Washington DC Pulls Down Internet Voting Trial After Hackers Program It To Play UMich Fight Song

from the usability-issues dept

There are many who believe that there is simply no secure and safe way to conduct voting over the internet. However, it hasn't stopped the government from trying. Washington DC was getting ready to test an internet voting initiative for overseas soldiers, when the system was pulled down last week initially claiming "usability issues," and then saying that they shut it down to "to incorporate feedback received from the testing community." You see, it turned out that the testing community included a professor at University of Michigan who "unleashed" his students on the system, and it didn't take them long to set it up so that, every time you voted, the University of Michigan fight song, "Hail to the Victors," played. Oddly, no one names the Michigan professor, but it seems likely that it was Alex Halderman, who has long been closely associated with various e-voting security issues. In the meantime, it appears that DC will not be allowing internet voting for the upcoming elections...
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: alex halderman, e-voting, online voting, university of michigan, washington dc


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Robert Ring (profile), 5 Oct 2010 @ 9:54am

    "a professor at University of Michigan who "unleashed" his students on the system"

    Mike, are you sure it wasn't you unleashing your own legion of hackers? Be honest.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Oct 2010 @ 9:59am

    Bo Schembechler returns...

    ...from the grave to win again!

    M GO BLUE!

    LOL.

    link to this | view in chronology ]

  • icon
    Crosbie Fitch (profile), 5 Oct 2010 @ 10:02am

    Possible, but intolerable

    It is possible to develop a "secure and safe way to conduct voting over the internet".

    Unfortunately, no government would permit such a 'dangerous' system to get started, let alone exist.

    link to this | view in chronology ]

    • icon
      Hulser (profile), 5 Oct 2010 @ 10:35am

      Re: Possible, but intolerable

      Unfortunately, no government would permit such a 'dangerous' system to get started, let alone exist.

      So, you have dangerous in quotes so you must think that e-voting not dangerous. Else why put it in quotes? But your post title says that it's intolerable. E-voting is not dangerous, but it's intolerable? Maybe you meant that it's intolerable to the government, not the people. But then you say that no government would permit e-voting. But the story is about a government that implemented e-voting, so that wouldn't make any sense. Maybe you meant that no government would permit secure and safe e-voting. But this would mean that the government wanted their e-voting system to get hacked. What, so they can discredit e-voting by setting up a system that gets hacked and they're willing to look like idiots to achieve their ends? Wait, maybe you meant that e-voting would be intolerable to the people. Wait, that makes no sense either. Oh well. I give up.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 5 Oct 2010 @ 10:41am

        Re: Re: Possible, but intolerable

        You are 'not' dumb.

        link to this | view in chronology ]

      • icon
        :Lobo Santo (profile), 5 Oct 2010 @ 10:42am

        Re: Re: Possible, but intolerable

        :eye-roll:
        True democracy is a danger to all governments; as a government's stock-in-trade is quid pro quo and democracy lip-service.

        link to this | view in chronology ]

      • icon
        taoareyou (profile), 5 Oct 2010 @ 10:44am

        Re: Re: Possible, but intolerable

        Perhaps he means that, assuming all governments are by nature corrupt and deceptive:

        Any perfectly secure e-voting would also be secure from government tampering, thus prevent any fixing of results and thus be unacceptable by the government.

        Any e-voting system accepted by the government would not be secure from government tampering, and thus be intolerable to the voters.

        link to this | view in chronology ]

        • icon
          Hulser (profile), 5 Oct 2010 @ 10:56am

          Re: Re: Re: Possible, but intolerable

          Any perfectly secure e-voting would also be secure from government tampering, thus prevent any fixing of results and thus be unacceptable by the government.

