People Who Know Stuff Don't Like Internet Voting (WaPo OpEd)

In D.C.'s Web voting test, the hackers were the good guys

By Jeremy Epstein, David Jefferson and Barbara Simons

Last month, the District conducted an Internet voting experiment that resulted in a team from the University of Michigan infiltrating election computers so completely that they were able to modify every ballot cast and all election outcomes without ever leaving their offices. They also retrieved the username and password for every eligible overseas voter who had signed up to participate. The team even defended the system against attackers from China and Iran. More than any other event in recent years, this test illustrates the extreme national security danger of Internet voting.

Though the District's Board of Elections and Ethics prudently dropped the plan to use the most dangerous parts of the system in Tuesday's midterms, the board still claims Internet voting is the wave of the future. By contrast, the consensus of the computer security community is that there is no secure Internet voting architecture suitable for public elections. The transmission of voted ballots over the Internet, whether by Web, e-mail or other means, threatens the integrity of the election. Simply fixing the problems identified in the District's test will not prove the system secure. Almost certainly the next test will discover new vulnerabilities yielding a similar disastrous result.

People frequently ask: If we can bank online, why can't we vote online? The answer is that because every banking transaction must be associated with a customer, banks know what their customers are doing, and customers get monthly statements that can be used to detect unauthorized transactions. There is no banking equivalent of the requirement for a secret ballot untraceable to the voter. While banks have huge budgets for mitigating security problems, they still lose substantial sums due to online fraud. In addition, while banks may tolerate the costs of online theft, because they save money overall, elections cannot tolerate a "small" amount of vote theft.

For more than a decade, computer security scientists have been warning of certain core dangers related to Internet voting. The successful Michigan incursion confirmed many of them:

-snip-

Jeremy Epstein is a senior computer scientist with SRI International in Arlington. David Jefferson is a computer scientist at Lawrence Livermore National Laboratory and chairman of Verified Voting. Barbara Simons is a former IBM researcher and former president of the Association for Computing Machinery. (But what do THEY know? :-) )

Read more and comment at:
http://voices.washingtonpost.com/local-opinions/2010/10/in_dcs_web_voting_test_the_hac.html

As an IT based worker I say Unequivocally.

ARE YOU OUT OF YOUR FUCKING MINDS USING MACHINES TO VOTE!

(my favorite Homerism)

NO INTERNET VOTING.

think that the votes are safe?


K&R

Look in the comments for my question:
Was the DC Hack a Conspiracy? Lets talk!

If you're suggesting they engineered the failure of their own tests, I'd say that was probably the patriotic thing to do (to discredit Internet voting!), but I doubt it happened.

That's like suggesting someone deliberately hacked the DREs in FL CD-13 in 2006 to get the state onto paper ballots. While ballot scanner vendors might benefit from such a scam, just as all e-voting vendors benefited from the FL 2000 debacle (a scam according to whistle blowers from Sequoia Voting Systems), who would benefit financially from hacking D.C.'s Internet voting system? It was open source and therefore not-for-profit, but the leader of the team from U. Michigan has a history of hacking for-profit privatized voting machines such as Diebold's DRE too.

If you're suggesting that the D.C. Board deliberately facilitated the hacks to discredit an open source Internet voting system so they could go out and patronize some for-profit Internet voting vendor, such unethical behavior shows exactly why NO ONE should be trusted to run any system as dangerous, vulnerable and unverifiable as Internet voting!

So thanks for trying to prove that point!:toast:

(Internet voting - Its as safe as handing car keys to a drunk)

Online Voting: All That Glitters Is Not Gold (Unless You're a Vendor)
http://www.verifiedvotingfoundation.org/article.php?id=6768
...
But of course vendors say it is secure - and going to be very profitable. Scientists, on the other hand, say it's not secure - and the very architecture of the internet makes secure online voting almost impossible today.

Another computer scientist friend describes email voting, the most common way to vote on the internet, this way: You're in a stadium with eighty thousand random people. It's time to vote. You write your selections on a post card in pencil, don't use an envelope, and pass your card down your row to be collected.

It might work. You could have a great election. Your vote might count just as you marked your card. But confidence pretty much sucks - for a pile of obvious reasons, from innocent mishap to conspiratorial fraud to foreign-based cyber war.
...