ACT NOW: Help Prevent a Rush to Insecure Voting in Illinois -stop bill fo Internet Voting

A bill to facilitate Internet voting is close to passing in the Illinois State Legisture.
This bill is not dead, and anyone who has time to weigh should do so.



Senate President John Cullerton, as well as lead HB 85 Senate-side sponsors Senator Michael Bond and Senator Don Harmon are the specific targets. CALL AND OR FAX THESE FOLKS, TELL THEM TO OPPOSE HB 85

HERE ARE KEY SENATORS' PHONE NUMBERS IF YOU WOULD LIKE TO CALL THEM



INTERNET VOTING IS DANGEROUS!

I'm not threatened by Internet voting. My bank and my credit card companies have ways of verifying who I am, and making sure I am not someone else. Why shouldn't my government be able to have the same assurance, with proper safeguards?

I keep reading here that it's wrong to insist on photo IDs for voters, why is ID-less voting in person so very much safer than verified Internet voting?

Internet banking has been hacked. Also, with voting, voters have a secret ballot that cannot be traced back to them. There's no voters' "account" to reconcile against.

From the SERVE report I cited in my OP:

...
But in addition, because SERVE is an Internet- and PC-based system, it has numerous other fundamental security problems that leave it vulnerable to a variety of well-known cyber attacks (insider attacks, denial of service attacks, spoofing, automated vote buying, viral attacks on voter PCs, etc.), any one of which could be catastrophic.

Such attacks could occur on a large scale, and could be launched by anyone from a disaffected lone individual to a well-financed enemy agency outside the reach of U.S. law. These attacks could result in large-scale, selective voter disenfranchisement, and/or privacy violation, and/or vote buying and selling, and/or vote switching even to the extent of reversing the outcome of many elections at once, including the presidential election. With care in the design, some of the attacks could succeed and yet go completely undetected. Even if detected and neutralized, such attacks could have a devastating effect on public confidence in elections.

It is impossible to estimate the probability of a successful cyber-attack (or multiple successful attacks) on any one election. But we show that the attacks we are most concerned about are quite easy to perpetrate. In some cases there are kits readily available on the Internet that could be modified or used directly for attacking an election. And we must consider the obvious fact that a U.S. general election offers one of the most tempting targets for cyber-attack in the history of the Internet, whether the attacker's motive is overtly political or simply self-aggrandizement.

The vulnerabilities we describe cannot be fixed by design changes or bug fixes to SERVE. These vulnerabilities are fundamental in the architecture of the Internet and of the PC hardware and software that is ubiquitous today. They cannot all be eliminated for the foreseeable future without some unforeseen radical breakthrough. It is quite possible that they will not be eliminated without a wholesale redesign and replacement of much of the hardware and software security systems that are part of, or connected to, today's Internet.

We have examined numerous variations on SERVE in an attempt to recommend an alternative Internet-based voting system that might deliver somewhat less voter convenience in exchange for fewer or milder security vulnerabilities. However, all such variations suffer from the same kinds of fundamental vulnerabilities that SERVE does; regrettably, we cannot recommend any of them. We do suggest a kiosk architecture as a starting point for designing an alternative voting system with similar aims to SERVE, but which does not rely on the Internet or on unsecured PC software (Appendix C).

# # #

that computers have flaws, and that Internet banking has been hacked. But I disagree that it will take a massive breakthrough to overcome the problems.

There's no harm in merely studying the situation. I can see having a situation where people are allowed the choice of submitting to enhanced identification procedures to enable them to conveniently vote on the Internet. It would be at least as secure as mail-in voting.

you may be richer than Bill Gates.

But for experimenting with elections - we've seen what happens when coups are executed.

No, internet voting will never be "as secure" as mail-in voting.

A single person can alter the entire outcome of an internet election, perhaps undetected.

With Mail In Voting,
you can have a secret ballot as long as you don't voluntarily share its contents with another,
there is a distinct chain of custody that is human viewable
there is a paper ballot that is counted
there can be meaningful audits and meaningful recounts

None of the above is true for internet voting.

but the ballot won't be secret anyway with internet voting.

Whoever is running the internet election can find out who cast which vote.
They can also change that vote, undetected.

Internet voting is the most insecure method of voting there is.

What next, iris scans?

Elections are not the place for experiments.

Aetna warns 65,000 about Web site data breach

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9133621

You pretty much had to be a mechanic to own and operate one. I'm confident that we will have secure Internet voting within my lifetime, at least voluntarily for people who are assured of its security. It's crazy to think that mail-in voting is more secure than the Internet banking transactions that happen billions of times a day on this planet.

and even those are hackable.

Whats the worth of hacking an election? A billion $ in bailouts maybe?

Internet voting makes elections accessible to anyone with a computer. That is not a good idea.
Maybe ciber crime isn't publicized enough. Anyway, there would be a huge payoff to someone
who could rig a statewide or national election. Or even a local one. Elections are high stakes, big money.

Hacker High: 10 Stories of Teenage Hackers Getting into the System


Student at Downingtown High School West — Downingtown, Pa.
A 15-year-old student was arrested and charged with felonies in May 2008 for stealing personal data from the Downingtown School District's computer system and downloading files that contained the names and Social Security numbers of more than 41,000 of district residents (including 15,000 students). The unnamed student allegedly accessed the files, which were located on the district’s server, through a school computer during a study period, and officials believe that he copied the files to his home computer. This is the second time in the 2007-2008 academic year that a student has broken into the Downingtown School District’s computer system; another student was arrested for hacking into the system in December 2007.

...

Jeanson James Ancheta — Los Angeles
In 2005, the FBI nabbed 20-year-old Jeanson James Ancheta, a reported member of the "Botmaster Underground," a group of script kiddies known for their bot attacks and spam inundation. His sinister cyberscheme infected computers at the United States Naval Air Warfare Center Weapons Divistion in China Lake, Calf. and the Defense Information Systems Agency, a component of the United States Department of Defense. In the first prosecution of its kind in the U.S., Ancheta was arrested and indicted on 17 federal charges for profiting from the use of "botnets."

Aaron Caffrey — Britain
Aaron Caffrey 19, was accused of almost destroying of North America's biggest ports, the Port of Houston in Texas, by hacking into its computer systems. Computers at the port were hit with a DoS (denial of service) attack on Sept. 20, 2001, which crashed systems at the port that contained data for helping ships navigate the harbor.

The prosecution said that the Brit’s computer contained a list of 11,608 IP addresses of vulnerable servers, along with malicious script. The attack on Houston was apparently tied to a female chat-room user called Bokkie, who had made anti-U.S. comments online. Still, a jury found Caffrey not guilty in October 2003.

Raphael Gray — Wales
Raphael Gray, 19, became the subject of an international investigation after he got his hands on 23,000 Internet shoppers' details and posted some of them to Web sites. The scheme, which Gray claimed was an attempt to expose security weaknesses in Internet shopping, cost users hundreds of thousands of pounds. Gray was been sentenced to psychiatric care and told reporters that he felt no regret for what he’d done

c0mrade — Miami
In 2000, a 16-year-old from Miami known on the Internet as "c0mrade" became the first juvenile to go to jail on federal computer-crime charges for hacking into NASA. The boy admitted to attacking a military computer network used by the DTRA (Defense Threat Reduction Agency) from Aug. 23, 1999 to Oct. 27, 1999. The youth installed a backdoor access on a server that intercepted more than 3,300 electronic messages to and from DTRA staff. The backdoor also accessed at least 19 usernames and passwords of DTRA employees, including at least 10 usernames and passwords on military computers. The unnamed juvenile was sentenced to six months in a detention facility.

Mafiaboy — Canada
Over a five-day period in February 2000, Yahoo! Inc., CNN, eBay Inc. and Amazon.com Inc. became victims of the largest DoS attack ever to hit the Internet. The attacker? A 14-year-old Canadian named Mike Calce, who went by “Mafiaboy” online. He became the most notorious teenage hacker of all time, causing millions of dollars worth of damage on the Internet.

Calce initially denied responsibility for the assault but later pled guilty to most of the nearly 50 charges against him. On Sept. 12, 2001, the Montreal Youth Court sentenced him to eight months of "open custody," one year of probation, restricted use of the Internet and a small fine. Calce later wrote as a columnist on computer-security topics for the French-language newspaper Le Journal de Montréal.

Ehud Tenenbaum — Israel
Computers at the Pentagon were targeted in an attack called "Solar Sunrise" during a tense time in the Persian Gulf in 1998. The attack led to the establishment of round-the-clock, online guards at major military computer sites. At the time, U.S. Deputy Defense Secretary John Hamre called the attack "the most organized and systematic attack" on U.S. military systems.

While officials initially pointed fingers at two American teens, 19-year-old Israeli hacker Ehud Tenenbaum, who was called "The Analyzer," was identified as their leader and arrested. Tenenbaum later became the CTO of a computer-consulting firm.

Richard Pryce and Matthew Bevan — Britain
Two teens touched off one of the biggest ever international computer crime investigations in the U.S. when, for several weeks in 1994, they attacked the Pentagon's computer network and tried to get access to a nuclear facility somewhere in Korea. The cyberculprits were identified as 16-year-old music student Richard Pryce (known as "Datastream Cowboy") and Matthew Bevan (known as "Kuji"), who was arrested two years later at age 21. Conspiracy charges against both Pryce and Bevan were later dropped, though Pryce was ordered to pay a small fine.

414s — Milwaukee
They may sound like a cheesy '80s band, but the 414s were actually a band of youthful hackers who broke into dozens of high-profile computer systems, including ones at Los Alamos National Laboratory and Memorial Sloan-Kettering Cancer Center. Later uncovered as six youths ranging in age from 16 to 22, the group met when they were members of a local Explorer Scout troop. These Scouts-turned-cybercriminals were investigated by the FBI in 1983.

The media took to the story of the youths, who met the somewhat sexy profile of early '80s computer hackers as established by Matthew Broderick's character in "WarGames," which was released the same year that the 414s rose to glory. In fact, 17-year-old Neal Patrick got more than his 15 minutes of fame when he appeared on the Sept. 5, 1983 cover of Newsweek. Most of the members of the 414s were not prosecuted, but their cybershenanigans lead to government hearings on hacking, as well as the introduction of six bills concerning computer crime in the U.S. House of Representatives.

http://www.itsecurity.com/features/hacker-high-061008/