E-Voting Firm VoteHere Discloses October Break-In 172
linuxwrangler writes "In the ongoing saga of electronic voting 'security,' eVoting company VoteHere is the latest to reveal that they were the victim of a computer break-in. According to VoteHere founder, Jim Adler, the concern isn't about their source code which they plan to reveal 'eventually,' anyway, but is about the possible release of salary and other HR data. Astoundingly, the 'hot poll' associated with this story has (as this is being posted) 28% of respondents saying they would trust their vote on the internet and 41% saying 'not now, but maybe soon.' Feel free to cast your vote." Reader nSignIfikaNt points to the Assocated Press' article as carried by CNN.
If their internal network can be compromised... (Score:5, Insightful)
umm...ok (Score:5, Insightful)
Microsoft is responsible (really!) (Score:4, Insightful)
Now, ask yourself, why is it that people don't trust comptuers?
Answer: Microsoft's abhorent trackrecord with regard to security has an awful lot to do with it. It's not the only factor, but it is *huge*.
All these windows bugs do effect us linux geeks: The perception of computers in general has suffered greatly.
--
Join Jihad against slashdot's editors. Join anti-slash [anti-slash.org]
Poll? What poll? Vote? What vote? (Score:4, Insightful)
Anyway, on the substantive issue of reliable voting, computer security is NOT a done deal. This networking stuff is great in many ways, but there's a big problem when everything is connected together. You hack into one part of the system, and you've exposed various other parts to attack. The old idea was to make a secure perimeter with firewalls and DMZs and so forth, and you could keep something safe inside, but that's called the "eggshell model" now--turns out to be relatively easy to breech and you still need strong security for EVERY machine with ANY sensitive information on it. Someone in the office took his notebook computer home for the weekend, and you can never tell what Trojan backdoor is inside your network now.
Of course, the BIG threat here is abuse of power. No one needs to be protected from weakness, but powerful people often want MORE. Not an independent event--that greed is usually part of how they got there in the first place. Consider the recent example of Arnold in California and the selection in Florida in 2000...
If our votes are to have ANY meaning, they must be protected, and it is very clear that some people will play ANY game that will win more power. Voting machines as secret slot machines? Would you trust Las Vegas THAT much?
Simple. Print the ballots. Let the voters LOOK at what the ballot says, and save it. It's convenient that the machine can also report the results quickly--but NOT convenient that any computer can be hacked.
Re:Microsoft is responsible (really!) (Score:5, Insightful)
E-voting is a reason not to trust e-voting. Slashdot just has story after story of how these big "trust us, our stuff is fair" e-voting companies have problem after problem after problem. Things are bad now, but imagine the kind of stuff that might come up if it was legislated that the 2004 Presidential Election had to be done on these systems. What happened in Florida (which was largly the fault of people who were too desperate to not loose to care about anything else, since the recounts and recounts didn't change anything) would look like a cakewalk compared to finding people who got to vote in 12 districts, those who's votes were counted 10,002 times, and the fact that anyone with a "A" or an "E" in their last name (BUT NOT BOTH) could only vote during odd numbered minutes of even numbered hours in districts that are prime numbers or some other rediculous things that at this rate seems it could easily turn up.
I'm all for MS bashing when they deserve it, and they may be the number one reason people don't trust e-voting (allbeit indirectly); but there are REAL reasons why people shouldn't trust it, and if it were to get reported more, then people still wouldn't trust the things, it would just be for the "right" reason.
How can we trust this company? (Score:5, Insightful)
But lets face it, if you want to manufacture eVoting technology then securing the network is a crucuial part of that technology.
If THEY can't secure there own HR and payroll data then how am I supposed to trust them to handle evoting competently?
Re:Microsoft is responsible (really!) (Score:5, Insightful)
Why should voting be more automated? The only reason ballot counters are used is to rig the election. Several contries around the world conduct elections with hand marked and hand counted ballots and do just fine. Automation just makes it that much easier to rig the vote. Voting SHOULD be difficult, hard to quickly count, and should envolve lots of people in the process. When one person or a small group gets to count the ballot or gets to build an automatic system to count the ballots it is far easier to bribe or threaten that small group and rig the election. Any kind of automatic system should be questioned, be it scantron systems, pull lever voting machines, or computers. It is all designed to hide the vote from the public NOT make voting safer. I don't trust computers not because I am ignorant of what they can do because I know exactly what they are able to do and how easy it would be to rig an election.
