Washington DC Pulls Down Internet Voting Trial After Hackers Program It To Play UMich Fight Song
from the usability-issues dept
There are many who believe that there is simply no secure and safe way to conduct voting over the internet. However, it hasn't stopped the government from trying. Washington DC was getting ready to test an internet voting initiative for overseas soldiers, when the system was pulled down last week initially claiming "usability issues," and then saying that they shut it down to "to incorporate feedback received from the testing community." You see, it turned out that the testing community included a professor at University of Michigan who "unleashed" his students on the system, and it didn't take them long to set it up so that, every time you voted, the University of Michigan fight song, "Hail to the Victors," played. Oddly, no one names the Michigan professor, but it seems likely that it was Alex Halderman, who has long been closely associated with various e-voting security issues. In the meantime, it appears that DC will not be allowing internet voting for the upcoming elections...
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: alex halderman, e-voting, online voting, university of michigan, washington dc
Reader Comments
Subscribe: RSS
View by: Time | Thread
Mike, are you sure it wasn't you unleashing your own legion of hackers? Be honest.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Bo Schembechler returns...
M GO BLUE!
LOL.
[ link to this | view in chronology ]
Possible, but intolerable
Unfortunately, no government would permit such a 'dangerous' system to get started, let alone exist.
[ link to this | view in chronology ]
Re: Possible, but intolerable
So, you have dangerous in quotes so you must think that e-voting not dangerous. Else why put it in quotes? But your post title says that it's intolerable. E-voting is not dangerous, but it's intolerable? Maybe you meant that it's intolerable to the government, not the people. But then you say that no government would permit e-voting. But the story is about a government that implemented e-voting, so that wouldn't make any sense. Maybe you meant that no government would permit secure and safe e-voting. But this would mean that the government wanted their e-voting system to get hacked. What, so they can discredit e-voting by setting up a system that gets hacked and they're willing to look like idiots to achieve their ends? Wait, maybe you meant that e-voting would be intolerable to the people. Wait, that makes no sense either. Oh well. I give up.
[ link to this | view in chronology ]
Re: Re: Possible, but intolerable
[ link to this | view in chronology ]
Re: Re: Possible, but intolerable
True democracy is a danger to all governments; as a government's stock-in-trade is quid pro quo and democracy lip-service.
[ link to this | view in chronology ]
Re: Re: Possible, but intolerable
Any perfectly secure e-voting would also be secure from government tampering, thus prevent any fixing of results and thus be unacceptable by the government.
Any e-voting system accepted by the government would not be secure from government tampering, and thus be intolerable to the voters.
[ link to this | view in chronology ]
Re: Re: Re: Possible, but intolerable
Right, but the point I was trying to make is that if the government really didn't want secure and safe e-voting (becuase they couldn't tamper with the results), then the easiest option would be to simply not implement e-voting. All they'd have to do is play to the fear of the American public of insecurity on the Internet and that would be that. No more talk of all this "danerous" e-voting nonsense. So, the other option is that they want insecure and unsafe e-voting (but that it appears secure and safe) so that they can tamper with the results. Which I think is a ridiculous position. It's a far simpler and more likely explanation that they have good intentions and are just incompitant. "Never attribute to malice that which can be adequately explained by stupidity."
[ link to this | view in chronology ]
Re: Re: Re: Re: Possible, but intolerable
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Possible, but intolerable
OK, here's my take on this. I think that the politician who goes into politics for outright corrupt reasons is in the minority. What's far more likely is that they go into politics with good intentions and end up getting corrupted. One form of corruption is the daily horse trading of politics; I vote for your bill even though I morally disagree with it in exchange for your promise of a vote (most likely for something that you morally disagree with). Over time, you're so used to playing fast and loose with your moral convictions, you don't even think that what you're doing is wrong any more. But here's the key. Even the self-deluded have good intentions. They think that the best way to achieve their objectives is to sell their soul.
I'm not some wide-eyed optimist who thinks that it's all sweetness and light in Washington. There are plenty of politicians out there who just want to game the system to get as much power, money, drugs, and sex as they can handle. But I do think that they are the minority. Most are stupid, ignorant, and self-deluded, but not evil. I honestly believe in the "Never attribute to malice that which can be adequately explained by stupidity." quote.
This is why I think that the implication of Mr. Fitch's post -- that there's some government conspiracy to discredit e-voting -- is almost certainly wrong.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Possible, but intolerable
http://rangevoting.org/PresFraud.html
Don't kid yourself. Initial aspirations notwithstanding, electoral fraud has been a huge factor in US history since the World Wars. To pretend otherwise is silly.
The question is, since we know that there is unquestionably a powerful subsect of our country through which major political candidates must be vetted to have any chance in Washington, do those in power have an interest in making sure that the will of all the people of our country can be faithfully affected.
Personally, when surveying the history of electoral fraud and examining the effects true democracy would have on the power bases of this country, I can't see how the answer would be yes....
[ link to this | view in chronology ]
Re: Re: Re: Re: Possible, but intolerable
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Possible, but intolerable
Your point would have more impact if most computer systems worked perfectly according to specificiations and met all user expectations. I can assure you that this is not the case. The fact that e-voting system have the same problems that almost all systems have isn't a sign of a conspiracy; it just means that a human was involved in its creation.
