Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
United States Operating Systems Software Windows Your Rights Online

Online Voting In 2004 To Require Windows 811

letxa2000 writes "According to this article at CBS, a trial Internet voting system will be made available to 100,000 voters in 2004--particularly military and overseas U.S. citizens. As an American living overseas I think this is a step in the right direction. But the article also says 'Voters using SERVE can register to vote and cast their ballots from any computer using Microsoft Windows with Internet access.' Why the Windows requirement? Is that really going to make online voting secure?"
This discussion has been archived. No new comments can be posted.

Online Voting In 2004 To Require Windows

Comments Filter:
  • Excellent! (Score:5, Funny)

    by Scoria ( 264473 ) <slashmail AT initialized DOT org> on Sunday July 13, 2003 @06:22PM (#6430381) Homepage
    UPDATE candidates SET votes="0" WHERE name="Your Opposing Candidate";
    • Re:Excellent! (Score:3, Informative)

      by glenebob ( 414078 )
      > UPDATE candidates SET votes="0"
      > WHERE name="Your Opposing Candidate";

      ERROR: Attribute "0" not found

      Better check your SQL before going into voter fraud.
      • Re:Excellent! (Score:5, Informative)

        by EverDense ( 575518 ) on Sunday July 13, 2003 @07:03PM (#6430639) Homepage
        > UPDATE candidates SET votes="0"
        > WHERE name="Your Opposing Candidate";

        ERROR: Attribute "0" not found

        Better check your SQL before going into voter fraud.


        Perfectly valid Microsoft Access SQL.
        Surely the new system will be run on Access?
        • Re:Excellent! (Score:3, Insightful)

          by neverkevin ( 601884 )
          It is only valid Microsoft Access SQL, or any variant of SQL that I have used, only if votes is defined as a string. Since the number of votes is a number, I'll assume votes is some type of Int, so you will probably get an error.
      • Re:Excellent! (Score:5, Interesting)

        by Jeremiah Cornelius ( 137 ) on Sunday July 13, 2003 @07:05PM (#6430652) Homepage Journal
        Online voting is being incouraged in the US because of its susceptibility to fraud, not its resistance. Check out Black Box Voting: [blackboxvoting.com] Ballot-tampering in the 21st Century. These people are not Luddites. The bulk of the serious critcism here is coming from people who know the most about the technologies employed - therefore the most qualified to scrutinize, and least-likely to be baffled by obtuse claims and jargon.

        Also look at This story [scoop.co.nz] and the related pages at The Scoop. The most widely deployed system in the US is based on MS Access (!?!), with NO controls for cryptographic storage, trasport, data integrity and/or non-repudiation.

        Baaaa, Baaaa! Computers Better! Paper Worse! It's mere superstition by the Sheep-people.

        • That's not true (Score:5, Insightful)

          by autopr0n ( 534291 ) on Sunday July 13, 2003 @07:09PM (#6430684) Homepage Journal
          The reason they are going to electronic voting is to save money. What would be the point in making things secure if you miss out on the whole 'cheap' thing in the process?
          • by op51n ( 544058 ) on Sunday July 13, 2003 @09:59PM (#6431482)
            The Windows requirements is to put a stop to those damn Commies voting.
        • Online voting is being incouraged

          Maybe so, but it is being encouraged because of cost, as aut0pron states above.
        • by Jardine ( 398197 ) on Sunday July 13, 2003 @08:28PM (#6431081) Homepage
          What the hell is with the current american voting machines? Why is a machine with buttons or levers and a hole punch needed? The ballots where I live are nice and straightforward. They look a bit like this:

          O Candidate 1 Party Name
          O Candidate 2 Party Name
          O Candidate 3 Party Name
          O Candidate 4 Party Name
          O Candidate 5 Party Name

          To make your vote count, you must perform the extrememly complicated task of marking the circle next to their name. Large signs demonstrate the preferred "X" in the circle method, but apparently a checkmark is also fine. Pencils are provided. The ballots are put in a box by the voter and are counted by hand when the polls close. I hope this system stays the same.
        • I read that story earlier, and it's pretty bogus. Essentially the authors complain that a person with root access (or Windows equivalent thereof) on the database machine can do anything. Well that's obvious. Among other things, the authors complain that you can add admin accounts to the system by inserting rows into a table. So? This is true for every db-based app I've worked on. The key is that only authorized users should have access to that table in the first place.

          I'm not saying the electronic vo
          • by Jeremiah Cornelius ( 137 ) on Monday July 14, 2003 @02:59AM (#6432514) Homepage Journal
            Any effectively secure database would be secured from the root operator. This si required by the DoD - the problems here have been worked out long ago. The machine itself should have Mandatory Access Controls, and the DB should implement cryptographic methods for transactional non-repudiation - with security principals independent of the underlying OS authentication.

            The whole key infrastructure for this should be FIPS-140 compliant for hardware-based key modules, and require the coordinated actions of two or more actors in managing/engaging keys. There should be strict operational guidelines for the separation of roles in the management, deployment and retreival of these devices, and a separate role with an auditory function. The Auditory role needs a key that can reveal and validate any information on the system, yet create or modify nothing.

            These controls are the only justifyable reason to implement 'electronic voting'. Cost? Give me a break! If free and fair voting is not worth paying premium prices for, what is? Do we have to pinch pennies for the land mines we drop on Afghan soil?

            Without attempting to reach this benchmark, electronic voting is a fraud. It is a humbug of technophillic superstition used by sellers of snake-oil to dazzle the onlooker, while trusty assistant rob the crowd.

