Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
United States Your Rights Online

E-Voting Firm VoteHere Discloses October Break-In 172

Posted by timothy from the what-are-the-28%-thinking-exactly dept.
linuxwrangler writes "In the ongoing saga of electronic voting 'security,' eVoting company VoteHere is the latest to reveal that they were the victim of a computer break-in. According to VoteHere founder, Jim Adler, the concern isn't about their source code which they plan to reveal 'eventually,' anyway, but is about the possible release of salary and other HR data. Astoundingly, the 'hot poll' associated with this story has (as this is being posted) 28% of respondents saying they would trust their vote on the internet and 41% saying 'not now, but maybe soon.' Feel free to cast your vote." Reader nSignIfikaNt points to the Assocated Press' article as carried by CNN.
This discussion has been archived. No new comments can be posted.

E-Voting Firm VoteHere Discloses October Break-In More

E-Voting Firm VoteHere Discloses October Break-In

Comments Filter:

  • See? (Score:5, Funny)

    by Shky ( 703024 ) <shkyoleary&gmail,com> on Monday December 29, 2003 @11:17PM (#7832542) Homepage Journal
    Problems with voting are clear and simple proof that fascist dictatorships are the only way to go.

    E-Communism and E-Oppression would be far more successful, no doubt.

  • Measure the Slashdot Effect! (Score:5, Informative)

    by c0dedude ( 587568 ) on Monday December 29, 2003 @11:19PM (#7832548)
    Neato! I caught this story right when it went on slashdot's main page, 0/3 comments and got the vote tally, we can safely say that this is pre /. effect. Now, I think I know which way most slashdoteers are going to vote, and we've already seen vote skewing here [forbes.com] when a sig told people to vote no on Verisign all through September and October (it got around 5000 votes at the end of the month as I recall), let's see how slashdot affects a slightly larger traffic/voting site:

    So here are the current vote totals, pre /. effect:

    24692 Responces
    27% Yes
    41% Not today, but maybe soon
    29% Never (Likely to spike? Let's see!)
    2% None of the above
    • I agree, and cannot see my vote going o'er the internet anytime in the future, but we (as a slashdot collective) are forever hopeful that our beloved Linux/BSD will find a way to do just about anything. While current e-voting has been massivly flawed, surely some enterprising devloper will come up with something about the problem someday. Until then, I'm content to make the trek out to a polling place once a year.

    • Re:Measure the Slashdot Effect! (Score:5, Interesting)

      by whorfin ( 686885 ) on Tuesday December 30, 2003 @12:00AM (#7832737)
      But isn't participating in this poll itself a form of 'voting' ?

    • Where's the entry for Hank, the Angry Drunken Dwarf?

      :-),
      Schwab

    • OK, so its now several hours since the story was posted and there's no "spike" in the percentages. Infact the difference of 2% could very well happen due to statistical variation even if it hadn't been slashdotted! Which clearly shows that /.ers don't read articles, but they just click them anyway just for the sadistic thrill of killing the server ;^)
    • I think the main reason that "Not today, but maybe soon" is winning is the crummy selection of choices in the poll. I'll bet that if "Not until someone comes up with a good audit process and a way to hold the vendor responsible" was a choice, the results would be a bit different. I don't see that happening "soon" so "maybe soon" was definitely not an option for me.
    • "Not a scientifically valid survey. Click to learn more."

      MSNBC says that their polls are not representative because people offer to vote rather than being asked. I would think that being asked to vote at the end of reading an article on the subject in question might also influence things. But they don't seem to mention the people with a list of transparent proxies, a copy of LWP, and no cookies. Apparently MSN is immune to that, to the extent that it doesn't merit a warning.

  • If their internal network can be compromised... (Score:5, Insightful)

    by Sikmaz ( 686372 ) on Monday December 29, 2003 @11:19PM (#7832549)
    Why should we trust their voting systems without auditing?
    • Exactly.

      Lets not forget that these evoting corps seem to be doing everything in their power NOT to make it secure.

      More E-Voting SNAFUs [slashdot.org].

      I just wish I remembered the news source that mentioned that the big 3 corps that made the voting material were big republican donators. Anybody has a link?

    • Re:If their internal network can be compromised... (Score:4, Insightful)

      by Beryllium Sphere(tm) ( 193358 ) on Tuesday December 30, 2003 @12:24AM (#7832824) Journal
      You can't trust anything important without auditing. You can't even trust paper without the opportunity to do independent recounts.

      There was something encouraging in the article, evidence that the company understands the concept of detection and response:

      "It's true that systems would always be compromised," he said. "The point is, you want to know about it. ... If you can detect when those things happen, that's what's vitally important. Any ballots that get compromised will get detected, and that's what's crucial."

      Not so good is that the article says their systems will allow voters to check their ballots after leaving the polling place. I hope the reporter misunderstood. Chaum's paper explains how you could verify that your vote got counted, was valid, and was what you expected -- but you don't want to be able to see what candidate the vote was for. That way lies intimidation and verifiable vote-buying.

      • Actually, what I meant (and what VoteHere intended) is probably basically what Chaum proposes: As I understand it, you would get a code you could match up against a second code, say, via telephone. For example, if you voted for Karenna Gore Schiff, you would hear the code "123," but if you voted for Jenna Bush, it would be "456." But only you would know which code corresponded with which candidate, so that you couldn't prove to someone else that you voted the way they paid you to vote (or told you to vote).

  • Um... Suggestion... (Score:1, Interesting)

    by LordKazan ( 558383 )
    Why don't we make a very small linux distro that works with small puters with touchscreens and make a secure voting system.