          Right, but the point I was trying to make is that if the government really didn't want secure and safe e-voting (becuase they couldn't tamper with the results), then the easiest option would be to simply not implement e-voting. All they'd have to do is play to the fear of the American public of insecurity on the Internet and that would be that. No more talk of all this "danerous" e-voting nonsense. So, the other option is that they want insecure and unsafe e-voting (but that it appears secure and safe) so that they can tamper with the results. Which I think is a ridiculous position. It's a far simpler and more likely explanation that they have good intentions and are just incompitant. "Never attribute to malice that which can be adequately explained by stupidity."

          link to this | view in chronology ]

          • icon
            Dark Helmet (profile), 5 Oct 2010 @ 11:01am

            Re: Re: Re: Re: Possible, but intolerable

            ....why do you think it's more likely that a politician has "good" intentions? I have seen no evidence that this is generally the case with regard to anything politicians do....

            link to this | view in chronology ]

            • icon
              Hulser (profile), 5 Oct 2010 @ 11:21am

              Re: Re: Re: Re: Re: Possible, but intolerable

              ....why do you think it's more likely that a politician has "good" intentions?

              OK, here's my take on this. I think that the politician who goes into politics for outright corrupt reasons is in the minority. What's far more likely is that they go into politics with good intentions and end up getting corrupted. One form of corruption is the daily horse trading of politics; I vote for your bill even though I morally disagree with it in exchange for your promise of a vote (most likely for something that you morally disagree with). Over time, you're so used to playing fast and loose with your moral convictions, you don't even think that what you're doing is wrong any more. But here's the key. Even the self-deluded have good intentions. They think that the best way to achieve their objectives is to sell their soul.

              I'm not some wide-eyed optimist who thinks that it's all sweetness and light in Washington. There are plenty of politicians out there who just want to game the system to get as much power, money, drugs, and sex as they can handle. But I do think that they are the minority. Most are stupid, ignorant, and self-deluded, but not evil. I honestly believe in the "Never attribute to malice that which can be adequately explained by stupidity." quote.

              This is why I think that the implication of Mr. Fitch's post -- that there's some government conspiracy to discredit e-voting -- is almost certainly wrong.

              link to this | view in chronology ]

              • icon
                Dark Helmet (profile), 5 Oct 2010 @ 11:56am

                Re: Re: Re: Re: Re: Re: Possible, but intolerable

                Perhaps this incomplete but decent history of the way electoral fraud has been used by both parties in presidential elections will help bring you along:

                http://rangevoting.org/PresFraud.html

                Don't kid yourself. Initial aspirations notwithstanding, electoral fraud has been a huge factor in US history since the World Wars. To pretend otherwise is silly.

                The question is, since we know that there is unquestionably a powerful subsect of our country through which major political candidates must be vetted to have any chance in Washington, do those in power have an interest in making sure that the will of all the people of our country can be faithfully affected.

                Personally, when surveying the history of electoral fraud and examining the effects true democracy would have on the power bases of this country, I can't see how the answer would be yes....

                link to this | view in chronology ]

          • identicon
            Anonymous Coward, 5 Oct 2010 @ 11:03am

            Re: Re: Re: Re: Possible, but intolerable

            It's probably easier to rig voting machines from a distance and claim it's a bug if you're caught than physically cheat when counting ballots, what with all the witnesses and protocol...

            link to this | view in chronology ]

            • icon
              Hulser (profile), 5 Oct 2010 @ 11:27am

              Re: Re: Re: Re: Re: Possible, but intolerable

              It's probably easier to rig voting machines from a distance and claim it's a bug if you're caught than physically cheat when counting ballots, what with all the witnesses and protocol...

              Your point would have more impact if most computer systems worked perfectly according to specificiations and met all user expectations. I can assure you that this is not the case. The fact that e-voting system have the same problems that almost all systems have isn't a sign of a conspiracy; it just means that a human was involved in its creation.

              link to this | view in chronology ]

        • icon
          A Dan (profile), 5 Oct 2010 @ 10:56am

          Re: Re: Re: Possible, but intolerable

          With a sufficiently "secure and safe" at-home voting service, you could move toward replacing some representative positions with direct democracy. They don't want that. Also, it starts to eliminate the excuse for voting districts, which are carefully chosen to protect the status quo.

          link to this | view in chronology ]

          • icon
            Hulser (profile), 5 Oct 2010 @ 11:07am

            Re: Re: Re: Re: Possible, but intolerable

            With a sufficiently "secure and safe" at-home voting service, you could move toward replacing some representative positions with direct democracy.