        • Re:Excellent! (Score:3, Insightful)

          by RevSmiley ( 226151 )
          Fair and easy election systems use paper ballots.
          Electronic and machine voting are incitement to commit fraud in my opinion.
    • by marienf ( 140573 ) * on Sunday July 13, 2003 @07:48PM (#6430874)
      Apparently, there is a scientifically sound way of doing e-voting, although it would require someone much better versed in math than I, to confirm this. I once heard Vince Rijmen (of AES "Rijndael" fame) describe ways to ensure some essential, and apparently contradictory, guarantees in e-voting (it was in an EU country, so pls forgive the EU-centricity - I have a history, you insensitive clod.. :-) ):

      Authentication: Assuring that one votes oneself, that one's vote is not falsified, and that one has voted, at all. (some EU countries have mandatory voting)

      Anonimity: Assuring that it is impossible for a third party to determine who I've voted for.

      Correctability: assuring that I can modify my vote for a certain period after it has been cast (because there is no oversight in voting at home, I could have been coerced to vote a certain way, e.g. by someone coming into my home and holding a gun against my head, and should be able to correct this).

      Vince described how he and his fellows at Cryptomathic [cryptomathic.com] found ways to project some basic mathematical techniques onto PKI, to ensure all of the above, and therefore allow for mathematically provable e-voting. Essentially making the voting process much more certain and transparant than was ever possible using conventional techniques.

      I was solemnly impressed. It sounded too good to be true. I sincerely hope some of you mathematically unchallenged /.ers will draw Vince into an online discussion about this, so we can all find out whether he really has this magical solution, or he was just advertising his new company. Make it an "Ask /.", for example.
      • by Phroggy ( 441 ) *
        Correctability: assuring that I can modify my vote for a certain period after it has been cast (because there is no oversight in voting at home, I could have been coerced to vote a certain way, e.g. by someone coming into my home and holding a gun against my head, and should be able to correct this).

        Someone could come into your home, hold a gun to your head, and make you correct your previous vote too.
  • one reson why (Score:5, Insightful)

    by mpost4 ( 115369 ) * on Sunday July 13, 2003 @06:22PM (#6430383) Homepage Journal
    The reason just windows is because that as much as we hate it, we are in the minority of computer uses, they are not going to Bata test a new technology on a system that only a maximum of 5% of computer users will have (and yes I am being overly optimistic here) if this works for them the next platform will be Mac. Linux may never get it, unless more people use Linux, and I doubt that they would want to open up the code to the voting system that could create a large number of people trying to skew the results so that the results are not accurate.

    ""I think Internet voting is a good idea for this population if you can assure security, but I'm not confident that they can do that," said John Dunbar, a project manager at the Center for Public Integrity" -- this statement is what will not alone them to open up the source code, people will be just to afraid that people will mess with the results of the system.

    They are already afraid that this could open up security problems for the results "Other computer security experts call the project an open invitation to election tampering."

    I don't know if this will make voting secure, in fact I think it will open it up to attackers, but how are we going to convince the government of this, write to you legislator, and senator, I am sure there are some proactive Slashdot readers that know more about this issue that could try to enlighten the ruling parties. I don't know what the answer is, but at lest they are looking at moving the process forward.
    • by Scoria ( 264473 ) <slashmail AT initialized DOT org> on Sunday July 13, 2003 @06:26PM (#6430404) Homepage
      I am sure there are some proactive Slashdot readers that know more about this issue that could try to enlighten the ruling parties

      For instance:

      l00k mr. 53n470r,

      u b3773r 5upp0rt *n1x 0r 1ll h4x0r ur b0x3n and r3pl4c3 ur w3bs173 w17h g0ats3!!!!!!! h4w!

      51nc3r31y,

      c0nc3rn3d c1t1z3n H4X0R
      • by CoolVibe ( 11466 ) on Sunday July 13, 2003 @09:14PM (#6431269) Journal
        Hmm, I'm more concerned with the fact that I could actually read that without blinking...

        I need more vodka...

      • Might get the guy's attention without the usual required campaign contribution if the l337 h4xx0r actually followed through.

        Of course, the sites I expect to get hacked are any that Armed Forces personnel actually use for voting.

        If they are very, very, lucky, the only black hat work will be done by outside site defacers, not the insiders I expect to have pre-hacked the boxes.

        I can't tell from the google results so far if the Federal Voting Assistance Program uses ESS/Diebold/Global or not.

    • Re:one reson why (Score:5, Insightful)

      by Anonymous Coward on Sunday July 13, 2003 @06:30PM (#6430428)
      How about an implementation that doesn't tie you down to any single platform? What if someone wants to vote with Win95, or a beta of Longhorn (I guess even warez doodz might vote) and it's "not supported"?

      I think they should try to concentrate on creating a solid, platform independent system. There's absolutely no valid reason it couldn't be.

      For the record, I think at this current point in time, electronic voting is a bad idea.
    • Re:one reson why (Score:5, Insightful)

      by Realistic_Dragon ( 655151 ) on Sunday July 13, 2003 @06:31PM (#6430439) Homepage
      this statement is what will not alone them to open up the source code, people will be just to afraid that people will mess with the results of the system.

      Security through obsurity is worthless - you can always assume that the bad guys will always find the hole in the system, and on the down side you have just made it horribly difficult (and probably illegal) for the good guys to find the problems first and tell you how to fix them.
      • Re:one reson why (Score:3, Interesting)

        by mpost4 ( 115369 ) *
        Security through obsurity is worthless

        You and I know that, but what about the lawmakers, do they know and/or understand that. How are you going to get them to understand that? We are not dealing with computer people here we are dealing with people who for the best part knows how to use Word, and the worse don't even know how to turn on a computer.
      • Re:one reson why (Score:5, Insightful)

        by harlows_monkeys ( 106428 ) on Sunday July 13, 2003 @06:43PM (#6430511) Homepage
        Security through obsurity is worthless

        Everyone says this, but not one understands what it means.