    Just to bite our thumb at them.
    • Such a distro would also be a great way of advertising the many Linux-based point-of-sale solutions available.

      In fact, (before they lost their minds), our buddies at SCO were touting a Linux POS distribution that would run on similar equipment.
    • I don't think the problem is that these systems run Windows though that's certainly not helping the security situation. I believe the problem is more the secrecy these companies are taking as well and the inherent risk to the accuracy of the voting that comes with computerizing the process.

      • I don't think the problem is that these systems run Windows though that's certainly not helping the security situation. I believe the problem is more the secrecy these companies are taking as well and the inherent risk to the accuracy of the voting that comes with computerizing the process.

        Yes, and windows requires that secrecy. First off, the operating system is closed source and cannot be modified. Second, although open source apps have been ported to the windows platform by making use of gcc and al

    • While being able to examine the source code is better than not being able to see it, I believe it was Ken Thompson at Bell Labs back in the late 1970s who proved that you couldn't trust anything you didn't write--not even the compilier.

      Open source would allow us to find the most obvious nefarious schemes, but we still wouldn't be totally safe, unless we were the one to build the system from the ground up, including writing the original compilier in machine code to ensure that any compiler that we were to u

  • umm...ok (Score:5, Insightful)

    by Savatte ( 111615 ) on Monday December 29, 2003 @11:20PM (#7832554) Homepage Journal
    can you really trust voting results/percentages of an e-voting firm that was hacked?

    • Re:umm...ok (Score:5, Funny)

      by BuckaBooBob ( 635108 ) on Tuesday December 30, 2003 @12:22AM (#7832816)
      Any Company on the internet Can be Hacked...

      In Actuality MS could most likely come up with the Most Secure E-voting Software

      Voting Atendant: "Sorry all of our E-voting computers are plauged with a Blaster Worm variant and will not work.. Please use the standard Manual Process.."

      Where do you want to vote today?

  • Microsoft is responsible (really!) (Score:4, Insightful)

    by the man with the pla ( 710711 ) on Monday December 29, 2003 @11:21PM (#7832562)
    I'm not trying to troll here...but hear me out: People simply don't trust electronic voting...as a geek this makes me very sad, because voting is something that could and should be more automated.

    Now, ask yourself, why is it that people don't trust comptuers?

    Answer: Microsoft's abhorent trackrecord with regard to security has an awful lot to do with it. It's not the only factor, but it is *huge*.

    All these windows bugs do effect us linux geeks: The perception of computers in general has suffered greatly.

    --
    Join Jihad against slashdot's editors. Join anti-slash [anti-slash.org]

    • Re:Microsoft is responsible (really!) (Score:5, Insightful)

      by MBCook ( 132727 ) <foobarsoft@foobarsoft.com> on Monday December 29, 2003 @11:31PM (#7832615) Homepage
      That may be why the uninformed are affraid (can you blame them?), but that's no reason to not trust e-voting.

      E-voting is a reason not to trust e-voting. Slashdot just has story after story of how these big "trust us, our stuff is fair" e-voting companies have problem after problem after problem. Things are bad now, but imagine the kind of stuff that might come up if it was legislated that the 2004 Presidential Election had to be done on these systems. What happened in Florida (which was largly the fault of people who were too desperate to not loose to care about anything else, since the recounts and recounts didn't change anything) would look like a cakewalk compared to finding people who got to vote in 12 districts, those who's votes were counted 10,002 times, and the fact that anyone with a "A" or an "E" in their last name (BUT NOT BOTH) could only vote during odd numbered minutes of even numbered hours in districts that are prime numbers or some other rediculous things that at this rate seems it could easily turn up.

      I'm all for MS bashing when they deserve it, and they may be the number one reason people don't trust e-voting (allbeit indirectly); but there are REAL reasons why people shouldn't trust it, and if it were to get reported more, then people still wouldn't trust the things, it would just be for the "right" reason.

      • I think what he was saying is that it's the *implementations* that are faulty, not the concept.

        Perhaps the current incarnations are faulty because they involve insecure proprietary software made by inept, politically-motivated companies; but that doesn't mean that e-voting is inherently impossible to do correctly.

        There's a real feeling among "regular people" that computers aren't to be trusted. It will only hurt OSS and proponents of universal computing when Microsoft capitalizes on this mistrust (that

        • The technologically informed must make it clear that the problems with e-voting (and secure computing in general) are not technical ones

          Aren't they? Depends on your definitions, I suppose, but I would say the main problem *is* a technical one, and that it's intractable. The problem is that technology is inherently opaque, unless you have a great deal of specialized training, and even then you can never really be sure unless you're allowed to disassemble the device.

          Sure, there are ways you can build s

          • I'm going to take the advice in your sig and pick your argument apart based on your poor presentation, rather than on it's merit, since I think we're mostly in agreement.

            Premise:
            I would say the main problem *is* a technical one, and that it's intractable.

            Assertion #1:
            technology is inherently opaque
            Rebuttal:
            unless you have a great deal of specialized training

            Assertion #2:
            you can never really be sure
            Rebuttal:
            unless you're allowed to disassemble the device.

            Straw man:
            there are ways you can build

            • No technical problems in sight.

              As I said, it depends on your definitions. Voter confidence is a key requirement of voting systems. Arguably it's a more important requirement than accuracy. I suppose there is a small leap in my logic in that I implicitly assumed that the only way to achieve voter confidence is through transparency, but if you allow that, then transparency is clearly a requirement of any voting system and therefore a technical challenge that must be met by any good e-voting system.

