The Details On How To Elect Futurama's Bender To Whatever Election Is Using Online Voting

from the bite-my-shiny-metal-ass dept

Back in October of 2010, we wrote about how some "hackers" had broken into a test of the Washington DC e-voting system, and had managed to have the system play the University of Michigan "fight song" every time people voted -- University of Michigan being where the researchers (led by e-voting security expert J. Alex Halderman) were from. A day later, we discussed some more details of the hack, noting how just a tiny vulnerability could take down the integrity of the entire system.

It's been a bit of time since then, but Halderman has released the academic paper they wrote about the experience, which is now getting some new attention, including the fact that, beyond playing the UMich fight song, they also installed their own slate of "fictional" candidates, including Bender from Futurama, who is presumably running on a Kill All Humans platform.

The full paper has some other interesting tidbits, as well, including the fact that they didn't just hack into the e-voting machines... but also accessed the security cameras watching the e-voting servers, which were left open to public access. I'm not kidding. While that might not seem like such a big deal, as the researchers noted, it was actually really useful:

These webcams may have been intended to increase security by allowing remote surveillance of the server room, but in practice, since they were unsecured, they had the potential to leak information that would be extremely useful to attackers. Malicious intruders viewing the cameras could learn which server architectures were deployed, identify individuals with access to the facility in order to mount social engineering attacks, and learn the pattern of security patrols in the server room. We used them to gauge whether the network administrators had discovered our attacks—when they did, their body language became noticeably more agitated.

Either way, the entire thing suggests just how insecure e-voting can be, and the paper suggests these are fundamental, systematic problems with any e-voting approach these days, rather than just a poor implementation.

Filed Under: alex halderman, bender, dc, e-voting, hacking, security, university of michigan

University Of Michigan Library Kicks Off Project To Identify All The Orphan Works In Its Collection

from the how-big-is-the-problem? dept

For years, we've seen attempts to create "orphan works" legislation to deal with a much bigger problem caused by the Copyright Act of 1976. Prior to that, when copyright required registration formalities, it was relatively easy to determine if something was covered by copyright and who likely controlled that copyright. After the 1976 Act went into effect, suddenly you had all sorts of works that were probably covered by copyright, but it wasn't always clear who had the copyright, and thus there was no real way to contact them. Many people concerned about this -- including many in the Copyright Office, who usually come down on the side of always ratcheting copyright up, rather than finding exceptions -- started pushing for an orphan works law, that would let people make use of works if they really couldn't find the original owner. Tragically, the photographer community spread a ton of misinformation about the orphan works proposals and scuttled the whole thing.

Of course, there is the flipside to the argument, which is that if we made such a huge mess thanks to the 1976 Act, perhaps we should look at rolling back that Act, or at least rolling back the "automatic copyright" provisions. But, of course, our copyright masters never see the point in admitting they might have gotten something wrong. So, the best interim issue is an orphan works law. Of course, to get that actually through, one of the big questions is how big of an impact do orphan works really have. Along those lines, the University of Michigan Library is kicking off a new project to identify all the orphan works it has in its collection, which sounds like it could take quite some time. However, it would be nice to see some data on just how many works today are technically under copyright, but whose copyright holder is unknown or can't be found. Having some actual data might help shift the debate forward, rather than trekking over the same myths yet again.

Filed Under: copyright, library, orphan works, university of michigan

Washington DC Pulls Down Internet Voting Trial After Hackers Program It To Play UMich Fight Song

from the usability-issues dept

There are many who believe that there is simply no secure and safe way to conduct voting over the internet. However, it hasn't stopped the government from trying. Washington DC was getting ready to test an internet voting initiative for overseas soldiers, when the system was pulled down last week initially claiming "usability issues," and then saying that they shut it down to "to incorporate feedback received from the testing community." You see, it turned out that the testing community included a professor at University of Michigan who "unleashed" his students on the system, and it didn't take them long to set it up so that, every time you voted, the University of Michigan fight song, "Hail to the Victors," played. Oddly, no one names the Michigan professor, but it seems likely that it was Alex Halderman, who has long been closely associated with various e-voting security issues. In the meantime, it appears that DC will not be allowing internet voting for the upcoming elections...

Filed Under: alex halderman, e-voting, online voting, university of michigan, washington dc