Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

DC Suspends Tests of Online Voting System

timothy posted about 4 years ago | from the vote-erlich-and-often dept.

Government 170

Fortran IV writes "Back in June, Washington, DC signed up with the The Open Source Digital Foundation to set up an internet voting system for DC residents overseas. The plan was to have the system operational by the November general election. Last week the DC Board of Elections and Ethics opened the system for testing and attracted the attention of students at the University of Michigan, with comical results. The DC Board has postponed implementation of the system for 'more robust testing.'" Update: 10/06 02:42 GMT by T : University of Michigan computer scientist J. Alex Halderman provides an explanation of exactly how the folks at Michigan exploited the DC system.

Sorry! There are no comments related to the filter you selected.

"MORE robust testing" or "more ROBUST testing"? (1, Troll)

Mike Kristopeit 9 (1915954) | about 4 years ago | (#33801528)

has there been robust testing yet or not?

Re:"MORE robust testing" or "more ROBUST testing"? (1)

blair1q (305137) | about 4 years ago | (#33801642)

He means "rigorous".

You mean "robustness".

0 marks all around.

[Hail to the Redskins...
Hail vic-to-ryyyyy...]

Re:"MORE robust testing" or "more ROBUST testing"? (1)

BadAnalogyGuy (945258) | about 4 years ago | (#33801684)

Hail to the Redskins...
Hail vic-to-ryyyyy...

Just hearing that makes me want to headbutt a wall!

Go Skins!

Re:"MORE robust testing" or "more ROBUST testing"? (0, Troll)

Michael Kristopeit 1 (1913328) | about 4 years ago | (#33801910)

i most certainly did not mean "robustness"... i mean only to uncover the intentions of an ambiguous bureaucrat trusted with appointing my representatives.

Re:"MORE robust testing" or "more ROBUST testing"? (1)

blair1q (305137) | about 4 years ago | (#33802058)

Well, since you seem to come in packs of 10, I think you're not the one we want investigating voting irregularities.

Re:"MORE robust testing" or "more ROBUST testing"? (0, Troll)

Michael Kristopeit 2 (1913310) | about 4 years ago | (#33802272)

i assure you i am 1 person... and everything i am packing is loaded.

it seems you come in packs of 1q... odd... the only other thing i know of that is distributed in 1q packs are IDIOTS.

i think you don't want me investigating voting irregularities because you are scared that i will reveal THE TRUTH.

Re:"MORE robust testing" or "more ROBUST testing"? (0)

Anonymous Coward | about 4 years ago | (#33802548)

You did not win.

And you only have yourself to blame.

Re:"MORE robust testing" or "more ROBUST testing"? (1)

Michael Kristopeit 8 (1913324) | about 4 years ago | (#33802604)

in a discussion of purported facts, there is the truth and there is lies.

i have presented the truth, as can obviously be seen.

your attempt to suggest a game was being played, seemingly to justify your continued attempts at lying is pathetic.

you are NOTHING

Re:"MORE robust testing" or "more ROBUST testing"? (1)

tqk (413719) | about 4 years ago | (#33802982)

Moriarty, s'tat choo?

Had to be asked.

Re:"MORE robust testing" or "more ROBUST testing"? (1)

Michael Kristopeit (1751814) | about 4 years ago | (#33803348)

arch.

open public review (1, Insightful)

Anonymous Coward | about 4 years ago | (#33801552)

Every critical government system like this should be required to pass through a period of open public review before even being considered for use.

They could actually use prizes to be paid by the government contractor who submitted the bid. If they do a shoddy job on security, they'll not only lose the bid, but they'll also lose additional money (a refundable deposit) to whoever finds their security flaws.

Re:open public review (2, Informative)

blair1q (305137) | about 4 years ago | (#33801778)

It's open software, so you can look at it any time you like.

Of course, so can the h4xx0rs.

And they don't have to pwn it until election day. By which time you no longer have open access to the code in the box. You can try to hack it, but you probably won't be able to tell what other hacks have been applied by looking at the binary.

The fact is, if the voting system is built on an operating system that allows a superuser access to all things, then it's ultimately vulnerable to all types of hack, as long as there's any exploit that allows superuser access.

And if it has an IP component over the public interwebs, all bets are off, no matter what TLA you're using to encrypt it.

Re:open public review (-1, Redundant)

Mike Kristopeit 9 (1915954) | about 4 years ago | (#33801876)

The fact is...

THE fact??? another fact you have seemingly overlooked is a paper vote is only as reliable as the sum of all of the individuals who have had physical access to it.