              I p

        • trusting faceless corporations or closed-source government voting booths

          As much of a Linux/OSS fan as I am, the problem with e-voting (I've said this about a dozen times -- as have others) is not that it's closed source. The problem is there is no way for the voter to verify his vote was actually counted in a way that can't be easily changed later -- short of printing a paper ballot for him to verify and drop into a lock box.

          Sure paper can be tampered with too, but not as easily as say 'vi results' (or n

    • Re:Microsoft is responsible (really!) (Score:5, Insightful)

      by nlinecomputers ( 602059 ) on Monday December 29, 2003 @11:52PM (#7832707)
      I'm not trying to troll here...but hear me out: People simply don't trust electronic voting...as a geek this makes me very sad, because voting is something that could and should be more automated.

      Why should voting be more automated? The only reason ballot counters are used is to rig the election. Several contries around the world conduct elections with hand marked and hand counted ballots and do just fine. Automation just makes it that much easier to rig the vote. Voting SHOULD be difficult, hard to quickly count, and should envolve lots of people in the process. When one person or a small group gets to count the ballot or gets to build an automatic system to count the ballots it is far easier to bribe or threaten that small group and rig the election. Any kind of automatic system should be questioned, be it scantron systems, pull lever voting machines, or computers. It is all designed to hide the vote from the public NOT make voting safer. I don't trust computers not because I am ignorant of what they can do because I know exactly what they are able to do and how easy it would be to rig an election.

      If it is not a paper ballot and the ballot isn't counted at the polling place in public view then you shouldn't trust that vote. Most places in the USA the ballots are not counted at the poll. They are hauled away to the court house and counted out of public view. No way to be certain that the ballot box is the same one that left the polling place and no way to have the public watch the counting. This is by design to aid in vote fraud. We haven't had a free election in most places in the country in years.
    • I'm not trying to troll here...but hear me out: People simply don't trust electronic voting...as a geek this makes me very sad, because voting is something that could and should be more automated.
      Now, ask yourself, why is it that people don't trust comptuers?

      now ask yourself, why is it that the vast majority of voters use computers, if at all, with distrust? check the voting records out. does your father/mother use a computer much? if so, how much do you help them with it? my point being, how well do
      • understanding=trust

        Hell no it doesn't. A little understanding may equal trust -- which leads to all the sorts of horrors that are routinely chronicled in the RISKS digest, and the kind of crap that Microsoft puts out.

        The more experienced of us, with more understanding, know the many ways things can be screwed up (accidentally or deliberately) with a computer assist. As the saying goes, "to err is human; to really foul things up requires a computer".

        I've been programming for 30 years, and I've work
        • Hell no it doesn't. A little understanding may equal trust -- which leads to all the sorts of horrors that are routinely chronicled in the RISKS digest, and the kind of crap that Microsoft puts out.

          actually, a little understanding is the most dangerous thing of all. false courage results, false feelings of infallability. get a grip, and check out the other famous quote (OTQ)[possibly paraphrased]:
          " a little knowledge is a dangerous thing"

    • I wouldn't trust any OS with voting. I don't care what OS. I've worked on far too many systems, and seen how easy it would be to tamper with any system.

      Voting is one thing that should not be automated. Sometimes simpler (and manual) is better.

    • I'm not trying to troll here...but hear me out: People simply don't trust electronic voting...as a geek this makes me very sad, because voting is something that could and should be more automated.

      Oh, you're trolling.

      Now, ask yourself, why is it that people don't trust comptuers?

      They don't have the time to spend learning the operating system. It's that simple (and the reason why Linux is so less accepted right now...far too overly complex).

      Answer: Microsoft's abhorent trackrecord with regard to sec
    • Whether or not Mircosoft is responisble for the publics mistrust of computers, an easy solution would simply to for the voting machine to make a print out as well as recording the voters choices. There would then be a double record of the vote(In case of any electronic problem), and the pice of paper would also make a mistrustful public less wary.

  • Vote on the internet (Score:5, Funny)

    by soliaus ( 626912 ) on Monday December 29, 2003 @11:22PM (#7832571) Homepage Journal
    Astoundingly, the 'hot poll' associated with this story has (as this is being posted) 28% of respondents saying they would trust their vote on the internet and 41% saying 'not now, but maybe soon.' Feel free to cast your vote.

    So what, your telling to vote on the internet to tell them that I dont want to vote on the internet? Quite astounding indeed...

  • Trust In E-Voting? (Score:5, Interesting)

    by MBCook ( 132727 ) <foobarsoft@foobarsoft.com> on Monday December 29, 2003 @11:23PM (#7832580) Homepage
    Am I the only one who is ready to never trust e-voting ever again? I was a little worried before I knew anything about it. The more I learn, the more terrified I get. With everything that goes on in the computer world, e-voting is SCARRY.

    Let's ignore hacking and break-ins. Those are too easy. Vendor bugs are bad enough. There have been bugs that cause automatic medicine dosers in hospitals to give out too much medice and almost (or completely) kill a paitent. I'll go vote for candidate Ham Sandwich, but how do I know some bug won't cause every vote for his oppoent, Mr. Mayor, to be counted 100 times? These things just seem to happen more and more.