        What it means is that obscurity is not sufficient for security. It does not mean that obscurity is not helpful as part of an overall security system.

        • by Goonie ( 8651 ) * <robert,merkel&benambra,org> on Sunday July 13, 2003 @07:13PM (#6430712) Homepage
          Obscurity is almost *never* helpful in designing a secure system, because any system that relies on keeping the details of its workings secret is going to be vulnerable to anybody that *does* learn those workings. Just as importantly, if the system is open to public scrutiny, it can be checked for flaws, whereas if it is kept secret security holes that were missed by the developers can be left wide open.
          • This assumes that the 'good guys' will discover the holes before the 'bad guys' do.
            • "This assumes that the 'good guys' will discover the holes before the 'bad guys' do."

              That's what beta releases and pilot runs are for. Open the code to scrutiny before it is used for anything that matters, so that whatever the bad guys find won't cause harm, and whatever the good guys find can be fixed before the production release.

              There is still an assumption though -- that the good guys will find all that the bad guys found (who finds it first doesn't matter, as long as it is found before the live rel
          • There's a cost-benefit curve there. If you keep it secret from everyone, that's bad. If you keep it secret only from those who might attack it, and no one else, that's good. For each given scenario there's a point somewhere in between that's best. Unfortunately, it's almos never possible to tell who'll be attacking it, and the costs of not getting peer review are higher than the benefits of making your enemies attack it blind, for basically secure systems. But recall that replicating the Purple cipher
          • The basic technologies behind security certainly shouldn't be secure. But some obscurity, like blocking people from figuring out what sort of server software you are running(or fooling them into thinking its something else) is certainly a good idea.

            If someone is trying to crack a linux box running Apache they think is a windows box running IIS, they won't get very far. At the least, they will waste time figuring out what you are really running, thats time you can detect the intrusion in and gather inform
        • Re:one reson why (Score:3, Informative)

          by zCyl ( 14362 )
          What it means is that obscurity is not sufficient for security. It does not mean that obscurity is not helpful as part of an overall security system.

          Precisely. If obscurity were not beneficial as part of security, then root passwords would be publicly available. If the login name for root were an unknown random alphanumeric string like the password, this would increase security. And if every command you ran as root required you to enter a different password, this would increase security again. If a sy
          • Re:one reson why (Score:4, Informative)

            by vadim_t ( 324782 ) on Sunday July 13, 2003 @07:51PM (#6430890) Homepage
            Hidden passwords are not obscurity. They're just unknown data.

            On Linux, the source code of login(1) and su(1) is known, the algorhitm used to encode the password in /etc/passwd or /etc/shadow is known, the format of those files is explained in a man page, and you even have mkpasswd(1) to encode passwords in the same was as in /etc/passwd. And still, I bet you can't get a password without using a bug or brute force.

            Even word readable /etc/passwd with passwords in it is quite secure if users use good passwords. Unfortunately that doesn't happen often.
          • by eniu!uine ( 317250 ) on Sunday July 13, 2003 @09:05PM (#6431233)
            Quote:
            What it means is that obscurity is not sufficient for security. It does not mean that obscurity is not helpful as part of an overall security system.

            Precisely. If obscurity were not beneficial as part of security, then root passwords would be publicly available.
            End quote.

            What you are talking about is giving away keys. What you should be talking about is opening up algorithms and protocols, since that is what would actually be opened. The relevant facts are that the product will be reverse engineered anyway, so vulnerabilities will be exploited, but if the code is open then they will be found faster and corrected faster. If you cannot stop exploits when your code is open, then you couldn't stop them when it is closed either. This follows a well known trend in encryption technology where algorithms are subjected to testing by as many people as possible to determine their security.

          • Re:one reson why (Score:4, Insightful)

            by shis-ka-bob ( 595298 ) on Sunday July 13, 2003 @09:17PM (#6431289)
            This is not what is meant by security through obscurity - a password is not obscure. A password is secret. Being secret and being secure are very different. Both imply that information is rare. However, the mechanisms are completely different. A secret is actively protected. An obscure fact may be poorly publicized or simething so mundane that few people bother to learn it.

            Security thought obsurity means 'hiding' a web server on port 3211 and using ports 4432 and 4332 for SNMP. Or making up an entirely new protocol to duplicate an existing protocol. The problem with this is that you may feel secure, because you have done something that will at least slow down an attacker. If you combined 'secuirty though obscurity' with an active means of detecting intruders, you are getting somewhere. If you know that you are being hacked, security through obsurity will gain you some time to react. But if you are one of the vast majority of admins that doesn't actively monitor log files, this advantage is lost.

        • Re:one reson why (Score:3, Insightful)

          by iabervon ( 1971 )
          Actually, security through obscurity is the only kind of security there is. However, anything you send to every American anywhere, over possibly insecure overseas networks, is not, by definition, obscure. Things which are obscure are my private keys, my passwords, and software I have deployed only on trusted machines with restricted access to the files containing the software. Windows, and widely distributed Windows software, is merely confusing.
        • by jelle ( 14827 ) on Sunday July 13, 2003 @08:05PM (#6430948) Homepage
          Security through obscurity is like hiding a key under the doormat. You think you're o.k. because the key is hidden, and you don't see the key yourself when you go out and wander around your door. Plus so many people do it (you assume) and you never hear them talk about break-ins.