Re:open public review (3, Insightful)

blair1q (305137) | about 4 years ago | (#33802048)

But a paper vote can be audited by the original voter.

And electronic vote can be manipulated just long enough to pass through the counting register, and when it gets back to the original voter it can look exactly like it did before it was manipulated.

Re:open public review (0, Troll)

Michael Kristopeit 1 (1913328) | about 4 years ago | (#33802228)

... if the electronic vote is being brought back to the original voter for confirmation, then why isn't the "counting register" also being reprocessed?

you're an idiot.

Re:open public review (-1, Troll)

Anonymous Coward | about 4 years ago | (#33802504)

He's not an idiot. He's an American.

Re:open public review (0, Troll)

Michael Kristopeit 6 (1913320) | about 4 years ago | (#33802576)

and you're a coward without a point.

Re:open public review (0)

Anonymous Coward | about 4 years ago | (#33803232)

He's not a coward. He's an American.

Re:open public review (0, Troll)

Michael Kristopeit 3 (1913312) | about 4 years ago | (#33803378)

uh... he IS a coward. of the anonymous variety... perhaps the most cowardly of the coward.

you're an idiot.

Electronic voting, yes! Online voting, no! (2, Insightful)

BadAnalogyGuy (945258) | about 4 years ago | (#33801586)

Voting machines should definitely be electronic.

Online voting seems to be so problem-prone as to be useless. Something as simple as a smurf attack could potentially block every voter from casting their ballot in time.

Re:Electronic voting, yes! Online voting, no! (2, Insightful)

hedwards (940851) | about 4 years ago | (#33801650)

I have to agree, online voting has some very serious problems with it. Even if you solve the technological ones, you'd still have to figure out how to prove that the person that's actually voting is the intended voter and that there isn't anybody there that's suggesting how they should vote.

Re:Electronic voting, yes! Online voting, no! (2, Insightful)

hedwards (940851) | about 4 years ago | (#33801662)

Erm, on further thought, that would just make it like vote by mail.

Re:Electronic voting, yes! Online voting, no! (-1, Troll)

Mike Kristopeit 9 (1915954) | about 4 years ago | (#33801762)

and to guide your realization further, just because someone isn't physically with a voter in the booth doesn't mean a video transmission device couldn't be used to prove a vote was made to deter some hostile act from happening to the voter.

if we can't make online voting work, we can't function at all in the digital age.

Re:Electronic voting, yes! Online voting, no! (4, Insightful)

Obfuscant (592200) | about 4 years ago | (#33801850)

if we can't make online voting work, we can't function at all in the digital age.

Current history disproves this your statement. We cannot yet make online voting work and yet we function pretty well in the "digital age".

Re:Electronic voting, yes! Online voting, no! (-1, Flamebait)

Michael Kristopeit 1 (1913328) | about 4 years ago | (#33801942)

what specifically disproves my statement?

when did the digital age begin? when will you be satisfied that we have failed? if we begin killing one another? complete annihilation? is society progressing and prospering or receding and regressing?

i don't think you know what "Current history" means, or the current state of it or the state of it's rate of change.

Re:Electronic voting, yes! Online voting, no! (-1, Troll)

Michael Kristopeit 1 (1913328) | about 4 years ago | (#33802100)

idiot moderators.

"i want to argue with you, but i am unable to do so because your factual evidence that you provided to disprove someone else who brought doubt to your claims" IS NOT "Flamebait"

you can not silence THE TRUTH.

Re:Electronic voting, yes! Online voting, no! (1)

h4rr4r (612664) | about 4 years ago | (#33802216)

You could try defining digital age if you want to make the argument that it has not begun or that we have failed at it. The current normal understanding is that we are living it right now.

Re:Electronic voting, yes! Online voting, no! (-1, Troll)

Michael Kristopeit 3 (1913312) | about 4 years ago | (#33802294)

so it has not ended... which means there is still potential to fail... which means "obfuscant's" claim that proof exists to disprove me CAN NOT BE TRUE.