    So what WILL have me trust it? Let's set it up like a slot machine is set up. It has it's software burned into some ROM. It should be thouroughly tested by independant labs, the code should be available for me to look at, and I should be able to read the ROM chip after the elections are done so I know that it's got what it's supposed to on it (not that many people would do this, but it should be an option). When I'm done voting, it should print out a paper punch ballot that I can look at to see that it voted the way I told it to. The voting commisions can use the electronic results, but a random 5% of all districts every election should check the electronic counts against the paper ballots to make sure nothing weird is going on there. And most importantly of all (and like a slot machine), YOU SHOULDN'T BE ABLE TO CHEAT. Shock it with 10,000,000 volts to make sure it doesn't mess up and let me vote twice. Punch it and kick it and do anything possible (and then some) to make sure it still functions correctly, just like a slot machine. Slot machines go through all that because they might be responsible for millions of dollars. My vote should be worth more than that, and there for should have TOUGHER standards behind it.

    In short, I don't trust e-voting. The only way I'd LIKE to see e-voting is that you choose your candidates on the computer, then it prints out a punched ballot (with names and all, so I can see it did things right) that I turn in, and THAT'S my ballot; the machine is nothing more than a ballot punching tool and holds no results of it's own. I should be able to do it all by hand if I want. This is the only way I'd like to see e-voting, and the description above is the only way that I'll accept it.

    • Re:Trust In E-Voting? (Score:2, Informative)

      by Barto ( 467793 )
      I don't have a problem as long as the program used is open source, and the program running on election day is verified to be that same program.

      You can take steps to keep track of, record and back up electronic votes if something goes wrong. Remember, bad things can happen with paper voting too (eg vote counting buildings catching fire, flooding). There isn't that much difference with e-voting, PROVIDING you take equivalent digital precautions.

      Here in Canberra, our voting machines run Linux, with GPLed e-v
    • There have been bugs that cause automatic medicine dosers in hospitals to give out too much medice and almost (or completely) kill a paitent.

      Can you back up this fact with a link to an article? Most medication errors are due human error, i.e., poor handwriting, which results in the misunderstanding of common medical abreviations, that results in a medication error.

      Most elctromechanical medication dispenser (morphine pumps/ IV infusion pumps) are built to rigorous standards, have failsafe checks, and have

    • In short, I don't trust e-voting. The only way I'd LIKE to see e-voting is that you choose your candidates on the computer, then it prints out a punched ballot (with names and all, so I can see it did things right) that I turn in, and THAT'S my ballot; the machine is nothing more than a ballot punching tool and holds no results of it's own. I should be able to do it all by hand if I want. This is the only way I'd like to see e-voting, and the description above is the only way that I'll accept it.

      You are

  • Eventually (Score:5, Interesting)

    by BooRadley ( 3956 ) on Monday December 29, 2003 @11:25PM (#7832586)
    The CEO of this company says he doesn't want to politicize the break-in. That's great. But to say they are going to eventually release the code to their app is not very useful to his cause, unless the code itself may be a source of embarrassment, and he's doing some sort of damage control.

    Someone probably rooted their linux mail server with a cracked account, and took the code for their app in the process.

    Anyone want to bet they are in violation of the GPL, and we might just see the code itself under posted to the net any day now?

    • Ummm, IIRC the CNN article mentioned that something similar happened at Diebold. Yes, damage control happens. (Shit happens...) How much does anyone here want to bet that the same individual/organization is responsible? I'm not normally *that* paranoid, but 2x the same type of event is more than coincidence in my book. Especially when it comes to the types interested in tipping national/global power. Comments, anyone?
      • Especially when it comes to the types interested in tipping national/global power. Comments, anyone?

        Electronic voting is one step closer to internet voting. Internet voting opens up a new category of voters. I'm sure someone out there has already calculated which direction these new voters will swing. College age people, for example, make up a huge portion of the population, tend to have liberal views, and tend to not vote. How many more would vote if they could do it over the internet? Similarly, th

  • Poll? What poll? Vote? What vote? (Score:4, Insightful)

    by shanen ( 462549 ) on Monday December 29, 2003 @11:30PM (#7832610) Homepage Journal
    The poll has apparently been closed already. Not sure what to make of that, but perhaps yet another political slant. At least CNN isn't as imbalanced as Faux News.

    Anyway, on the substantive issue of reliable voting, computer security is NOT a done deal. This networking stuff is great in many ways, but there's a big problem when everything is connected together. You hack into one part of the system, and you've exposed various other parts to attack. The old idea was to make a secure perimeter with firewalls and DMZs and so forth, and you could keep something safe inside, but that's called the "eggshell model" now--turns out to be relatively easy to breech and you still need strong security for EVERY machine with ANY sensitive information on it. Someone in the office took his notebook computer home for the weekend, and you can never tell what Trojan backdoor is inside your network now.

    Of course, the BIG threat here is abuse of power. No one needs to be protected from weakness, but powerful people often want MORE. Not an independent event--that greed is usually part of how they got there in the first place. Consider the recent example of Arnold in California and the selection in Florida in 2000...

    If our votes are to have ANY meaning, they must be protected, and it is very clear that some people will play ANY game that will win more power. Voting machines as secret slot machines? Would you trust Las Vegas THAT much?

    Simple. Print the ballots. Let the voters LOOK at what the ballot says, and save it. It's convenient that the machine can also report the results quickly--but NOT convenient that any computer can be hacked.

    • Oh the poll is there, but... oh this is great... it doesn't appear in some browsers. I went there with Opera 7.0 and got almost plain text. On a hunch though I told Opera to identify as MSIE 6.0 and *Wow* what a difference.

      Graphics, ads, and a poll. Amazing! That means the site has been deliberately designed to look bad in Opera. Possibly others too.

      Heh!

  • Salary data! (Score:4, Funny)

    by magarity ( 164372 ) on Monday December 29, 2003 @11:32PM (#7832624)
    the concern ... is about the possible release of salary and other HR data.