          But reality is that the mat will really stop nobody who wants to enter your house from getting the key. The only people your key-hiding will stop is people who didn't want to enter in the first place anyway, the other people will for sure check under the mat, flowerpot, etc...

          Security through obscurity gives a false sense of security, making the implementer lax. That is one of the many reasons why obscurity is actually counterproductive for security. In practice obscurity has already has lead to many, many security failures.

          That is what is means. Translation: if you have 'security through obscurity', the best you can do is assume your worst enemies already know all the details and the worst you can do is assume that it will help you in anything at all.

          Obscurity does not help towards security. Obscurity is just what it is, obscurity, but a searchlight will make it vanish completely.

          Use real security.

    • Re:one reson why (Score:5, Insightful)

      by PeeCee ( 678651 ) on Sunday July 13, 2003 @06:32PM (#6430444)
      The reason just windows is because that as much as we hate it, we are in the minority of computer uses, they are not going to Bata test a new technology on a system that only a maximum of 5% of computer users will have

      Well, why use exclusively Windows/Linux/*insert-your-OS* ? Why not use a more open solution (say, a system with a secure web interface) that does not depend on the OS? It hardly seems fair that people should need to depend on any product whatsoever to vote.

      I doubt that they would want to open up the code to the voting system that could create a large number of people trying to skew the results so that the results are not accurate

      So should we prefer security by obscurity then? Wouldn't it be better to use an open, provably secure system that everyone can scrutinize so people can be sure stuff is being done the right way instead of just hoping nobody's discovered a hole? Of course I realize this would require some serious testing to make sure all the bugs were ironed out, but after a while I think it would make people much more confident to know how it was working behind the scenes. Look at it this way: would you rather go vote by pressing buttons on a black box the government has set up which they claim works the right way, or do you prefer knowing how the system actually works (how ballots are collected, carried, counted, etc) and feel safer?

    • Re:one reson why (Score:3, Insightful)

      by dubiousmike ( 558126 )
      Now I realize that electronic voting could open some potential door for widespread cheating. But its not like our normal voting process makes sure that your vote reflects what you really want.

      I know of friends who voted FOR friends before.

      I don't trust some greasy dude to count my vote right (in cases where there is hand counting).

      Regardless, there will always be errors in voting whether it be dangling chads or that my grandmum hits submit twice.
    • Re:one reson why (Score:3, Insightful)

      by MtViewGuy ( 197597 )
      I think people forget that Windows clients can be pretty secure if they apply all the current security patches for the operating system.

      I right now run Windows 2000 Professional with Service Pack 4 installed plus the current version of ZoneAlarm running; unless you're a cracker with extremely intimate knowledge of the OS kernel itself, it'll be very hard to hack into my system. Indeed, Tech TV actually showed on TV that once you apply all current security patches for Windows 98/98SE, Me, 2000 and XP, plus
      • Re:one reson why (Score:5, Insightful)

        by feed_me_cereal ( 452042 ) * on Sunday July 13, 2003 @06:54PM (#6430569)
        You know, that's all fine and dandy for you, but you're in the minority. Most people don't use windows update. Now consider a worm that looks for the voting software and replaces it with a hacked version of the software that silently votes for candidate x without you ever noticing. You'll be safe, but you can't depend on the majority of windows users to be.
      • Re:one reson why (Score:3, Insightful)

        by b17bmbr ( 608864 )
        very few personal boxen get hacked, cracked, etc, from the outside. it is the servers they are after, and then, their not going to hack into someone's little web or battlenet server, because
        1. it's a no reward hack
        2. it's no challenge

        now, they will hack a business site or a high traffic site. most problems, like the recent kiddieporn bot are trojans. which is where a ton of windows insecurities, even your precious win2k, come from. then of course there are the server problems, of which daily /. lore is m

    • Re:one reson why (Score:5, Interesting)

      by dracocat ( 554744 ) on Sunday July 13, 2003 @06:40PM (#6430486)
      eh? Or they could just use standard html and not I.E. specific HTML, and then you wouldn't need to do any porting to any other operating systems at all!

      Relying on i.e. specific java scripting or whatever they are doing that is i.e. specific is just asking for trouble--and not because it locks our small minority out of it.
      The fact that they are using ANY sort of client side java-script, let alone i.e. specific java script for checking values or what not for a voting system is not a good idea. What if they are using i.e. and have java-script disabled, or whatever.

      Bottom line, is it should be standard HTML, not just so everyone can use it, but so that it is more robust!!
      • Right on. (Score:5, Funny)

        by twitter ( 104583 ) on Sunday July 13, 2003 @07:03PM (#6430643) Homepage Journal
        Why only serve 90% when you could serve 100%?. 90% compatibility is obsurdly optomistic figure for Microsoft specific stuff anyway because Microsoft makes changes between their OS releases that force the upgrade train. Be sure that electronic voting in 2004 wont work on Windows 2000, NT or 9x. They will be lucky to get half of windoze users. If they would just make a standards complient site, anyone could use it.

        As for security, hmph. It's hard to think of a computer company with a worse record. I imagine someone will make a "I vote you" virus that votes early and often for everyone.

        • Re:Right on. (Score:3, Insightful)

          by Phroggy ( 441 ) *
          90% compatibility is obsurdly optomistic figure for Microsoft specific stuff anyway because Microsoft makes changes between their OS releases that force the upgrade train. Be sure that electronic voting in 2004 wont work on Windows 2000, NT or 9x.