Re:Electronic voting, yes! Online voting, no! (0, Troll)

Michael Kristopeit 4 (1913314) | about 4 years ago | (#33802310)

We cannot yet make online voting work

my personal ability to make online voting work disproves your statement.

http://www.jerseys-2010.com (0, Offtopic)

amanda5211 (1915578) | about 4 years ago | (#33803822)

[url=http://www.jerseys-2010.com/wholesale nfl jerseys[/url] [url=http://www.jerseys-2010.com/cheap nhl jerseys[/url] [url=http://www.jerseys-2010.com/football jerseys[/url] [url=http://www.jerseys-2010.com/nba shop[/url] wholesale nfl jerseys [jerseys-2010.com] cheap nhl jerseys [jerseys-2010.com] football jerseys [jerseys-2010.com] nba shop [jerseys-2010.com] [url=http://www.hatonsale.com/winter cap[/url] [url=http://www.hatonsale.com/red bull cap[/url] [url=http://www.hatonsale.com/monster hat[/url] [url=http://www.hatonsale.com/new era hats[/url] winter cap [hatonsale.com] red bull cap [hatonsale.com] monster hat [hatonsale.com] new era hats [hatonsale.com] Monster Energy Hats [hatonsale.com] Dc Shoes Ken Block 43 Ford Monster [hatonsale.com] Dc Shoes Ken Block 43 Ford Monster [hatonsale.com] NBA Detroit Pistons [jerseys-2010.com] Reebok NFL Jerseys Philadelphia Eagles [jerseys-2010.com] Kids Kansas City Royals PHILLES [jerseys-2010.com] http://www.jerseys-2010.com/ [jerseys-2010.com] http://www.hatonsale.com/ [hatonsale.com]

Re:Electronic voting, yes! Online voting, no! (1)

Gofyerself (1709970) | about 4 years ago | (#33802244)

We can't even make paper voting work, what makes you think we will ever get online voting right!

Re:Electronic voting, yes! Online voting, no! (-1, Troll)

Michael Kristopeit 5 (1913316) | about 4 years ago | (#33802350)

people who aren't me, who have trusted people who aren't me, can't make paper voting work.

i think i can get online voting right, because it's a trivial task.

Re:Electronic voting, yes! Online voting, no! (3, Insightful)

NatasRevol (731260) | about 4 years ago | (#33803488)

Trivial? Yeah right. And you wonder why other moderators are rating you flamebait.

Online voting is not trivial for one reason. Security from vote tampering.

If you can get 300 million people to vote online, without vote tampering up to and including hacking 'your' system, then you're a hero.

But you're not.

Re:Electronic voting, yes! Online voting, no! (-1, Troll)

Mike Kristopeit 16 (1916064) | about 4 years ago | (#33803634)

give all registered voters a keychain with a predictable radioactive decay element used in combination with a passphrase and unique identifier (probably social security)... call it a "voting key".

you'd rather pay diebold $2 billion and then trash what they deliver?

you're an idiot.

Re:Electronic voting, yes! Online voting, no! (0, Troll)

Mike Kristopeit 16 (1916064) | about 4 years ago | (#33803718)

accurately recording 300 million records, and filtering out unauthenticated communication is as easy as it gets.

do you run around in the front of gas stations screaming "if only you idiots could invent a fluid that would combust uniformly, then you could build a functioning engine, BUT YOU CAN'T BECAUSE YOU'RE ALL INCAPABLE"?

in what ways do you stand to benefit from online voting succeeding? do you work in a paper mill? perhaps you rent out the church gym to the city for elections? or do you do it for free to get the access to the "vote totes" that you "promise" not to disturb?

Re:Electronic voting, yes! Online voting, no! (0)

Anonymous Coward | about 4 years ago | (#33803932)

predictable radioactive decay

LOL

Re:Electronic voting, yes! Online voting, no! (1)

Mike Kristopeit 16 (1916064) | about 4 years ago | (#33804072)

obviously in combination with a one time physically transferred key library, similar to the RSA 6 digit devices in use by almost everyone that cares about online transaction authentication.

how is this funny? because it's true? because it is as trivial as i claim?

Re:Electronic voting, yes! Online voting, no! (0)

Anonymous Coward | about 4 years ago | (#33804134)

There is no such thing as 'predictable radioactive decay' you epic retard.

I guess you skipped that day of junior high.

Re:Electronic voting, yes! Online voting, no! (1)

Mike Kristopeit 16 (1916064) | about 4 years ago | (#33804246)

... perhaps you went to the amish junior high?

you're an idiot. [duke.edu]

Re:Electronic voting, yes! Online voting, no! (0)

Anonymous Coward | about 4 years ago | (#33804414)

Predictable rate of decay != Predictable decay.

While the rate of decay for any particular substance is trivial to determine. Thanks to Heisenberg's Uncertainty Principle the actual incidences of decay are completely indeterminable. Random.

SecurID tokens are essentially just PRNGs built up from cryptographic primitives, hooked up to a clock. A new number is popped off the PRNG at set intervals, and it is that number which the tokens display to you.