    Mobilize the national defence! The management salary figures have been compromised!
    What, vote tampering? So?

  • You know the vote was hacked .. (Score:3, Funny)

    by cfuse ( 657523 ) on Monday December 29, 2003 @11:39PM (#7832657)

    When Natalie Portman of the hot grits party is elected.

  • EFF.org petition for electronic voting standards (Score:5, Informative)

    by USAPatriot ( 730422 ) on Monday December 29, 2003 @11:43PM (#7832672) Homepage
    The EFF is organizing a petition to encourage IEEE to set trustworthy standards for electronic voting. Read about it and join the petition here:

    http://www.eff.org/Activism/E-voting/IEEE/ [eff.org]

    "EFF supports the IEEE in taking on the issue of setting standards for electronic voting machines. We also support the idea of modernizing our election processes using digital technology, as long as we maintain, or better yet, increase the trustworthiness of the election processes along the way. But this standard does not do this, and it must be reworked."

  • My Submission Was Better (Score:5, Funny)

    by tealover ( 187148 ) on Monday December 29, 2003 @11:44PM (#7832676)
    I questioned whether it was Alanis Morrisette-like irony or real irony that a company charged with securing internet voting had their servers hacked and also alluded to the possibility that the 2004 presidential election will make us all remiss for the stability of the 2000 elections.

    It was actually one of my better submissions. It was funny and yet pithy. It had pith. Real pith.

    ...

    But this submission is ok, I guess...

  • So what's new? (Score:5, Funny)

    by dejinshathe ( 736132 ) on Monday December 29, 2003 @11:45PM (#7832682) Journal
    From the little I hear about US elections (and let's face it that's gonna be all the cock-ups & bad press) I wasn't aware that people a) voted much, or b) had much faith that the votes were fairly counted and apportioned anyway...

    Then again, perhaps I need to find an alternative to Michael Moore as my sole window into US POlitics.

  • Am I missing something here? (Score:5, Interesting)

    by Maclir ( 33773 ) on Monday December 29, 2003 @11:47PM (#7832691) Journal
    Why the love affair with "technology assisted" voting? What is wrong with the good old paper "secret ballot" that is counted by hand. Canada can do it. Australia can do it (and actually invented the "secret ballot").

    No chance of dodgy software. No hanging chads. Automatic audit trail. Either number the candidates in your order of preference (automatic runoff style / preferential) or simple tick the person you prefer (or hate the least).

    • Probably (Score:4, Insightful)

      by anti-NAT ( 709310 ) on Tuesday December 30, 2003 @12:02AM (#7832750) Homepage

      The only valid reason I've heard of for e-voting is to purely speed up the counting of the votes, so that the result of the election can be known much quicker than via hand counting.

      Commonly people seem to assume that this means replacing paper votes, or rather, more specifically, replacing an auditable paper trail.

      So we have a additional-efficiency model verses a replacement model.

      For some reason, the model that has been adopted (and maybe encouraged by the "US" governement aka GWB) by these E-voting companies is the replacement one. Who knows why, although the conspiracy theorists would suggest Florida 200(? - I'm Australian, don't know exactly when the last US election was).

      Of course, as all slashdotters know, under the replacement, electronic only model, security and accountability are a lot harder to do. All these e-voting security stories, such as this one, are evidence of that.

    • Because someone who can't read or doesn't have arms will sue them under the national disability law. Now you can sue anyone for almost anything and win.

    • Because counting correctly is hard. Either you spend many weeks doing it, verifying with a number of independent counters, or you do it in one night, and you have a few percent errors. Like:

      Mr. Tallyman: 345, 346, 347, 348, ...
      Supervisor: Mr. Tallyman, what's your count?
      Mr. Tallyman: damn, where was I? Uhm, it was 384, yeah, that was it! 385, 386, 387, ...

      Seriously, there are a whole bunch of errors that could be made, verification is not so strong that fraud is very hard.

      As one of the Diebold mem

    • Australia can do it (and actually invented the "secret ballot").

      I think Athens beat you to the mark some thousands of years earlier ;-) (Which is not to say there were no secret ballots cast in Mesopotamia, I'm just more familiar with the black/white marble-in-a-vase system used in Ancient Greece).

  • How can we trust this company? (Score:5, Insightful)

    by sllim ( 95682 ) <{ten.knilhtrae} {ta} {ecnahca}> on Monday December 29, 2003 @11:48PM (#7832694)
    Securing HR data and salaries is basic, basic stuff. I would have some sympathy if Joe Schmoes Pizza barn had there salary and HR data compromised, after all they make pizzas, IT is way down the line for these people.

    But lets face it, if you want to manufacture eVoting technology then securing the network is a crucuial part of that technology.

    If THEY can't secure there own HR and payroll data then how am I supposed to trust them to handle evoting competently?

    • You might be surprised at the number of HR systems which are easily accessible and have no additional security beyond the trivial. It's an additional cost you see.

      As a systems and database admin I've had query and update access to employment records, salary information all the way up to the CEO in the HR databases at several companies, it's only my personal ethic which has stopped me looking. In fact, I was almost fired at one company after pointing out fairly forcefully that their HR system was insecure.

  • In four years... (Score:1, Funny)

    by Anonymous Coward
    ...they'll ask:

    "Hey, did you vote for Arnold this time?"

    "Yeah, man. Six times!"

  • This just in. (Score:5, Funny)

    by Stonent1 ( 594886 ) <stonentNO@SPAMstonent.pointclark.net> on Tuesday December 30, 2003 @12:07AM (#7832765) Journal
    The future of E-Voting to be decided by an E-Vote.

