Ballot Protection
Results 1 to 10 of 10

Thread: Ballot Protection

  1. #1
    Member
    Join Date
    Sep 2004
    Posts
    79

    Ballot Protection

    What's your two cents on ballot protection?

    What are some ways hackers can modify or read a ballot when it is on a server, in transit or on a browser?

    If, hypothetically, the browser you are using is incapable of cryptography how would you add security to a voting system? What if the browser had cryptographic capabilities?

    Do you think voted ballot systems are a good idea?

  2. #2
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    Many other nations have successfully utilized Electronic Ballots for a long time now. We seem to be the ones who are slow to change. It would appear Diebold has the U. S. monopoly game under control for the time being.

    What leads you to belief browsers are being used?

    AFAIK, You would still have to take a trip to the polls. I really doubt if they would let you telnet in to vote
    Connection refused, try again later.

  3. #3
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    are you talking about official elections (like president, vp, etc.) or online voting like for favorite song, or for random awards?

    Official elections I think can eb trusted to electronics if the proper precausions are taken. But they could not be online, that leaves far to many things open for exploitation. But it would also need physical protection for the counting machine, and the human factor is still in effect, and that is probably the most insecure factor.

    for online voting, things like that have been exploited alot in the past, wheter it be from people writing scripts to cast the vote they want over and over again on the web page, to just "hacking" the page and running up their count. as is many ballots you see online are fixed by the owners to show higher turnouts, so for every say 2 votes real people cast maybe 3 or 5 will go in. so if someone were to alter this code to make their choice have a multiplier of more than the base one that is set, the election would have a very unfair edge towards one choice.
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  4. #4
    Member
    Join Date
    Sep 2004
    Posts
    79
    Didn't Diebold give President Bush $100,000 towards his last election campaign? Coincodence?

    Ans yes, I'm talking about ballot systems on a presidential level. I imagine you do have to go to voting stations to use an electronic ballot system however if ever feasible through a web browswer what inherent problems do you think the government will face?

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    I imagine you do have to go to voting stations to use an electronic ballot system however if ever feasible through a web browswer what inherent problems do you think the government will face?
    They've tried it here in Toronto for a couple of municipal elections (mayors and such) and IIRC, there was some "issues" with it (e.g., dead people voting and those told they could vote then being told they cannot because they already voted?!). The "dead people voting" is an old issue and seems to happen regardless of voting method used.

    I suspect, however, that online, remote voting may not be feasible -- yet. The biggest issue isn't fraud or "hacking" but rather proof. As highlighted in this article:

    "From the voters' point of view, (people) weren't concerned about security" of voting online, Froman said. Rather, he said, the administrators of Internet voting were worried that the real voter may in fact not be casting a ballot.
    To me, that's more of a critical issue -- proof of who's voting. It's hard to prove who is who online. We have some mechanisms in the "off line" world with passports, driver's licenses and such (not perfect since they can be forged but that requires a little more work).


    More articles on Markham's results:

    http://www.ctv.ca/servlet/ArticleNew...7/?hub=SciTech
    http://www.************.com/p/articl...01/ai_n9385463
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  6. #6
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Hmmmmmmmm............

    OK, the politix is easy...........you vote for me or you made a mistake, which "the system" will correct for you

    Sure, that seems like a facetious or supercillious comment...........but what is to stop it happening?

    I think that Soma56 has raised a very pertinent security issue here?

    I guess you need to think about batch procesing v. trickle feed here?

    I must go and think about it some more

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  7. #7
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    you vote for me or you made a mistake, which "the system" will correct for you
    Didn't that happen on the last US election? There were some reports (rumors?) of users trying to select one candidate or the other and it selected the opposition and there was no method of correction (e.g., you voted for Kerry and the vote ended up for Bush and vice versa). (see this AO Thread). The screen was made far too senstive, IMO, and the slightest movement caused the machine to vote for the user (I've run into a similar instance with my stupid laptop's touch pad when typing responses -- if I run my hand too close to it, it moves the cursor location).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  8. #8
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Well, I think one thing to consider is a layered defense (duh, here's the corporate security dude again, can't you tell from my lingo? )

    #1 No remote voting yet, until Authentication is a much more widely understood and accepted idea. I'd be frightened that someone would vote in my name before I voted.

    #2 No networking involved. Period. DVD-/+R holds a lot of data...particularly dual-layer. If the results are saved in plain text and compressed/encrypted, you can store one HELLUVA lot of information there. You can also make multiple copies and save them in different locations, to prevent 'accidents' from losing votes.

    #3 Cryptography can be used to protect the data if one is concerned about it's contents being visible by anyone beside your vote counting authority.

    #4 Hashing would be essential to prevent forging/altering the contents, basically for non-repudiation.

    The other problems mentioned, voting-from-beyond-the-grave, authentication, and validation...those are problems with the system above and beyond the polling device itself and the collection of votes. Technology for the polling/ballot medium won't fix those issues.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  9. #9
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    zen, you forgot auditing (which is one of the criticisms of the recent vote). There is no way to verify things. I can alter info before it gets to a DVD or a machine can crash before everything is written. Some form of logging/auditing of transactions would be useful, I would think.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  10. #10
    ********** |ceWriterguy
    Join Date
    Aug 2004
    Posts
    1,608
    Back when the US Pres election was in full bore this was kicked around a bit - I posted this then, and am reposting it now, worded a bit differently:

    If I were the guy who wrote the original program for a balloting machine, I'd set up ifchecks within the system so that my political party would always win. Something to the effect of 'democrat votes == dem, republican votes == rep, if dem>rep, rep = rep +1000, then redo the if'

    Folks, nobody is going to dispute the integrity of a machine. Folks always assume the machine is telling the truth - if it's programmed to lie, it's very difficult to prove that lie... Even if we ran a paper ballot alongside the corrupt computerized one, it'd be *impossible* to tabulate and compare the physical ballots with the electronic ones. There would always be a discrepancy.
    Even a broken watch is correct twice a day.

    Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides