Washington DC Pulls Down Internet Voting Trial After Hackers Program It To Play UMich Fight Song
from the usability-issues dept
There are many who believe that there is simply no secure and safe way to conduct voting over the internet. However, it hasn’t stopped the government from trying. Washington DC was getting ready to test an internet voting initiative for overseas soldiers, when the system was pulled down last week initially claiming “usability issues,” and then saying that they shut it down to “to incorporate feedback received from the testing community.” You see, it turned out that the testing community included a professor at University of Michigan who “unleashed” his students on the system, and it didn’t take them long to set it up so that, every time you voted, the University of Michigan fight song, “Hail to the Victors,” played. Oddly, no one names the Michigan professor, but it seems likely that it was Alex Halderman, who has long been closely associated with various e-voting security issues. In the meantime, it appears that DC will not be allowing internet voting for the upcoming elections…
Filed Under: alex halderman, e-voting, online voting, university of michigan, washington dc
Comments on “Washington DC Pulls Down Internet Voting Trial After Hackers Program It To Play UMich Fight Song”
“a professor at University of Michigan who “unleashed” his students on the system”
Mike, are you sure it wasn’t you unleashing your own legion of hackers? Be honest.
Re: Re:
He told me to have them stand down. That said, we are awaiting orders and constantly prepping for attack….
Re: Re: Re:
Oh, that makes sense.
Bo Schembechler returns...
…from the grave to win again!
M GO BLUE!
LOL.
Possible, but intolerable
It is possible to develop a “secure and safe way to conduct voting over the internet”.
Unfortunately, no government would permit such a ‘dangerous’ system to get started, let alone exist.
Re: Possible, but intolerable
Unfortunately, no government would permit such a ‘dangerous’ system to get started, let alone exist.
So, you have dangerous in quotes so you must think that e-voting not dangerous. Else why put it in quotes? But your post title says that it’s intolerable. E-voting is not dangerous, but it’s intolerable? Maybe you meant that it’s intolerable to the government, not the people. But then you say that no government would permit e-voting. But the story is about a government that implemented e-voting, so that wouldn’t make any sense. Maybe you meant that no government would permit secure and safe e-voting. But this would mean that the government wanted their e-voting system to get hacked. What, so they can discredit e-voting by setting up a system that gets hacked and they’re willing to look like idiots to achieve their ends? Wait, maybe you meant that e-voting would be intolerable to the people. Wait, that makes no sense either. Oh well. I give up.
Re: Re: Possible, but intolerable
You are ‘not’ dumb.
Re: Re: Possible, but intolerable
:eye-roll:
True democracy is a danger to all governments; as a government’s stock-in-trade is quid pro quo and democracy lip-service.
Re: Re: Possible, but intolerable
Perhaps he means that, assuming all governments are by nature corrupt and deceptive:
Any perfectly secure e-voting would also be secure from government tampering, thus prevent any fixing of results and thus be unacceptable by the government.
Any e-voting system accepted by the government would not be secure from government tampering, and thus be intolerable to the voters.
Re: Re: Re: Possible, but intolerable
Any perfectly secure e-voting would also be secure from government tampering, thus prevent any fixing of results and thus be unacceptable by the government.
Right, but the point I was trying to make is that if the government really didn’t want secure and safe e-voting (becuase they couldn’t tamper with the results), then the easiest option would be to simply not implement e-voting. All they’d have to do is play to the fear of the American public of insecurity on the Internet and that would be that. No more talk of all this “danerous” e-voting nonsense. So, the other option is that they want insecure and unsafe e-voting (but that it appears secure and safe) so that they can tamper with the results. Which I think is a ridiculous position. It’s a far simpler and more likely explanation that they have good intentions and are just incompitant. “Never attribute to malice that which can be adequately explained by stupidity.”
Re: Re: Re:2 Possible, but intolerable
….why do you think it’s more likely that a politician has “good” intentions? I have seen no evidence that this is generally the case with regard to anything politicians do….
Re: Re: Re:3 Possible, but intolerable
….why do you think it’s more likely that a politician has “good” intentions?
OK, here’s my take on this. I think that the politician who goes into politics for outright corrupt reasons is in the minority. What’s far more likely is that they go into politics with good intentions and end up getting corrupted. One form of corruption is the daily horse trading of politics; I vote for your bill even though I morally disagree with it in exchange for your promise of a vote (most likely for something that you morally disagree with). Over time, you’re so used to playing fast and loose with your moral convictions, you don’t even think that what you’re doing is wrong any more. But here’s the key. Even the self-deluded have good intentions. They think that the best way to achieve their objectives is to sell their soul.
I’m not some wide-eyed optimist who thinks that it’s all sweetness and light in Washington. There are plenty of politicians out there who just want to game the system to get as much power, money, drugs, and sex as they can handle. But I do think that they are the minority. Most are stupid, ignorant, and self-deluded, but not evil. I honestly believe in the “Never attribute to malice that which can be adequately explained by stupidity.” quote.
This is why I think that the implication of Mr. Fitch’s post — that there’s some government conspiracy to discredit e-voting — is almost certainly wrong.
Re: Re: Re:4 Possible, but intolerable
Perhaps this incomplete but decent history of the way electoral fraud has been used by both parties in presidential elections will help bring you along:
http://rangevoting.org/PresFraud.html
Don’t kid yourself. Initial aspirations notwithstanding, electoral fraud has been a huge factor in US history since the World Wars. To pretend otherwise is silly.
The question is, since we know that there is unquestionably a powerful subsect of our country through which major political candidates must be vetted to have any chance in Washington, do those in power have an interest in making sure that the will of all the people of our country can be faithfully affected.
Personally, when surveying the history of electoral fraud and examining the effects true democracy would have on the power bases of this country, I can’t see how the answer would be yes….
Re: Re: Re:2 Possible, but intolerable
It’s probably easier to rig voting machines from a distance and claim it’s a bug if you’re caught than physically cheat when counting ballots, what with all the witnesses and protocol…
Re: Re: Re:3 Possible, but intolerable
It’s probably easier to rig voting machines from a distance and claim it’s a bug if you’re caught than physically cheat when counting ballots, what with all the witnesses and protocol…
Your point would have more impact if most computer systems worked perfectly according to specificiations and met all user expectations. I can assure you that this is not the case. The fact that e-voting system have the same problems that almost all systems have isn’t a sign of a conspiracy; it just means that a human was involved in its creation.
Re: Re: Re: Possible, but intolerable
With a sufficiently “secure and safe” at-home voting service, you could move toward replacing some representative positions with direct democracy. They don’t want that. Also, it starts to eliminate the excuse for voting districts, which are carefully chosen to protect the status quo.
Re: Re: Re:2 Possible, but intolerable
With a sufficiently “secure and safe” at-home voting service, you could move toward replacing some representative positions with direct democracy.
Well, if by “some representative positions” you mean members of Congress, I don’t think that would be a good idea. You could, but the representative Democracy we have in America works because it’s a relatively good balance between mob rule and authoritarianism. In other words, a representative government is not a good idea because it solves the problem of people traveling long distances to vote; it’s a good idea because it’s a good idea. Sure, there could be some tweaks to improve things, but the system tends to work. Maybe as well as any human organization that big can work.
Re: Re: Possible, but intolerable
Oooh! I got it. You think that the government thinks that e-voting is dangerous and they wouldn’t tolerate it. No, that can’t be it either because we’re back to the fact that they actually put in place an e-voting scheme, which they clearly wouldn’t do if they thought it was dangerous and intolerable. That is, unless I was right that you think it’s part of a conspiracy to discredit e-voting machines by the governement. But that would mean the government is smart and capable enough to pull off a conspiracy like this, which clearly doesn’t make any sense either. Nope, I’m back to giving up.
Re: Possible, but intolerable
Some commenters understood my comment quite sufficiently.
A voting system that is secure from tampering/fixing/tracing is not really desired by the state. They just want a system that is secure from everyone APART from a few ‘authorities’ trusted by the state.
A voting system that is safe for the voter (from persecution/coercion) means the voter is safe from the government. No, the state just wants a system that the voter will feel safe using.
A voting system that is transparently secure, safe and assured to be a true vote of the participants is dangerous to any state that would remain in power.
However, a voting system that is so efficient/economic it can be used not just to elect the people’s representatives, but also to conduct instant referenda on almost any issue or decision risks descending government into mobocracy/demagoguery rather than scrupulous protection of individuals’ natural rights.
It’s one thing to get a tamper-free multiple choice answer from the populace. It’s another thing to make intelligent and conscientious decisions regarding use of tax and making of ethical laws.
It’s quite easy to rouse the mob into executing anyone suspected of paedophilia, witchcraft, terrorism, communism, Judaism, file sharing, etc. Not least, invading any country they fancy. And if the mob don’t fancy invading anyone, explode a bomb somewhere and blame it on the enemy.
Even given perfect voting technology, big problems remain.
Re: Re: Possible, but intolerable
A voting system that is transparently secure, safe and assured to be a true vote of the participants is dangerous to any state that would remain in power.
I understand this point. But what I was trying to do, in my sarcastic way, was to point out that your assertion seems to conflict with the facts. The only way that I can see that you can reconcile your assertion that the government thinks that e-voting is dangerous and intolerable with the fact that they already implement all kinds of e-voting schemes is to resort to conspiracy theory.
OK, so the government doesn’t want safe and secure e-voting, but they do want unsafe and insecure voting so that they can tamper with the results? I think you’re giving the government much more credit that it deserves. As I’ve mentioned in other replies, I think it’s much more likely that the cause of the problems with e-voting is due to simple incompetence and pride rather than a conspiracy to dupe the public into using corruptible e-voting machines.
I guess what I should have done is simply as why do you think that governments are rolling out e-voting machine after e-voting machine if they think that e-voting is intolerable?
Re: Re: Re: Possible, but intolerable
The state loves e-voting precisely because it’s so amenable to their control (fixing/monitoring).
If anything the only thing spurring the people’s development of a secure/save system is to preclude the state using its unsafe/insecure system.
A secure/safe e-voting system will be transparent, copyleft, distributed/p2p, and usable at any web browser. Moreover, everyone will be able to count the votes (past a specific time) and everyone will be able to assure themselves that their vote was counted. Among many other things necessary for safety/security, etc.
A system that uses black box e-voting machines is not the voting system you’re looking for.
Cant get it right on terminals
Now they want to move it to the web? Ha ha ha, I would have injected the Benny Hill Theme, more appropriate.
Next Techdirt story...
… University of Michigan students and professor charged with computer hacking. Faces 10-25 hard labor.
0s and 1s. Who’d ever thought they’d be so complicated.
People use online banking and the government is ok with that but voting via the Internet isn’t safe?
Re: Re:
A president or senator is worth a lot more than whats in my bank account. For example, a terrorist organization isnt going to team up for 3 years to be able to steal my thousand dollars, or even ten thousand.
Obama has spent trillions of dollars. Do you have trillions of dollars in your bank account? I dont think so good sir.
Built it and they will hack it.
Internet voting will never work. Even if they ‘secure’ a system; who’s to stop someone from pushing out a virus that re-directs you to a different site, grabs your login info – you think you have voted, but someone else will place the REAL vote for you.
That would interfere with others who want to alter the votes – can’t have that now, can we!?
out of context
I think a lot of people are missing the point of this story, especially if they came to it by way of slashdot.
The professor was asked, as were other security personnel, to try to break the system. He had one of his classes go at it, and eventually one student found a back door. It does show that pretty much anything web-based is going to have vulnerabilities, but at least the DC officials are going about this the right way by asking people to try to break it, instead of taking the developer’s word that it’s secure.
This wasn’t a rogue attack or action and it’s not for city-wide voting either. They’re trying to set up a system so overseas personnel can cast their votes securely without risking them getting lost in the mail. They’re building this system for about 900 voters.
Re: out of context
sorry, forgot the link:
http://voices.washingtonpost.com/debonis/2010/10/hacker_infiltration_ends_dc_on.html
Re: Re: out of context
And a blog post on it from Halderman – http://www.freedom-to-tinker.com/blog/jhalderm/hacking-dc-internet-voting-pilot
It doesn't matter if the system is secure: the voting process is not
Suppose for a moment that it’s possible to create an online voting system which actually is secure. (Yes, I realize that this is off-the-scale optimistic and utterly foolish, but bear with me for a moment, please.)
It still won’t work, because the voting process is only secure if the endpoints are secure…and the endpoints are most definitely not secure. There are at least 100 million zombies/bots out there and more every day; we’re also starting to see more of those in mobile/portable devices. So if the hypothetical system above were deployed, one of the first things that would happen is that brisk underground market in zombies-with-voting-access would develop, followed shortly by an equally-brisk underground market in tools intended to create more of them And shortly thereafter the overall voting process would be under the partial control of the highest bidder(s).
There’s no fix for this.
An online voting system may not be ever foolproof or faultproof but it can get pretty close.
The secret to it is redundancy, you don’t send the data to just one data center you send it to multiple data centers.
The client side is more difficult, someone could rig the thing so people will always send the same data like botnets.
But identity verification could be done by hardware.
But it would be difficult and labor intensive as it needs to be a moving target meaning it needs to be redone every election the logistics of it would be a nightmare.
Yeh, I think the government is incompetent but I don’t think they are wrong this time.