  • So, how is this worse than non-electronic voting? (Score:5, Interesting)

    by Justice8096 ( 673052 ) on Tuesday December 30, 2003 @12:15AM (#7832793)
    About fifteen years ago, when last I checked, there were many dead people voting in Philadelphia - however, it was found that roughly as many dead people voted Democrat as Republican, so neither party bothered to invalidate the vote.
    It is also only within the last few decades that states have inacted laws to keep campaigners away from voting booths where they could "help" people choose whom to vote for.
    Voting in the United States has long been wrought with fraud and inaccuracies, and as long as that fraud is equal on both sides, the system has worked.
    Now, if there were more than two viable parties, then it might be a problem. But since there aren't, I will consider my vote as secure electronically as it is non-electronically.

  • Why are businesses being trusted? (Score:3, Interesting)

    by rsilvergun ( 571051 ) on Tuesday December 30, 2003 @12:21AM (#7832810)
    Isn't it painfully obvious that any for profit company will be wide open to corruption when stakes this high are involved? Even in the absense of corruption the drive to keep costs down and profits up means tons of security gliches like this. After all, all too often by the time $hit hits the fan the boys in charge have already deployed their golden parachutes.

    Why does everyone assume a private business has to or should be involved anyways? I'm not saying kicking private interests out would solve all the problems, but it would certainly help.

    That said, until people stop voting based on what TV tells them to this is all moot. I know ardent supporters of George Bush who depend on government programs he's actively trying to eliminate. People don't vote rationally, and I don't see any reason why they're going to start.
    • Why does everyone assume a private business has to or should be involved anyways



      A private company seems good at first because the government would be tempted to meddle and preserve itself. It only takes 1x10-34 seconds however to realize that putting it in a private company will only move the problem to one degree away.

      Ultimately, the only safe solution is if the voters have the ability to scrap a given voting system if it fails them. For this, they must have access to all the relevent information an
  • is there any? e-voting aside, it'd be nice to know how it was done for the rest of us interested in securing our networks.

  • Real problem with iVoting. (Score:4, Interesting)

    by wirelessbuzzers ( 552513 ) on Tuesday December 30, 2003 @12:28AM (#7832836)
    The real problem with internet voting is not that people could hack it. That is an important concern (more that someone could hack voters' PCs, rather than the vote talliers), but it is not the most important. Vendor hacks/bugs could be circumvented by open source. Supervision wouldn't be much harder than it is with current voting systems.

    There are a couple more important concerns. One is social engineering... most people have no intuition for computers, and this opens up an avenue of attack much worse than the whole Florida butterfly ballot scandal. Second, the possibilities of coercion, blackmail, bribery etc go WAY up if you can watch someone, or grab server logs, or use a remote desktop, or the like.

  • Don't worry, be happy! (Score:5, Funny)

    by flacco ( 324089 ) on Tuesday December 30, 2003 @12:35AM (#7832859)
    I, for one, welcome our new President, Kevin Mitnick.

  • My take on this: unconvincing -- and listen up.. (Score:5, Interesting)

    by BevHarris ( 700957 ) on Tuesday December 30, 2003 @12:37AM (#7832873)
    Obviously, that a company which specializes in encryption gets hacked is rather idiotic. If that's true, they need to step out of the arena for good, because the product they were offering was encryption to "protect" our votes.

    Now, what many of you might not know is that the VoteHere source code has been used in entrapment attempts. Specifically, with me, and I documented the entrapment effort at the time. Pure retaliatory crap designed to find a way to get activists to shut up.

    Next, it is not surprising they will try to link it to the Diebold files. But that's bullshit, too, and here's why:

    The FTP site wasn't hacked, it was sitting there. Look in any user manual and you'll see the address.

    The memos weren't hacked either, they were obtained with an employee ID number.

    Now, are you ready for this? I've had dealings with both the Diebold memo leaker and this supposed "VoteHere" hacker. The second person is NOT the same as the first, and I find it extremely interesting that VoteHere is trying to claim it's the same person. I am dead-certain it's not.

    This "VoteHere" hacker tried to dump the VoteHere source code on me; it was simply dumb; first of all, VoteHere was supposed to be going public with its source code, so who in their right mind would want to steal it. I certainly didn't want to touch it.

    Then this "VoteHere" hacker agreed to a telephone interview with me. He made some claims about who he was, but was unaware that I had additional information from inside sources that would allow me to test the veracity of his claims. The first question I asked was a test question; he put me on "hold" and then came back and offered a lame-ass guess which immediately caused him to fail the ID contest.

    I believe this is going to turn into an entrapment scheme. Some activist somewhere is going to get nailed, probably that's already in the works. That's because they were running around offering this honey pot and, unfortunately, some naive activist probably bit on it.

    By the way, I asked the supposed "hacker" point blank how hard it was to hack into a company that specializes in encryption. Every time I asked a tough question, he had to put me on hold and go ask someone what to say. His answer was totally unconvincing.

    The voice on the phone was quite distinctive, and matches another voice I've heard on the phone. I will be only too delighted to share what I know with the authorities. Just hope I get an honest cop.

    The timing on this is very interesting. The chairman of VoteHere, Ralph Munro, is former Washington State Secretary of State and a few things are starting to pop in relation to the use of unauthorized voting software under his watch, and an ethics complaint that's being filed, or has been filed.

    I'll be on the Mike Webb Show at 11 p.m. tonight (Pacific time) and will discuss this at more length.