          Ah, but the same version (sort of) of Internet Explorer runs across all these versions of Windows. They can require IE 6 or above, and anyone with an older version of IE can upgrade. To get it to work on any other platform, though, would require supporting a c
    • Re:one reson why (Score:3, Informative)

      by neverkevin ( 601884 )
      they are not going to Bata test a new technology on a system

      I would hope this isn't a Beta test but more of a pilot program. 100,000 votes can make a big difference, see Flordia 2000. There should not be anything Beta in an actual election.

      Unless they are going to require a specific Windows plugin or program, there is no reason that this wouldn't work on any platform. If this is going to be on the web, I have done Web work for the government and they are very picky about accessability (people with disabi
    • Re:one reson why (Score:3, Insightful)

      by chundo ( 587998 )
      I submitted a more detailed analysis of this system a while ago. Apparently, here's how it works.
      1. On registration, you're issued a client certificate.
      2. When you come back to vote, SERVE authenticates you based on your client certificate.

      So, the question is - why do they feel the need to focus on Windows/IE? Any modern OS and browser combination that supports strong encryption and client certificates (and I can't think of one that doesn't) should be capable of securely using SERVE.

      While this system

      • Re:one reson why (Score:5, Insightful)

        by weave ( 48069 ) on Sunday July 13, 2003 @07:04PM (#6430645) Journal
        Nice, so I can just sell my vote (my client certificate) to someone. Just like the good ole days of the early 20th century.

        The entire point of the secret ballot is so people can't tell how you vote so someone attempting to buy your vote can't confirm whether you voted as they wanted. The point of needing identification at the polling place is so someone can't vote on your behalf. Both big sources of voter fraud are covered. This system removes both controls. Wonderful.

    • Re:one reson why (Score:5, Insightful)

      by AstroDrabb ( 534369 ) on Sunday July 13, 2003 @07:38PM (#6430833)
      This is insightful?
      The reason just windows is because that as much as we hate it, we are in the minority of computer uses, they are not going to Bata test a new technology on a system that only a maximum of 5% of computer users will have.
      An internet voting system will most likely be delivered over a web browser. Web browsers work through standard compliant methods such as HTTP, HTML, TCP/IP. What in the hell does IE offer as far as those standards are concerened that any other major browser or OS does not have? Please don't tell me that they are going to try to do this with some stupid, insecure ActiveX control, please, please don't tell me that. The fact is, that this is meant to be the voting system for THE PEOPLE, and we NEED to see every bit of it to make sure that there is no room for foul play. If the US governement tries to push this as the new and only voting system, we must fight back. It is bad enough that our law making politicians are allowed to recieve bribes [opensecrets.org] from evil monopolies, lets not let our voting system become corrupted.
  • by Eric(b0mb)Dennis ( 629047 ) * on Sunday July 13, 2003 @06:24PM (#6430388)
    Voting online seems like it would be a bad idea, no matter how many security measures are put in.

    The internet is inherently insecure, and leaving the hands of the country to the internet could lead to a number of problems... I can see it now..

    Huge office buildings in foreign "enemy" full of hackers skewing the voting system, or a number of different problems...

    Can you IMAGINE the 'recount' scandals, et cetera, after the world's first vote with the internet as a voting measure?

    Also, if you have someone's full info (Social, driver's license #, name, address, et cetera) how hard would it be to place your vote as someone else?

    The whole thing just seems like a "bad idea"(tm) unless something was reworked to make it infaulable, which isn't really possible, anyways.
    • Can any online voting system be hacked? Yes. Should that be a reason to avoid it?
      Hell No! People talk about security and online voting as if that because thesystem is corruptible it is not acceptable. Those with this view are not living
      in the real world. The current meatspace voting system in just as corruptible by anything: from paid repeat voters(which we have here in Chicago), to old crappy machines and even making sure that every vote in counted(as long as it's in my parties county B.S.)
      • by Jeremiah Cornelius ( 137 ) on Sunday July 13, 2003 @07:45PM (#6430863) Homepage Journal
        I'm afraid that I am reminded of the 18th-century French writer Charles de Montesquieu who said that "all nations have the governments they deserve."

        I am afraid that sentiments like yours mask a great deal of indiferrence and intellectual laziness by the pretense of a realistic and 'no-nonsense' attitude.

        It is a far-cry from the blanket assertion:

        Can any online voting system be hacked? Yes.
        to the validation for implementing systems which have a documentable history of being the worst possible of implementations. Those so far in evidence actually invite abuses!

        http://www.blackboxvoting.com/ [blackboxvoting.com]
        Inside A U.S. Election Vote Counting Program [scoop.co.nz]
        Bald-Faced Lies About Black Box Voting Machines [scoop.co.nz]

        It is irresponsible, derelict and probably mendacious of anyone advocating the adoption of newer vote collection technologies not to insist on addressing these specific allegations and their evidence. Any proposal which is advanced without a specific redress of these concerns should be considered suspect in motive. Ignorance of the basic issue - and its gravity - is not a possibility.

  • by mrpuffypants ( 444598 ) * <.moc.liamg. .ta. .stnapyffuprm.> on Sunday July 13, 2003 @06:24PM (#6430389)
    Ladies and Gentlemen, It is my pleasure to introduce the new supreme ruler of the United States: William Gates!

    Gates:"....exxxxxcellllent....."

    Ok, so it's pandering that this will get modded as funny, but I'm a whore for good karma!
  • Military Voters (Score:5, Informative)

    by agentZ ( 210674 ) on Sunday July 13, 2003 @06:25PM (#6430393)
    If they're testing the system with military voters, than using Windows is probably the only choice. There are a lot of bases where the desktop platform, by directive, is Windows. Running alternative software can be a violation of policy and mean Real Trouble(tm) for military members. They're not going to court martial anybody, but it can be a black eye on your record.
  • Becuase... (Score:4, Funny)

    by darkov ( 261309 ) on Sunday July 13, 2003 @06:25PM (#6430397)
    Why the Windows requirement?

