February 26th, 2005, 06:42 PM
What's your two cents on ballot protection?
What are some ways hackers can modify or read a ballot when it is on a server, in transit or on a browser?
If, hypothetically, the browser you are using is incapable of cryptography how would you add security to a voting system? What if the browser had cryptographic capabilities?
Do you think voted ballot systems are a good idea?
February 26th, 2005, 11:53 PM
Many other nations have successfully utilized Electronic Ballots for a long time now. We seem to be the ones who are slow to change. It would appear Diebold has the U. S. monopoly game under control for the time being.
What leads you to belief browsers are being used?
AFAIK, You would still have to take a trip to the polls. I really doubt if they would let you telnet in to vote
Connection refused, try again later.
February 27th, 2005, 01:35 AM
are you talking about official elections (like president, vp, etc.) or online voting like for favorite song, or for random awards?
Official elections I think can eb trusted to electronics if the proper precausions are taken. But they could not be online, that leaves far to many things open for exploitation. But it would also need physical protection for the counting machine, and the human factor is still in effect, and that is probably the most insecure factor.
for online voting, things like that have been exploited alot in the past, wheter it be from people writing scripts to cast the vote they want over and over again on the web page, to just "hacking" the page and running up their count. as is many ballots you see online are fixed by the owners to show higher turnouts, so for every say 2 votes real people cast maybe 3 or 5 will go in. so if someone were to alter this code to make their choice have a multiplier of more than the base one that is set, the election would have a very unfair edge towards one choice.
February 27th, 2005, 01:59 PM
Didn't Diebold give President Bush $100,000 towards his last election campaign? Coincodence?
Ans yes, I'm talking about ballot systems on a presidential level. I imagine you do have to go to voting stations to use an electronic ballot system however if ever feasible through a web browswer what inherent problems do you think the government will face?
February 27th, 2005, 02:07 PM
They've tried it here in Toronto for a couple of municipal elections (mayors and such) and IIRC, there was some "issues" with it (e.g., dead people voting and those told they could vote then being told they cannot because they already voted?!). The "dead people voting" is an old issue and seems to happen regardless of voting method used.
I imagine you do have to go to voting stations to use an electronic ballot system however if ever feasible through a web browswer what inherent problems do you think the government will face?
I suspect, however, that online, remote voting may not be feasible -- yet. The biggest issue isn't fraud or "hacking" but rather proof. As highlighted in this article:
To me, that's more of a critical issue -- proof of who's voting. It's hard to prove who is who online. We have some mechanisms in the "off line" world with passports, driver's licenses and such (not perfect since they can be forged but that requires a little more work).
"From the voters' point of view, (people) weren't concerned about security" of voting online, Froman said. Rather, he said, the administrators of Internet voting were worried that the real voter may in fact not be casting a ballot.
More articles on Markham's results:
February 27th, 2005, 02:18 PM
OK, the politix is easy...........you vote for me or you made a mistake, which "the system" will correct for you
Sure, that seems like a facetious or supercillious comment...........but what is to stop it happening?
I think that Soma56 has raised a very pertinent security issue here?
I guess you need to think about batch procesing v. trickle feed here?
I must go and think about it some more
February 27th, 2005, 02:23 PM
Didn't that happen on the last US election? There were some reports (rumors?) of users trying to select one candidate or the other and it selected the opposition and there was no method of correction (e.g., you voted for Kerry and the vote ended up for Bush and vice versa). (see this AO Thread). The screen was made far too senstive, IMO, and the slightest movement caused the machine to vote for the user (I've run into a similar instance with my stupid laptop's touch pad when typing responses -- if I run my hand too close to it, it moves the cursor location).
you vote for me or you made a mistake, which "the system" will correct for you
February 27th, 2005, 02:30 PM
Well, I think one thing to consider is a layered defense (duh, here's the corporate security dude again, can't you tell from my lingo? )
#1 No remote voting yet, until Authentication is a much more widely understood and accepted idea. I'd be frightened that someone would vote in my name before I voted.
#2 No networking involved. Period. DVD-/+R holds a lot of data...particularly dual-layer. If the results are saved in plain text and compressed/encrypted, you can store one HELLUVA lot of information there. You can also make multiple copies and save them in different locations, to prevent 'accidents' from losing votes.
#3 Cryptography can be used to protect the data if one is concerned about it's contents being visible by anyone beside your vote counting authority.
#4 Hashing would be essential to prevent forging/altering the contents, basically for non-repudiation.
The other problems mentioned, voting-from-beyond-the-grave, authentication, and validation...those are problems with the system above and beyond the polling device itself and the collection of votes. Technology for the polling/ballot medium won't fix those issues.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
February 27th, 2005, 02:33 PM
zen, you forgot auditing (which is one of the criticisms of the recent vote). There is no way to verify things. I can alter info before it gets to a DVD or a machine can crash before everything is written. Some form of logging/auditing of transactions would be useful, I would think.
February 27th, 2005, 06:01 PM
Back when the US Pres election was in full bore this was kicked around a bit - I posted this then, and am reposting it now, worded a bit differently:
If I were the guy who wrote the original program for a balloting machine, I'd set up ifchecks within the system so that my political party would always win. Something to the effect of 'democrat votes == dem, republican votes == rep, if dem>rep, rep = rep +1000, then redo the if'
Folks, nobody is going to dispute the integrity of a machine. Folks always assume the machine is telling the truth - if it's programmed to lie, it's very difficult to prove that lie... Even if we ran a paper ballot alongside the corrupt computerized one, it'd be *impossible* to tabulate and compare the physical ballots with the electronic ones. There would always be a discrepancy.
Even a broken watch is correct twice a day.
Which coder said that nobody could outcode Microsoft in their own OS? Write a bit and make a fortune!