    Bev Harris
    Black Box Voting

    • Bev Harris is one of the leading activists on this issue, and has written extensively on it in various forums. I don't think she's technically that strong, and I was quite surprised to see her name here on SlashDot, but she knows a lot on this issue. Didn't know to include a link to her well-known Web site. I think this is the correct URL: http://www.blackboxvoting.com/

      Someone should mod her comments up even higher.

    • neato post, i guess.

      we get that you have secret special info and that you will be presenting said info on secret special info talk show, however, would you mind too terribly much detailing the same here?

      this entire blathering post smells like that guy on the bus who is kind enough to explain how stephen king murdered john lennon.

  • Hold would-be vendors feet to the fire. (Score:4, Interesting)

    by abulafia ( 7826 ) on Tuesday December 30, 2003 @12:40AM (#7832885)
    A simple method, when sourcing products that are difficult to verify, is to demand a contract that is extremely punitive in the event of failure. This works well when combined with random auditing.

    So, in this case, if for some (non-apparent, to me, at least) reason we really, really need paperless voting, the proper framework would look (as an extremely naive first pass) like this -

    Potential vendors are made aware that some unknown number of elections, districts, machines, and people would be audited via unknown means.

    Potential vendors would be forced to put up a large bond that would be forfeit if a flaw was found that compromised the voting record. (Yes, I mean the whole record - these are infallible counting machines, right? Operator error would be a contractual issue to hash out.)

    Any dispute between government purchasers and vendors would be decided via arbitration in full and complete view of the public which is employing the machines, no exceptions.

    Anyone who wished to vend would be welcome to.

    I will bet you there will be takers. I know I'd be excited to at least have a shot at this.

  • The reliability of internet polls? Ha! (Score:4, Interesting)

    by geoswan ( 316494 ) on Tuesday December 30, 2003 @12:45AM (#7832901) Journal
    This is laughable.

    If you think internet voting is unreliable, you really shouldn't trust internet polling. There is no authentication to make sure the poll isn't being spoofed.

    Some years ago the provincial government here in Ontario decided to force the six municipalities that made up Metropolitan Toronto to amalgamate. The municipalities decided to hold a referendum. An widely publicized internet poll was conducted predicting that the public would vote strongly in favour of amalgamation. When the referendum was held, the public voted 4 to 1 against amalgamation.

    I can't remember exactly how wildly off the poll favoured amalgamation. I think it was something like 2:1. So, the poll was off by a factor of 8. Wildly off.

    • Some years ago the provincial government here in Ontario decided to force the six municipalities that made up Metropolitan Toronto to amalgamate. The municipalities decided to hold a referendum. An widely publicized internet poll was conducted predicting that the public would vote strongly in favour of amalgamation. When the referendum was held, the public voted 4 to 1 against amalgamation.

      I can't remember exactly how wildly off the poll favoured amalgamation. I think it was something like 2:1. So, the

  • Honestly (Score:4, Interesting)

    by iamdrscience ( 541136 ) on Tuesday December 30, 2003 @01:12AM (#7832993) Homepage
    Honestly, as much as I'm concerned by this and "e-voting" in general, I'm really glad that they're willing to say that they were broken into. Furthermore, it's good that they were planning on disclosing the source code, even if they never really put forth a definite date.

    E-voting has a lot of problems and the way it's being executed has just as many, but this is definitely a step in the right direction when compared to the problems of Diebold.

  • A Good Use For The Internet (Score:4, Insightful)

    by Dark Bard ( 627623 ) on Tuesday December 30, 2003 @01:26AM (#7833038)
    Where the internet would be useful is in making registration and obtaining absentee ballets easier. I work a lot of hours, as do most of us, and find registration a pain. It's rediculous to have to register months before an election. I was buried in work and found out late at night it was the last day to register for the last Presidential election. If we could register on-line and obtain ballets it would definately make things more accessable. Verifying identification is an issue but most aren't checked for ID as it is and none of those are verified. As far as electronic voting, I'm against National ID cards but most of us have drivers licenses with magnetic strips. An ATM system that uses those as verification could improve security. The system would only use the drivers license to access an electronic form. It would record that the individual voted but not which form was used. Any system can be hacked. The only way to largely avoid that is to network the voting machines at each location by firewire. An electronic count could be sent but would have to be verified by a verbal number given over the phone by some one at the polling location. A print out of totals could act as a third verification. It doesn't prevent tampering before the fact though. One possible way to avoid pretampering would be to have name order assigned on the day with more than one person required as in nuclear sites. Any pretampering would not know which name was being represented by any given code number. No system is foolproof but there is a fair amount of tampering already. Can you say Florida?
    • An ATM system that uses those as verification could improve security.

      Magnetic stripes are easily read, magnetized and remagnetized. This does indeed happen with credit cards, less often with ATM cards (since the person would have to have the PIN to pull it off, hence fake bank machines being setup to capture both stripe and PIN) and it does happen with licenses (someone under 21 goes to a bar with a magnetic card reader...often they don't check age on the card, they only care what the reader says.)
    • Motor-voter registration (renewing your driver's license automatically registers you to vote) came into effect nation-wide years ago. And in many states, all you have to do, if you find that it's election day and you haven't registered, is show up at the polling place with ID and sign an affirmation that you are a legal voter in that election district.

      How much easier does it need to get?

      Sean
  • Seriously, folks; trusting an internet vote to determine new leaders for the world's most powerful nation?

    27% Yes

    40% Not now, but maybe soon

    Fucking idiots. That's about all I can really say in response to this. I'm just too disgusted for words.