The Psuedo in the PRNG is more than important, it is mandatory. The agent you are authenticating against has the seed of the PRNG and can thus calculate the same value that is displaying on the token. With a RNG (radioactive source), it is impossible for the agent you are verifying yourself against to calculate the correct value.

tl;dr: you have demonstrated your idiocy in record time today. keep up the great work.

Re:Electronic voting, yes! Online voting, no! (1)

Mike Kristopeit 16 (1916064) | about 4 years ago | (#33804142)

you do realize this is the defense against "tampering" that the nuclear submarines use to authenticate launch orders......

i'm convinced... you work for a paper mill.

Re:Electronic voting, yes! Online voting, no! (1)

Yaur (1069446) | about 4 years ago | (#33804280)

In "almost everyone that cares about online transaction authentication" the central party is fully trusted and transactions are not anonymous. In online voting the central party is only partially trusted, all transactions must be anonymous, and each voter can vote at most once. This, not user authentication, is what makes the problem hard.

Re:Electronic voting, yes! Online voting, no! (1)

Mike Kristopeit 16 (1916064) | about 4 years ago | (#33804356)

it isn't hard at all. authenticate, get a token, vote. if authentication fails because a token was already granted, get a human involved. track down offenders.

how is this any more of a risk than individuals entrusted to "guard" large bins of paper votes?

Re:Electronic voting, yes! Online voting, no! (1)

Mike Kristopeit 16 (1916064) | about 4 years ago | (#33804188)

do you also laugh at your smoke detectors every time you see them?

Re:Electronic voting, yes! Online voting, no! (1)

Mike Kristopeit 16 (1916064) | about 4 years ago | (#33803826)

Security from vote tampering.

are you claiming that vote tampering does not currently affect any paper based, hand-counted elections? are you claiming that online voting would certainly have more vote tampering? how? when a single person or small entrusted group can arbitrarily destroy any physical vote at their location, it's hard to argue in relative potentials.

again,
you're an idiot.

Re:Electronic voting, yes! Online voting, no! (1)

Yaur (1069446) | about 4 years ago | (#33804218)

Online voting requires satisfying a set of unsatisfiable constraints. If you think its trivial you either aren't seeing the whole problem or haven't thought about it enough.

Re:Electronic voting, yes! Online voting, no! (1)

Mike Kristopeit 16 (1916064) | about 4 years ago | (#33804314)

i certainly have. vote by mail is acceptable... so whether or not voting while not present is acceptable is not relevant... it is allowed.

so the risk is flooding of invalid votes. vote by mail limits this the physical limits of the postal service. a million invalid votes couldn't be dropped off at a single mailbox, so too a million communication signal requests could not originate from a single physical location... adding hops and delays to the network effectively mimic the limitations enforced by the postal system.

allowing me to vote in the way that i can prove is most fair for everyone in terms of vulnerability to vote tampering can most certainly not be an unsatisfiable constraint.

Re:Electronic voting, yes! Online voting, no! (2, Insightful)

jd (1658) | about 4 years ago | (#33802222)

Not necessarily. It should be possible to devise an online voting system that worked securely and reliably. To defeat DoS/DDoS attacks, you would probably want to have virtual circuits (eg: MPLS) or bandwidth allocation (eg: RSVP) such that an attack cannot encroach on the voter's bandwidth. Alternatively, an ISP could run Snort or another NIDS system in such a manner as to detect a DDoS attack and block the source addresses. So long as it was done far enough upsteam that there was still available bandwidth, this would prevent an attack. Or they could use a packet-dropping scheme that is designed to handle "unresponsive flows" such as UDP and ICMP.

In the case of RSVP, there would be a certain bandwidth reservation (via UDP) between the client and the central server. This bandwidth is guaranteed by the protocol and the routers enforce this. Because it uses UDP, you have to then use a layer on top of that to provide the reliability. There are plenty of file-transfer protocols using UDP that have such layers, so the code is out there.

However, ALL of this requires cooperation by ISPs at one level or another. In other words, the ISP would need to be certified as capable of guaranteeing vote delivery in order to provide any kind of guarantee. This could be done. The ISPs won't like it, but it could be done.

Re:Electronic voting, yes! Online voting, no! (2, Interesting)

Cylix (55374) | about 4 years ago | (#33802308)

Nope,

There several network appliances that can assistance and eliminate most of the overhead of a denial of service attack. This of course would not compensate for upstream saturation, but you have within your power to eliminate a good deal of it long enough to work with upstream providers.

This is why lots of new denial of service attacks focus on exploiting content which has a high application cost. ie, find a page which has too much dynamic content or generates slowly due to dependent services being at threshold. With this mindset you can essentially pressure point an application host even if it is well protected.

