group who may or may not be actually voting in the mock elections.
  • by Mustang Matt ( 133426 ) on Thursday August 16, 2001 @07:20PM (#2158344)
    A cute little *nix variant with a 4 button keyboard.
    Up, Down, Forward, Back.

    You move the cursor to your choice and hit Forward. At the end you review your choices. Select any that you want to change and finish.

    A green light appears on the desk of the silly little election monitor guys table. He waits for that person to leave and allows the next person to enter the booth and hits a button to accept the next poll after the person has been verified. Any person without proper ID or if they don't make it within the voting time period does not get to vote. They can go cry a river somewhere.
  • People will be trying to crack elections.state.florida.us, so they'll miss the real server at elections.state.florda.us. That's thinking ahead!

From Sharp minds come... pointed heads. -- Bryan Sparrowhawk