  • In the Netherlands we have electronic voting and I trust it as much as I would a paper ballot and an internet FORM. As soon as it's out of my hands I can't be sure it's not being tampered with.
    A funny thing here is that you can't anonymously make the Brewsters Millions [movietome.com] choice: NONE OF THE ABOVE! For that you have to walk up and publicly say you want to be taken to the vote counter to register your empty vote, you get to see the number of votes cast go up by your one.

    You really see you actually voted, in a

  • Politically motivated? (Score:4, Insightful)

    by fname ( 199759 ) on Tuesday December 30, 2003 @02:07AM (#7833246) Journal
    Boy, these guys have a lot of nerve. The guy at VoteHere claims that the break in might be politically motivated. ("We feel that it may have been politically motivated,"Adler said.) But when asked to elaborate, he defers and says he doesn't want to politicize the situation. ( "I don't want to necessarily politicize this," he said. "This is just a crime.")

    Waaa??

    So he impugns activists pointing out flaws in his system, then claims to be taking the moral high ground. And the cowardly reporters don't even question him about this blatant double-talk. Shame on VoteHere. Shame on MSNBC. Shame all around. When people lie, they need to be called to the mat for it.

  • If you saw current poll methods... (Score:4, Informative)

    by MoggyMania ( 688839 ) on Tuesday December 30, 2003 @02:29AM (#7833325) Homepage Journal
    As somebody that worked as an Inspector for my area (that is, the person present and in-charge of a voting site) back in 2002, let me tell you: if more people volunteered and got to see what a chaotic mess ballot-handling is *now* most of them would be all for computers.

    The Inspector position requires a grand total of *two hours* of training, during which we sit watching a few lectures and quick run-throughs. That includes everything from what time you show up, how to set up booths, all the way down to tallying votes after the poll closes and where to bring the materials afterwards. Officials working with an Inspector can show up for training but don't have to. This means that at any one polling place, you might have *one* person that *might* know WTF is going on and *might* be there.

    My location alone had problems with volunteers not paying attention, marking things wrong -- we at one point were HUNDREDS of votes off in the tally because of one person screwing around -- misplacing things...people showing up and trying (almost successfully) to intimidate pollworkers into letting them vote twice or without an ID...there's no doubt in my mind that half my team could have easily been bribed for very little money, as they were only there to supplement their income.

    Overall, the day was a real eye-opener for me. The assumption that having it all done by hand means it's being controlled by professionals, or that public "paid volunteers" are automatically going to be more trustworthy than a trained force is from what I saw simply inaccurate...anybody certain that it's a great setup needs to spend a day volunteering as Inspector to find out what things are *really* like before assuming computers are inherently less reliable, believe me!
    • So shouldn't we try to fix the system we have in place already? The biggest problem with electronic voting is that if you can alter one vote, you can alter lots of votes. When it's done by hand this isn't the case. Having competent poll workers and changing the system to one in which the ballots would be counted in public instead of carted off to a courthouse would result in a much more secure system.

      I'm not trying to say e-voting shouldn't be done at all, but if there is no paper trail, then the potentia

  • Stark difference... (Score:3, Interesting)

    by ca1v1n ( 135902 ) <snook.guanotronic@com> on Tuesday December 30, 2003 @03:27AM (#7833471)
    When Diebold got their source stolen, it was a big deal. Why? Because it's shitty software whose correct operation is impossibly to verify. VoteHere, on the other hand, isn't worried about the leak of their source code, because even if someone found an exploit in it, everyone would know right away, because their system is designed to expose fraud, rather than conceal it.

    Of course, security problems at electronic voting companies are always an ominous sign, but at least VoteHere had the forethought to realize that security is bound to be breached somewhere in the chain from development to election, and designed a system that's armored against it.

  • 63% of Slashdotters chuckled at the Article without even reading it while 12% of Slashdotters (hardcore geeks) called it a travesty of justice and vowed to take MS' offer of tracking hackers for fun and profit. 10% of Slashdotters (black hatters) were searching for new exploits and the methods the original black hatters used while 8% of Slashdot trollers posted Goatsecx, Nigga, FP's, and similar posts. 5% of anonymous posters were part of the previous 2% of Slashdotters. And finally 2% of Slashdotters didn'
  • I also believe that E-voting is not ready for the mainstream. However, I was wondering does anyone know for certain the environment they were using. I doubt it was MS because if that was the case, then it would be mentioned in the articles. However, the OS is not mentioned in any of the articles regarding this.
  • and do something about it. Are there any open-source voting initiatives out there that are getting critical mass? A quick search on SourceForge and Google didn't turn up anything that's far along - do /. readers know of anything that I overlooked?
  • Many of the posters are making the same mistake. They are accepting the false notion that electronic voting systems solves more problems than they creates. In the 2000 US Presidential election I actually used a touch screen. I liked it, I thought it was cool. A bunch of names appeared with boxes, I touched one box, all the others disappeared, I thought good feedback and pressed the next button. I left my polling place on a nerd high. In the following days my opinion completely changed. What if my county had
  • That poll doesn't seem to have been affected much by the hordes of /.ers voting no:

    Would you trust your vote to the Internet? * 27808 responses
    Yes.
    25%
    Not today, but maybe soon.
    40%
    Never.
    32%
    None of the above.
    3%

    There is a rise of 1% for the no's from 6 hours ago
  • There's nothing wrong with e-voting; I would gladly cast my vote online. Using the normal techniques of secure computing (HTTP-S, encryption, etc) once you get over the issue of being able to identify unique individuals online I see no reason why they can't cast their votes online. There is no reason why it shouldn't be more secure (apart from being cheaper to operate)

Slashdot Top Deals

"Protozoa are small, and bacteria are small, but viruses are smaller than the both put together."

Close