If you have to secure, enforce constraints or manage much of anything at the host level you are going to suffer quickly.

Re:Electronic voting, yes! Online voting, no! (4, Insightful)

dkleinsc (563838) | about 4 years ago | (#33803458)

Voting machines should definitely be electronic.

Why? What exactly do electronic voting machines give you that, say, an optical scan paper ballot doesn't? Electronic voting has more often than not been a solution in search of a problem.

Re:Electronic voting, yes! Online voting, no! (0)

Anonymous Coward | about 4 years ago | (#33803662)

Allow me to lessen your ignorance. Paper ballots have at a minimum the following issues:

1. Paper ballots are ambiguous. Just review the recent Minnesota senatorial election (Franken/Coleman).
2. Paper ballots allow over-voting errors.
3. Visually impaired voters can not vote without assistance on paper ballots.

Re:Electronic voting, yes! Online voting, no! (1)

BadAnalogyGuy (945258) | about 4 years ago | (#33804036)

Less waste. Even if you were to print out receipts and keep a running log, it would still be much less wasted paper (and all the resources necessary to produce it) using electronic voting machines.

Immediate results. Even assuming the necessity of an audit, the paper log can be scanned many times faster than hand-fed ballots.

Accurate results. This is strangely a problem for electronic machines, but theoretically they should be able to give you an exact count without error. No lost ballots. No forgotten ballot boxes. No hanging chads.

Ease of use. Granted, this is always going to be a problem for most people. However, with an electronic voting machine, you can include such things as candidate-submitted photos to use on the touch screen as well as larger buttons and text for the sight-impaired. A short description or full text of referendums and initiatives could also be displayed.

Reusability. The machines could be reprogrammed each election with the updated candidates and initiative information.

It's okay, that election doesn't count anyway (0, Offtopic)

Anonymous Coward | about 4 years ago | (#33801610)

DC elections are decided in the Democratic primary.

Re:It's okay, that election doesn't count anyway (1)

gmhowell (26755) | about 4 years ago | (#33803632)

DC elections are decided in the Democratic primary.

And since the city council has limited power and their representative in Congress has no vote, it's a moot point anyway.

Unfortunately, (0)

Anonymous Coward | about 4 years ago | (#33801624)

This will just be used by The Powers That Be as further evidence that the current system of notoriously shady Diebold voting machines is the Best Alternative and ensure that election results can only be hacked by Rich White Men.

Inline PDF forms!?! (5, Insightful)

dgatwood (11270) | about 4 years ago | (#33801714)

One of the articles mentioned that some browsers submitted blank forms because they don't support inline PDF forms. Who, exactly, thought that using PDF was a good idea? The whole point of the web is that it provides layout standards. Why even bother using a web browser if you're just going to try to hack around it by using a completely different content format, PDF, shoved in using browser plug-ins. It might has well have been Flash. Use the web or do not. There is no halfway.

And of course, their servers were obviously insecure, as evidenced by someone managing to alter content on the servers.

What does all this tell us? Well, it tells us that:

  • For anything approaching secure content delivery, the actual content (the HTML pages, the javascript files, etc.) must be signed prior to installation on the servers, not signed by the servers that provide it.
  • Web-based clients lack the infrastructure to verify signatures on the content itself except for the signatures provided by the servers.
  • Web-based clients are therefore inherently insecure.

Not that this shouldn't have been anything less than obvious to anyone with even a basic understanding of computer security.... Real secure networks built on top of HTTP use client applications that verify signatures on the content that the servers provide, ensuring that it is legitimate before acting on it. This also, of course, requires that people obtain the client software in a secure fashion, which is a problem in and of itself, in much the same way that obtaining the client on-the-fly from a web server is a problem, and for precisely the same reason.

Re:Inline PDF forms!?! (1)

dgatwood (11270) | about 4 years ago | (#33801732)

Err.. it might as well have been Flash. Stupid typos.

Re:Inline PDF forms!?! (2, Informative)

Jah-Wren Ryel (80510) | about 4 years ago | (#33801924)

And of course, their servers were obviously insecure, as evidenced by someone managing to alter content on the servers.

Bad sign that what with the fact that one of the OSDV directors, also its nominal CTO [osdv.org] sells himself as a security consultant. [sebes.com]

Re:Inline PDF forms!?! (5, Insightful)

guanxi (216397) | about 4 years ago | (#33803210)

Web-based clients are therefore inherently insecure.

Web-based clients are insecure simply because you don't have physical control over them. You don't control the network, the routers, or the client machine. Give me (or some malware author) the client machine, and who cares what you signed on the server or how?

Imagine this: You're a security consultant. A client says: Secure this system, it can change the course of U.S. history (so it has a little value). And by the way, the system extends to 150 million clients running every kind of hardware, software, and configuration imaginable, maybe 25% of which are infected with malware, and to which we have no access and over which we have no control. Oh yeah, and any computer on earth could be a vector of attack and everything from foreign intelligence agencies to corrupt politicians to radical political groups to greedy businesses might have a motive.

Why are we even discussing this as a possibility?

Re:Inline PDF forms!?! (1)

Lehk228 (705449) | about 4 years ago | (#33803774)

that's an easy problem, beat the tar out of him with a large trout, then go home.

Re:Inline PDF forms!?! (1)

dgatwood (11270) | about 4 years ago | (#33803794)

The difference is that if somebody hijacks the client's machine, that person's ballot might be forged. If somebody hijacks the servers, everyone's ballots might be forged. Also, a properly written (non-web) client can take a lot of steps to secure itself from malware corrupting the results, starting with not allowing keyboard input, using positional randomization to thwart any preprogrammed click event modification, and having dozens of internal consistency checks throughout the code to detect tampering, ending by sending a complete memory image of the process address space (instead of just sending the result data), signed with the user's key and letting the remote end do a final verification and throwing out any results from altered executables. Foolproof, no, but orders of magnitude harder to compromise than even the best web clients (which are inherently a joke, security-wise).

Of course, to be secure, we would need a national public key infrastructure in which people could preregister their public keys used for signing the ballots... the lack of which is just one of the many reasons that vote-by-electronic-ballot isn't going to be all that secure. On the flip side, neither is vote-by-mail. Someone could easily tamper with the ballot or even intercept it, fill it out, and send it in, and many people would never even notice. And since they're sent out on the same day... a guy with a pickup truck driving from mailbox to mailbox is really not that improbable an attack vector.

Re:Inline PDF forms!?! (1)

guanxi (216397) | about 4 years ago | (#33804240)

The difference is that if somebody hijacks the client's machine, that person's ballot might be forged. If somebody hijacks the servers, everyone's ballots might be forged.

It's not hard to imagine an automated attack on a very large number of client machines. And in addition to forging, we risk the confidentiality of the ballots.

I agree security could be improved, but it's a valuable target on a ridiculous distributed system; it seems like a long shot that security will ever be sufficient. A large scale attack on paper ballots is much more expensive ... though there are always the scanning machines, tabulators, etc. ... I think we're going to need to vote at live meetings and count them right there.

Foreign influence. (0)

Anonymous Coward | about 4 years ago | (#33801974)

How many of our brethrean like to voice their opinion? I appreciate the voice. No wonder suspended. Though we do want a mass vote. I tell ye. Mass vote is in. Let's do it let's do it secure and singular.

Oblig (-1, Flamebait)

RockMFR (1022315) | about 4 years ago | (#33801988)

Fuck Michigan

Re:Oblig (0)

Anonymous Coward | about 4 years ago | (#33804344)

Yeah? Fuck Ohio State -USC Fan

Conspiracy? (2, Insightful)

supernatendo (1523947) | about 4 years ago | (#33802098)

I find it scary that at the same time as trying to make it unlawful to use encryption that the government doesn't have a "backdoor" into, they are also trying to push "secure" internet voting. Goodbye democracy, we hardly knew you...

Re:Conspiracy? (0)

Anonymous Coward | about 4 years ago | (#33803382)

I find it odd that everyone is focusing on the addition of the U of M fight song, and no one is reporting on how the hack replaced all the votes with its own (according to some of the people involved).

GNU Free (5, Informative)

Albanach (527650) | about 4 years ago | (#33802114)

Many years ago there was a GNU project to create an online secure voting software. It's a great idea.

In 2002, they finally stopped development. They explain why here: http://www.gnu.org/software/free/ [gnu.org]

Quoting from that page:

"As Bruce Schneier points out "a secure Internet voting system is theoretically possible, but it would be the first secure networked application ever created in the history of computers."

and...

"Mr.Schneier points out, 'building a secure Internet-based voting system is a very hard problem, harder than all the other computer security problems we've attempted and failed at. I believe that the risks to democacy are too great to attempt it.'"

I think anyone wanting to build a secure online voting system should give those quotes some really serious thought before starting. Then before they write any code, they should be to explain why they believe they are right and one of the field's most respected experts is wrong.