            Well, if by "some representative positions" you mean members of Congress, I don't think that would be a good idea. You could, but the representative Democracy we have in America works because it's a relatively good balance between mob rule and authoritarianism. In other words, a representative government is not a good idea because it solves the problem of people traveling long distances to vote; it's a good idea because it's a good idea. Sure, there could be some tweaks to improve things, but the system tends to work. Maybe as well as any human organization that big can work.

            link to this | view in chronology ]

      • icon
        Hulser (profile), 5 Oct 2010 @ 10:46am

        Re: Re: Possible, but intolerable

        Oooh! I got it. You think that the government thinks that e-voting is dangerous and they wouldn't tolerate it. No, that can't be it either because we're back to the fact that they actually put in place an e-voting scheme, which they clearly wouldn't do if they thought it was dangerous and intolerable. That is, unless I was right that you think it's part of a conspiracy to discredit e-voting machines by the governement. But that would mean the government is smart and capable enough to pull off a conspiracy like this, which clearly doesn't make any sense either. Nope, I'm back to giving up.

        link to this | view in chronology ]

    • icon
      Crosbie Fitch (profile), 5 Oct 2010 @ 11:31am

      Re: Possible, but intolerable

      Some commenters understood my comment quite sufficiently.

      A voting system that is secure from tampering/fixing/tracing is not really desired by the state. They just want a system that is secure from everyone APART from a few 'authorities' trusted by the state.

      A voting system that is safe for the voter (from persecution/coercion) means the voter is safe from the government. No, the state just wants a system that the voter will feel safe using.

      A voting system that is transparently secure, safe and assured to be a true vote of the participants is dangerous to any state that would remain in power.

      However, a voting system that is so efficient/economic it can be used not just to elect the people's representatives, but also to conduct instant referenda on almost any issue or decision risks descending government into mobocracy/demagoguery rather than scrupulous protection of individuals' natural rights.

      It's one thing to get a tamper-free multiple choice answer from the populace. It's another thing to make intelligent and conscientious decisions regarding use of tax and making of ethical laws.

      It's quite easy to rouse the mob into executing anyone suspected of paedophilia, witchcraft, terrorism, communism, Judaism, file sharing, etc. Not least, invading any country they fancy. And if the mob don't fancy invading anyone, explode a bomb somewhere and blame it on the enemy.

      Even given perfect voting technology, big problems remain.

      link to this | view in chronology ]

      • icon
        Hulser (profile), 5 Oct 2010 @ 11:51am

        Re: Re: Possible, but intolerable

        A voting system that is transparently secure, safe and assured to be a true vote of the participants is dangerous to any state that would remain in power.

        I understand this point. But what I was trying to do, in my sarcastic way, was to point out that your assertion seems to conflict with the facts. The only way that I can see that you can reconcile your assertion that the government thinks that e-voting is dangerous and intolerable with the fact that they already implement all kinds of e-voting schemes is to resort to conspiracy theory.

        OK, so the government doesn't want safe and secure e-voting, but they do want unsafe and insecure voting so that they can tamper with the results? I think you're giving the government much more credit that it deserves. As I've mentioned in other replies, I think it's much more likely that the cause of the problems with e-voting is due to simple incompetence and pride rather than a conspiracy to dupe the public into using corruptible e-voting machines.

        I guess what I should have done is simply as why do you think that governments are rolling out e-voting machine after e-voting machine if they think that e-voting is intolerable?

        link to this | view in chronology ]

        • icon
          Crosbie Fitch (profile), 5 Oct 2010 @ 12:10pm

          Re: Re: Re: Possible, but intolerable

          The state loves e-voting precisely because it's so amenable to their control (fixing/monitoring).