    Because your vote has to be sent to Redmond to be "verified" and rejected in the case of an "incorrect" vote.
  • Oh No... (Score:5, Funny)

    by Quaoar ( 614366 ) on Sunday July 13, 2003 @06:26PM (#6430405)
    All those hermits who never leave the house are going to be able to vote. How long do you think it will be until they repeal the Sun?
    • Re:Oh No... (Score:3, Funny)

      by bad_fx ( 493443 )
      All those hermits who never leave the house are going to be able to vote.


      No, fortunately for the rest of you puny mortals, most of us /. readers don't run Windows, so you're safe for now...

  • Wait (Score:4, Insightful)

    by AvengerXP ( 660081 ) <jeanfrancois,beaulieu&mckesson,ca> on Sunday July 13, 2003 @06:27PM (#6430411)
    Maybe they just meant that like a generic statement, and its not limited to windows but any station with internet access. They just assume you use windows. It doesn't say that its ONLY windows. It's like saying you can to point X using a car, but you can also take a flight or walk or... You get the point.
  • by taped2thedesk ( 614051 ) * on Sunday July 13, 2003 @06:27PM (#6430412)
    From the SERVE web site at http://www.serveusa.gov/public/aca.aspx [serveusa.gov]:

    Do I need a special computer or software to use the SERVE system?
    No. If your computer, or the public computer you are using, meets the minimum computer requirements, you will be able to use the UOCAVA Voting System (UVS). The minimum computer requirements are:

    - Operating System: Microsoft Windows 95, 98, ME, 2000, NT or XP
    - Internet Browser: either Microsoft Internet Explorer 5.5 and above or Netscape Navigator 6.x and above

    What browsers are compatible with SERVE?
    For security reasons, SERVE is only compatible with browsers with SSL 3.0 capabilities, which are listed below:
    - Microsoft Internet Explorer 5.5 and above
    - Netscape Navigator 6.x and above
    They make mention of the fact that Windows must be used for voting, but they don't explain the requirement. As far as I know, Mac OS, *nix, and Mozilla all support SSL3.0, so why arn't they included?

    This is somewhat unrelated, but still an interesting comment on their page:

    Does SERVE use Microsoft's Palladium software architecture?
    No, the Palladium software is not sufficiently ubiquitous at this time for use in SERVE.
    *Phew*...
    • by Anonymous Coward on Sunday July 13, 2003 @06:30PM (#6430430)
      "No, the Palladium software is not sufficiently ubiquitous at this time for use in SERVE."

      *whimpers in fear*
    • Thank you for posting useful information, as opposed to more hysterical ranting.

      The posted requirements in this type of system are more often the words of the legal or marketing teams as any kind of true technical specification. Plenty of sites (I know because I've worked on them) specify requirements like these because:
      1. They cannot officially support everything, and pick the most mainstream target to serve the largest number of users with minimal friction.
      2. The suits force them to word it thusly because
  • Hoo boy (Score:5, Insightful)

    by thatguywhoiam ( 524290 ) on Sunday July 13, 2003 @06:27PM (#6430415)
    Gigantic partisan flamewar in 3...2...1...

    I have no comment on the usage of Windows in this manner; the security of that operating system has been analysed to death and we all know what the outcome was.

    I have a much bigger fundamental problem with this non-accountable electronic voting process that does not produce a verifiable paper ballot for each vote cast. Aside from any nefarious purposes in the design, having any system where the voting power is aggregated and sorted electronically - and nearly instantly (relatively speaking) - will prove too tempting for someone to sabotage.

    I would think that at the very least, one should implement an electronic voting system on a transparent, open operating system, just for plain accountability.

    And now its time to open the robot polls... and the robot results are in.

  • by dubiousmike ( 558126 ) on Sunday July 13, 2003 @06:28PM (#6430419) Homepage Journal
    They are concerned about building something that works solidly and since Microsoft dominates the desktop market, it is a no brainer to target Windows IE as the single allowable browser to vote with.

    Many of us know what a bitch it is to develop a code and feature intensive site that works correctly for all browsers.

    It also cuts down on support issues. I have met people who are unsure of what platform they are running. "What kind of computer am I using? It says 'power' here near a button. Is that right?"

  • Imagine... (Score:5, Insightful)

    by nacturation ( 646836 ) <nacturation&gmail,com> on Sunday July 13, 2003 @06:29PM (#6430424) Journal
    from the article:
    Imagine casting a vote for president from a cybercafe in Thailand, an aircraft carrier in the Persian Gulf or a laptop computer at home.
    Coincidentally, as I'm typing this, thousands of terrorists, pranksters, and ne'er do wells are imagining the exact same possibility.
  • by koreth ( 409849 ) * on Sunday July 13, 2003 @06:29PM (#6430425)
    There isn't enough detail in the article to say whether "running Microsoft Windows" is actually a requirement, or just cluelessness on the part of the article's author. If it's a Web-based system (which, again, the article doesn't say one way or the other) then it shouldn't matter.
    • I think there is a lot of cluelessness going on in the article as well as the concept.

      The first clue is that Microsoft has bought and paid for the US government by convincing it to send tens of thousands of its middle managers to MCSE brainwa...errr.... certification classes. Many of these people don't know anything about computers other than what Microsoft/Sylvan have taught them. The US Feds will be loyal Microsoft customers long after governments elsewhere have switched. They deserve each other.