Re:GNU Free (0)

Anonymous Coward | about 4 years ago | (#33802520)

It wouldn't be hard if every voter had a secure hardware token (eg. smartcard). These can be cryptographically proven and provide some level of hardware protection (PIN code or whatever).

Re:GNU Free (1)

zoom-ping (905112) | about 4 years ago | (#33802748)

Has been done already. [wikimedia.org]

Re:GNU Free (2, Insightful)

Albanach (527650) | about 4 years ago | (#33803186)

They could also be collected by political parties from voters through theft, bribery or coercion then used to cast multiple votes.

Re:GNU Free (2, Insightful)

Albanach (527650) | about 4 years ago | (#33803328)

It wouldn't be hard

It's thoughts like those that land coders in trouble.

We have an expert on the record saying it's very very hard, and an AC posting saying the opposite. Who to trust???

What if there's a flaw in the smart card hardware that allowed votes cast to be transmitted differently? What if the master key were to be exposed and someone launched a MITM attack? What if there's an exploitable flaw in the operating system of the server collecting or collating the votes?

You have a solution to just one tiny part of the giant jigsaw puzzle. Still think it wouldn't be hard?

Re:GNU Free (1)

Lehk228 (705449) | about 4 years ago | (#33803798)

that would tie the voter to the vote, exactly what we are trying to avoid, and exactly what makes such a system the next best thing to completely impossible

Re:GNU Free (0)

Anonymous Coward | about 4 years ago | (#33804370)

We don't have a democracy, we have a republic. ..and a republic isn't good enough for me. I don't trust anybody to vote the way I want them to on my issues. Get them the **** out of my way.

Welp (2, Insightful)

Frogbert (589961) | about 4 years ago | (#33802132)

I suppose its a good thing they tested the system.

Isn't this the type of thing testing is supposed to identify?

Sad yankee system (3, Insightful)

iris-n (1276146) | about 4 years ago | (#33802208)

Has anybody the comments section in the Washington Post website? It is disgusting to see how much hatred and ignorance is going on there. I hope they're not a representative sample of the USian population.

Meanwhile, in Brasil, we just had a presidential and local election. About 100 million people voting, in an all-electronic process. There were no reports of fraud whatsoever, and the election results were available just 2 hours after the polling stations closed.

Can't the US do better? Your voting system is just laughable.

Re:Sad yankee system (2, Insightful)

Tanman (90298) | about 4 years ago | (#33802470)

We are doing better.

If you take the viewpoint of The Man.

Re:Sad yankee system (0)

Anonymous Coward | about 4 years ago | (#33803028)

RTFA. This isn't about electronic voting machines, this is about voting absentee over the internet. Also, Brazil's governmental corruption is far more severe and systemic than the USA's. The election wasn't even really a competition, more like a coronation of da Silva's hand picked successor. At least here we try to mask our corruption and graft.

Re:Sad yankee system (0)

Anonymous Coward | about 4 years ago | (#33803152)

Meanwhile, in Brasil, we just had a presidential and local election. About 100 million people voting, in an all-electronic process. There were no reports of fraud whatsoever, and the election results were available just 2 hours after the polling stations closed. Can't the US do better? Your voting system is just laughable.

Unfortunately, all of the German scientists from WWII are now dead; the veneer of technological supiority is lost.

Re:Sad yankee system (4, Insightful)

YrWrstNtmr (564987) | about 4 years ago | (#33803256)

There were no reports of fraud whatsoever

Indeed.

Re:Sad yankee system (1)

iris-n (1276146) | about 4 years ago | (#33804274)

Mind you, it is very hard to rig an election without raising any suspicion whatsoever. Actually, plenty of time there's suspicion even when no one is trying to rig the election.

If you grant that the bralisians aren't dumber than USians, no report of fraud indicates less fraud than actual reports of fraud. Which you have.

Re:Sad yankee system (1)

iris-n (1276146) | about 4 years ago | (#33804282)

Actually, I do know of an example in the 60's where the military tried to rig a regional election. They failed miserably.

Re:Sad yankee system (0)

Anonymous Coward | about 4 years ago | (#33803598)

Brazil is about 15 years ahead of the rest of the world in electronic voting. So... rub it in why don't you.

Re:Sad yankee system (-1, Offtopic)

Anonymous Coward | about 4 years ago | (#33804354)

@Anonymous\ Coward #brazil is also 15 years ahead of the rest of the world in #pussy #trimming

Re:Sad yankee system (1)

M. Baranczak (726671) | about 4 years ago | (#33803656)

Keep in mind that this was a test of a voting system, it never actually made it into official use.