          If anything the only thing spurring the people's development of a secure/save system is to preclude the state using its unsafe/insecure system.

          A secure/safe e-voting system will be transparent, copyleft, distributed/p2p, and usable at any web browser. Moreover, everyone will be able to count the votes (past a specific time) and everyone will be able to assure themselves that their vote was counted. Among many other things necessary for safety/security, etc.

          A system that uses black box e-voting machines is not the voting system you're looking for.

          link to this | view in chronology ]

  • icon
    weneedhelp (profile), 5 Oct 2010 @ 10:45am

    Cant get it right on terminals

    Now they want to move it to the web? Ha ha ha, I would have injected the Benny Hill Theme, more appropriate.

    link to this | view in chronology ]

  • icon
    R. Miles (profile), 5 Oct 2010 @ 11:07am

    Next Techdirt story...

    ... University of Michigan students and professor charged with computer hacking. Faces 10-25 hard labor.

    0s and 1s. Who'd ever thought they'd be so complicated.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Oct 2010 @ 11:11am

    People use online banking and the government is ok with that but voting via the Internet isn't safe?

    link to this | view in chronology ]

    • identicon
      Ryan Diederich, 5 Oct 2010 @ 1:56pm

      Re:

      A president or senator is worth a lot more than whats in my bank account. For example, a terrorist organization isnt going to team up for 3 years to be able to steal my thousand dollars, or even ten thousand.

      Obama has spent trillions of dollars. Do you have trillions of dollars in your bank account? I dont think so good sir.

      link to this | view in chronology ]

  • icon
    Overcast (profile), 5 Oct 2010 @ 11:54am

    Built it and they will hack it.

    Internet voting will never work. Even if they 'secure' a system; who's to stop someone from pushing out a virus that re-directs you to a different site, grabs your login info - you think you have voted, but someone else will place the REAL vote for you.

    That would interfere with others who want to alter the votes - can't have that now, can we!?

    link to this | view in chronology ]

  • icon
    mikez (profile), 5 Oct 2010 @ 11:56am

    out of context

    I think a lot of people are missing the point of this story, especially if they came to it by way of slashdot.

    The professor was asked, as were other security personnel, to try to break the system. He had one of his classes go at it, and eventually one student found a back door. It does show that pretty much anything web-based is going to have vulnerabilities, but at least the DC officials are going about this the right way by asking people to try to break it, instead of taking the developer's word that it's secure.

    This wasn't a rogue attack or action and it's not for city-wide voting either. They're trying to set up a system so overseas personnel can cast their votes securely without risking them getting lost in the mail. They're building this system for about 900 voters.

    link to this | view in chronology ]

  • identicon
    Rich Kulawiec, 5 Oct 2010 @ 12:01pm

    It doesn't matter if the system is secure: the voting process is not

    Suppose for a moment that it's possible to create an online voting system which actually is secure. (Yes, I realize that this is off-the-scale optimistic and utterly foolish, but bear with me for a moment, please.)

    It still won't work, because the voting process is only secure if the endpoints are secure...and the endpoints are most definitely not secure. There are at least 100 million zombies/bots out there and more every day; we're also starting to see more of those in mobile/portable devices. So if the hypothetical system above were deployed, one of the first things that would happen is that brisk underground market in zombies-with-voting-access would develop, followed shortly by an equally-brisk underground market in tools intended to create more of them And shortly thereafter the overall voting process would be under the partial control of the highest bidder(s).

    There's no fix for this.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Oct 2010 @ 4:42pm

    An online voting system may not be ever foolproof or faultproof but it can get pretty close.

    The secret to it is redundancy, you don't send the data to just one data center you send it to multiple data centers.

    The client side is more difficult, someone could rig the thing so people will always send the same data like botnets.

    But identity verification could be done by hardware.

    But it would be difficult and labor intensive as it needs to be a moving target meaning it needs to be redone every election the logistics of it would be a nightmare.

    Yeh, I think the government is incompetent but I don't think they are wrong this time.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.