      Th

  • Why Windows (Score:4, Interesting)

    by Ken@WearableTech ( 107340 ) * <{moc.rjsmailliwnek} {ta} {nek}> on Sunday July 13, 2003 @06:31PM (#6430437) Homepage Journal
    Why the Windows requirement?

    Maybe because the VAST majority of individualsuse MS Windows. You ASSume that it is just a HTTP connection with SSL so any OS should suffice. Look at the F.A.Q. [serveusa.gov]. It says that "required software is downloaded automatically as needed when you access various parts of the SERVE website. Possibly, the voting software uses their own encryption and will be delivered as an ActiveX or some other format. Could they have written the software so it could work on other OS. Sure but it's a trial run! Their is no right to Vote from a Linux box.
  • by neema ( 170845 ) on Sunday July 13, 2003 @06:32PM (#6430445) Homepage
    You fools! Surely the computers will be exploited for this! This could lead to something completely unprecedented like one man being backed by the majority of American voters for the presidency and then the other man winning, as crazy as that example is!
  • by mrpuffypants ( 444598 ) * <.moc.liamg. .ta. .stnapyffuprm.> on Sunday July 13, 2003 @06:37PM (#6430473)
    Online voting could totally redefine write-in candidates. In the past you were either psychotic, disillusioned, or mistaken in writing-in a candidate.

    Now with the Internet you could have hundreds of thousands voting for retarted candidates like "Rocket J. Squirrel","Jack Black", and "George W. Bush"

    Could this negate the party system? People typically voted for a Dem or GOP'er simply because they were the two names on the ballot that were at the top, but now people could organize real grassroots campaigns, skipping the primaries, and just promote themselves on message boards and other mediums (slashdot front page story, anybody?)

    In all seriousness, national online voting could take the old political system and stand it on its head...I'd go for it just to see what happens.
  • by Anonymous Coward on Sunday July 13, 2003 @06:41PM (#6430497)
    Ohio, Florida... eh... Need I remind people that most every state they plan on testing this in are key swing states? Sure, it says a "handful of counties" -- but let's be realistic, pick the most key counties for your candidate, alter the votes enough, swing the state in favor of whomever votes. With black box voting (with no auditable source), this is entirely possible.

    Long live paper ballots!
  • by nacturation ( 646836 ) <nacturation&gmail,com> on Sunday July 13, 2003 @06:42PM (#6430505) Journal
    Great... so they're securing the hell out of the server which accepts the vote. No problem there. How about the client machines? What if I were to write a worm program which spread innocuously through emails with the sole purpose of modifying the user's web browser.

    Once the protocol is understood, this shouldn't be too difficult to do. Likely it'll be on a secure site, maybe password protected. Doesn't matter. The modified web browser waits until the user visits http://vote.us.gov or wherever, watches the variables being passed, and simply modifies them. Instead of:

    name=John+Smith
    secretcode=K38DJSH38
    password=ai ewpqkd
    vote=Al+Gore


    It changes it to:

    name=John+Smith
    secretcode=K38DJSH38
    password=ai ewpqkd
    vote=George+W.+Bush


    Securing the server is all well and good, but they'll need to think really hard about securing the client side as well. Hint: the choice of who to vote for should also be encoded and (preferably) signed against the user's information. So the vote shouldn't be for "Al Gore" but for a signed and encrypted string which represents Al Gore, making it impossible to derive the signed and encrypted string for "George W. Bush".
  • Ironic (Score:5, Insightful)

    by Bruha ( 412869 ) on Sunday July 13, 2003 @06:55PM (#6430589) Homepage Journal
    That the Courts say MS illegally used IE to monopolize the Browser market.. then they go back and make it a requirement to vote.

    However I'm sure in whomever's ignorance that wrote the requirement it's more of a baseline of what you need. Unless it's some ActiveX voting booth which will be the next great virus..

    voting.klez.E
  • 2000 redux (Score:3, Funny)

    by CleverNickName ( 129189 ) * <wilNO@SPAMwilwheaton.net> on Sunday July 13, 2003 @07:04PM (#6430644) Homepage Journal
    d33r \/0t3r:

    3y3 0wn j00r \/0+3Z, ph00lZ!

    Da Supr3/\/\3Z
  • Why and Why Not. (Score:3, Informative)

    by fm6 ( 162816 ) on Sunday July 13, 2003 @07:06PM (#6430661) Homepage Journal
    Why the Windows requirement? Is that really going to make online voting secure?
    To answer your second question first: no, it's not. Actually, there are too many security issues with online voting, regardless of the platform. But Windows is a particularly insecure platform, and your concern is appropriate.

    As for "Why Windows", the SERVE web site [serveusa.gov] says, "All required software is downloaded automatically as needed when you access various parts of the SERVE website." That seems to indicate some kind of embedded web application. I'd guess this application is native code, since Windows no longer comes with Java, and there's no mention of a Java download.

    Or it might be that whoever wrote the FAQ page doesn't know much about the app, and is tapdancing around the details. Certainly it would make sense to implement this app entirely on the server. If that's the case, then it's reasonable to ask why other platforms with compliant servers aren't acceptable.

    The answer to that would be QA. On a project like this, they have to carefully test the app, and even with their current limitations they have 4 different browser-platform combinations (IE and Netscape, Pre-NT and NT Windows) to test.

    This points up a big problem with web applications. Most of us would like to see web developers code to a standard, not to a browser. Until they do, browser implementers has no incentive to support standards, and all that cool stuff in HTML4 and cSS2 is just so much noise.

    (And yes, Internet Explorer -- except for the Mac version -- is particularly bad. But all browsers have serious compliance issues, so we can't put all the blame on Mister Bill.)