If it is not a paper ballot and the ballot isn't counted at the polling place in public view then you shouldn't trust that vote. Most places in the USA the ballots are not counted at the poll. They are hauled away to the court house and counted out of public view. No way to be certain that the ballot box is the same one that left the polling place and no way to have the public watch the counting. This is by design to aid in vote fraud. We haven't had a free election in most places in the country in years.
Probably (Score:4, Insightful)
The only valid reason I've heard of for e-voting is to purely speed up the counting of the votes, so that the result of the election can be known much quicker than via hand counting.
Commonly people seem to assume that this means replacing paper votes, or rather, more specifically, replacing an auditable paper trail.
So we have a additional-efficiency model verses a replacement model.
For some reason, the model that has been adopted (and maybe encouraged by the "US" governement aka GWB) by these E-voting companies is the replacement one. Who knows why, although the conspiracy theorists would suggest Florida 200(? - I'm Australian, don't know exactly when the last US election was).
Of course, as all slashdotters know, under the replacement, electronic only model, security and accountability are a lot harder to do. All these e-voting security stories, such as this one, are evidence of that.
Re:If their internal network can be compromised... (Score:4, Insightful)
There was something encouraging in the article, evidence that the company understands the concept of detection and response:
Not so good is that the article says their systems will allow voters to check their ballots after leaving the polling place. I hope the reporter misunderstood. Chaum's paper explains how you could verify that your vote got counted, was valid, and was what you expected -- but you don't want to be able to see what candidate the vote was for. That way lies intimidation and verifiable vote-buying.
Re:Microsoft is responsible (really!) (Score:3, Insightful)
Perhaps the current incarnations are faulty because they involve insecure proprietary software made by inept, politically-motivated companies; but that doesn't mean that e-voting is inherently impossible to do correctly.
There's a real feeling among "regular people" that computers aren't to be trusted. It will only hurt OSS and proponents of universal computing when Microsoft capitalizes on this mistrust (that they helped create) by introducing "Trustworthy" computers that only run Windows.
The technologically informed must make it clear that the problems with e-voting (and secure computing in general) are not technical ones and will not be solved by blindly trusting faceless corporations or closed-source government voting booths.
A Good Use For The Internet (Score:4, Insightful)
Not trying to troll, but... (Score:2, Insightful)
27% Yes
40% Not now, but maybe soon
Fucking idiots. That's about all I can really say in response to this. I'm just too disgusted for words.
Re:Microsoft is responsible (really!) (Score:3, Insightful)
The technologically informed must make it clear that the problems with e-voting (and secure computing in general) are not technical ones
Aren't they? Depends on your definitions, I suppose, but I would say the main problem *is* a technical one, and that it's intractable. The problem is that technology is inherently opaque, unless you have a great deal of specialized training, and even then you can never really be sure unless you're allowed to disassemble the device.
Sure, there are ways you can build systems that can be verified, and processes to verify them, but the costs are huge (I design and build secure systems for a living) and you'll *never* convince people as thoroughly as you will if you simply print a paper ballot that they can read and drop in a locked metal box.
Politically motivated? (Score:4, Insightful)
Waaa??
So he impugns activists pointing out flaws in his system, then claims to be taking the moral high ground. And the cowardly reporters don't even question him about this blatant double-talk. Shame on VoteHere. Shame on MSNBC. Shame all around. When people lie, they need to be called to the mat for it.
Re:If you saw current poll methods... (Score:2, Insightful)
I'm not trying to say e-voting shouldn't be done at all, but if there is no paper trail, then the potential for mass voter fraud still exists. A previous post suggested a system in which an electronic input system would print out a marked ballot for you, which you could then verify before submitting it. This would increase the ease of voting while still maintaining, if not increasing security.