[ link to this | view in chronology ]
Re: Re: Re: Possible, but intolerable
[ link to this | view in chronology ]
Re: Re: Re: Re: Possible, but intolerable
Well, if by "some representative positions" you mean members of Congress, I don't think that would be a good idea. You could, but the representative Democracy we have in America works because it's a relatively good balance between mob rule and authoritarianism. In other words, a representative government is not a good idea because it solves the problem of people traveling long distances to vote; it's a good idea because it's a good idea. Sure, there could be some tweaks to improve things, but the system tends to work. Maybe as well as any human organization that big can work.
[ link to this | view in chronology ]
Re: Re: Possible, but intolerable
[ link to this | view in chronology ]
Re: Possible, but intolerable
A voting system that is secure from tampering/fixing/tracing is not really desired by the state. They just want a system that is secure from everyone APART from a few 'authorities' trusted by the state.
A voting system that is safe for the voter (from persecution/coercion) means the voter is safe from the government. No, the state just wants a system that the voter will feel safe using.
A voting system that is transparently secure, safe and assured to be a true vote of the participants is dangerous to any state that would remain in power.
However, a voting system that is so efficient/economic it can be used not just to elect the people's representatives, but also to conduct instant referenda on almost any issue or decision risks descending government into mobocracy/demagoguery rather than scrupulous protection of individuals' natural rights.
It's one thing to get a tamper-free multiple choice answer from the populace. It's another thing to make intelligent and conscientious decisions regarding use of tax and making of ethical laws.
It's quite easy to rouse the mob into executing anyone suspected of paedophilia, witchcraft, terrorism, communism, Judaism, file sharing, etc. Not least, invading any country they fancy. And if the mob don't fancy invading anyone, explode a bomb somewhere and blame it on the enemy.
Even given perfect voting technology, big problems remain.
[ link to this | view in chronology ]
Re: Re: Possible, but intolerable
I understand this point. But what I was trying to do, in my sarcastic way, was to point out that your assertion seems to conflict with the facts. The only way that I can see that you can reconcile your assertion that the government thinks that e-voting is dangerous and intolerable with the fact that they already implement all kinds of e-voting schemes is to resort to conspiracy theory.
OK, so the government doesn't want safe and secure e-voting, but they do want unsafe and insecure voting so that they can tamper with the results? I think you're giving the government much more credit that it deserves. As I've mentioned in other replies, I think it's much more likely that the cause of the problems with e-voting is due to simple incompetence and pride rather than a conspiracy to dupe the public into using corruptible e-voting machines.
I guess what I should have done is simply as why do you think that governments are rolling out e-voting machine after e-voting machine if they think that e-voting is intolerable?
[ link to this | view in chronology ]
Re: Re: Re: Possible, but intolerable
If anything the only thing spurring the people's development of a secure/save system is to preclude the state using its unsafe/insecure system.
A secure/safe e-voting system will be transparent, copyleft, distributed/p2p, and usable at any web browser. Moreover, everyone will be able to count the votes (past a specific time) and everyone will be able to assure themselves that their vote was counted. Among many other things necessary for safety/security, etc.
A system that uses black box e-voting machines is not the voting system you're looking for.
[ link to this | view in chronology ]
Cant get it right on terminals
[ link to this | view in chronology ]
Next Techdirt story...
0s and 1s. Who'd ever thought they'd be so complicated.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Obama has spent trillions of dollars. Do you have trillions of dollars in your bank account? I dont think so good sir.
[ link to this | view in chronology ]
Internet voting will never work. Even if they 'secure' a system; who's to stop someone from pushing out a virus that re-directs you to a different site, grabs your login info - you think you have voted, but someone else will place the REAL vote for you.
That would interfere with others who want to alter the votes - can't have that now, can we!?
[ link to this | view in chronology ]
out of context
The professor was asked, as were other security personnel, to try to break the system. He had one of his classes go at it, and eventually one student found a back door. It does show that pretty much anything web-based is going to have vulnerabilities, but at least the DC officials are going about this the right way by asking people to try to break it, instead of taking the developer's word that it's secure.
This wasn't a rogue attack or action and it's not for city-wide voting either. They're trying to set up a system so overseas personnel can cast their votes securely without risking them getting lost in the mail. They're building this system for about 900 voters.
[ link to this | view in chronology ]
Re: out of context
http://voices.washingtonpost.com/debonis/2010/10/hacker_infiltration_ends_dc_on.html
[ link to this | view in chronology ]
Re: Re: out of context
[ link to this | view in chronology ]
It doesn't matter if the system is secure: the voting process is not
It still won't work, because the voting process is only secure if the endpoints are secure...and the endpoints are most definitely not secure. There are at least 100 million zombies/bots out there and more every day; we're also starting to see more of those in mobile/portable devices. So if the hypothetical system above were deployed, one of the first things that would happen is that brisk underground market in zombies-with-voting-access would develop, followed shortly by an equally-brisk underground market in tools intended to create more of them And shortly thereafter the overall voting process would be under the partial control of the highest bidder(s).
There's no fix for this.
[ link to this | view in chronology ]
The secret to it is redundancy, you don't send the data to just one data center you send it to multiple data centers.
The client side is more difficult, someone could rig the thing so people will always send the same data like botnets.
But identity verification could be done by hardware.
But it would be difficult and labor intensive as it needs to be a moving target meaning it needs to be redone every election the logistics of it would be a nightmare.
Yeh, I think the government is incompetent but I don't think they are wrong this time.
[ link to this | view in chronology ]