    But why should web developers bother? Even if they're aware of the importance of standards -- and most appear not to be -- it doesn't save them from the need to test their apps on every browser-platform combination they claim to support. So what does compliance buy them, except extra work?

  • curiousity..... (Score:5, Insightful)

    by morgajel ( 568462 ) on Sunday July 13, 2003 @07:09PM (#6430678)
    what exactly is SERVE? is it a website? a program? an authentication scheme? I browsed over the article looking for that, and didn't see it.

    So why is Windows a requirement- client side software? if so, why does it matter what browser you use? it's obviously not a vb app that calls IE, because they say it works with netscape 6+ as well.

    If it's browser independent(straight html) then it should work on any system. I don't think netscape uses vbscript, so I don't think that would be a hinderance either.

    Perhaps they just listed windows because they didn't want people with an old Tandy or 386 trying it. Perhaps they didn't mean to offend the linux and Mac users, they were just ignorant of their existence.

    If someone is bored, they could try contacting the creators of this project and see if they could get mozilla and opera added to that list of broswers, as well as linux.

    Actually, perhaps the mozilla team could petition to have themselves added to the list if they meet all of the requirements. It would be good publicity to say "yes, we're government certified to handle your votes, and we have a better track record than IE. try us."

  • by Badanov ( 518690 ) on Sunday July 13, 2003 @07:14PM (#6430716) Homepage Journal
    Voting requiring Windows.

    The new poll tax.

  • by Theovon ( 109752 ) on Sunday July 13, 2003 @07:21PM (#6430748)
    Looks like someone's just being paranoid.

    There is nothing in the article which suggests that Windows is a requirement. It just says that you can access it from any Windows box with internet access. That means that Windows is sufficient, but it doesn't say it's necessary .

    What they're trying to address in the article is that since most people use Windows, then most people are going to want to know that they can access it from their home computers.

    It's like telling people they can get somewhere in a Ford. That doesn't mean they can't get there in a Chevy or a Nissan.

  • by Aureal ( 685172 ) on Sunday July 13, 2003 @07:35PM (#6430822)
  • Just wait .... (Score:3, Interesting)

    by taniwha ( 70410 ) on Sunday July 13, 2003 @07:51PM (#6430895) Homepage Journal
    for the virus/spyware/worm/... that infects Windows machines and patches the election program to vote for the candidate of the spyware author's choice. Remember the 2000 election 100,000 overseas votes could make the difference ....
  • by Jerk City Troll ( 661616 ) on Sunday July 13, 2003 @07:58PM (#6430919) Homepage
    It used to be that women were not allowed not vote. It used to be that black people were not allowed to vote. For women, it was because they were not men and thus did not necessarily share the viewpoints of those in power who benefited from male voters. For blacks, it was because they were not white and thus did not necessarily share the viewpoints of those in power who benefitted from white voters.

    While not as definitively prohibitive, this is the same as voter segregation. Unless you are willing to spend the money to use Windows, you are not permitted to vote in this fashion. What if you use a Macintosh? What if you run an open source operating system? If you are not in a particular class of citizens, your ability to vote is limited. Certainly if traditional voting is available to you there is really no problem, but that's not an option, you are being prohibited.

    So the serious issue here not that Windows is secure or any other nonsense. The problem is that people who are influenced by Microsoft have thus dictated that those who do not use Microsoft products are not permitted to vote in this fashion. That's a serious problem because whoever directed these development efforts (and of course, whoever directed her) therefore has strong influence on how candidates will be elected.

    I would wager that this could be very popular (though I personally prefer pulling the lever with the satisfying kerchunk to cast my vote). As a result, certain parties will have unfair advantages for reasons which should be obvious to most people who read Slashdot. (Of course, I am willing to outline a scenario or two for the uninitiated.)

    Maybe someone should write a HOW-TO in the future outlining how this software may be used with Wine on OSS machines. Of course, options on the Macintosh are limited even further.
  • by Loki_1929 ( 550940 ) * on Sunday July 13, 2003 @08:19PM (#6431031) Journal
    "Why the Windows requirement?

    They wanted to use a stable, reliable, and secure operating system to ensure that all American voters have equal and unhindered access to their right to vote.

    Unfortunately, they couldn't think of anything, so they just chose Windows.

  • by sstory ( 538486 ) on Sunday July 13, 2003 @10:20PM (#6431584) Homepage
    The article says "Voters using SERVE can register to vote and cast their ballots from any computer using Microsoft Windows with Internet access."

    It does not say only from any computer using Windows. Everyone here's reacting as if the article said the latter, but it didn't. The article does not say, if you read carefully, that the system will somehow be limited to Windows. I just says anyone with Windows and the internet will have access.

  • Speak up! (Score:4, Informative)

    by Nucleon500 ( 628631 ) <tcfelker@example.com> on Sunday July 13, 2003 @10:47PM (#6431689) Homepage
    Please remember that we are Slashdot, we are numerous, and we are powerful. So go to the site [serveusa.gov], click Contact Us, and give them a piece of your mind. For that matter, you could even snail mail them something. When webmasters start getting tons of mail about allowing real browsers, they sometimes do it. And in this case, it affects voting, so it's very important. Surely a few hundred messages asking them not to discriminate on UserAgent headers, submitted before the system's even implemented, will widen their view.
  • by NeuroManson ( 214835 ) on Monday July 14, 2003 @02:42AM (#6432472) Homepage
    I'm sorry, your government has performed an illegal action and must be shut down. If the problem persists, please contact your beaurocratic vendor.

"The great question... which I have not been able to answer... is, `What does woman want?'" -- Sigmund Freud

Working...