Re:Sad yankee system (1)

iris-n (1276146) | about 4 years ago | (#33804248)

I'm aware of that, I RTFS. A good test, btw, I find it surprising that the government would want to make it.

I'm talking about the existing voting system of the US; it is inconsistent, archaic, slow, and every now and then there's a report of fraud.

Re:Sad yankee system (1)

Low Ranked Craig (1327799) | about 4 years ago | (#33804402)

Anytime there's a close election there's a report of fraud. It's kind of like companies suing other companies - if they can't win in the market place the other guy must be cheating. Don't confuse reports of fraud with actual fraud. I'm not saying there isn't fraud, statistically I think is must exist to an extent in any election. I'm just saying that it's likely not at all as bad as it sounds from the media reports.

Likewise, one should not assume that because there are no reports of fraud that there is no fraud.

online voteing just makes it so the boss can force (1)

Joe The Dragon (967727) | about 4 years ago | (#33802268)

online voteing just makes it so the boss can force you to vote his way or you can lose your job.

Re:online voteing just makes it so the boss can fo (1)

shoehornjob (1632387) | about 4 years ago | (#33802740)

Sorry I'm not following here. If the man can't see your votes while you are behind the curtain how is he going to know when you send your vote in from home.

Re:online voteing just makes it so the boss can fo (1)

Chris Mattern (191822) | about 4 years ago | (#33803180)

If you *have* to make your vote behind a private curtain, the man can't see it. If you can make your vote from any internet connection, then the man can use his power to insist that you vote while he watches.

Yes, this applies to absentee balloting as well. That's why absentee balloting *used* to be controlled with the voter needing to demonstrate a need for it before being allowed an absentee ballot, and why it disturbs me that it is now generally allowed without any controls at all.

Re:online voteing just makes it so the boss can fo (1)

damonlab (931917) | about 4 years ago | (#33804054)

I tried to get an absentee ballot in Michigan so I could avoid going to the polls. I read the fine print and the restrictions made it so that I would have to perjure myself to do so. I opted not to get an absentee because of that.

Failure Now = Failed Design (0)

Anonymous Coward | about 4 years ago | (#33802286)

The failure of the system now indicates fatal flaws in the design and testing process. Although the current vulnerabilities might be patched there are probably many more. They need to learn from NASA about software design (read Feynman's comments about NASA software design in the Challenger report).

The Victors (0)

Anonymous Coward | about 4 years ago | (#33802552)

Every time someone refers to "The Victors" as "Hail to the Victors" I die a little inside.

Good work. Go Blue!
~MMB '01-'05

Re:The Victors (1)

germansausage (682057) | about 4 years ago | (#33803142)

I feel the same way when someone calls "Whiskey in the Jar" Whiskey in the Jar-oh" (I blame Metallica).

Re:The Victors (2, Funny)

pipedwho (1174327) | about 4 years ago | (#33803958)

And I too die a little whenever I see Jar used twice in the same sentence. I die a lot when George Lucas does it.

Seems like (1)

shoehornjob (1632387) | about 4 years ago | (#33802714)

They need to pay more attention to that crack problem and spend less money on frivolity like evoting systems. Evoting is a great idea but voter turnout has been less than stellar since I can remember so what are we really hoping acomplish here?

Appropriate slogan (1)

ebcdic (39948) | about 4 years ago | (#33802828)

I see the OSDV Foundation's slogan is "Re-inventing How America Votes".

300,000 tax dollars (1)

RingDev (879105) | about 4 years ago | (#33803270)

Really? We're going to blow over a quarter of a million dollars in tax money on a project damn near every IT pro in the US can say "This is a bad idea". Where we've already seen horrendous results from states and local municipalities trying ot impliment digital voting. Really? There was nothing better to spend $300,000 on? No other small business grants that could have been funded? No research grants? Nothing?

I mean, it's not a huge amount of money, when compared to the scope of the budget. But it is could have been a huge amount of money for a few start ups, small businesses, or researchers.

-Rick

I can do everything else online. (4, Insightful)

Anonymous Coward | about 4 years ago | (#33803554)

I can check my bank accounts online.
I can pay my bills online.
I can order almost anything imaginable online.
I can participate in auctions online.
I can date online.
I can gamble online.
I can see my credit reports online.
I can file my taxes online.

Why is voting so different?

Re:I can do everything else online. (4, Insightful)

mhotchin (791085) | about 4 years ago | (#33804174)

Because these other endevours do not require anonymity.

Voter coersion is a real problem.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?