Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Software Your Rights Online

Experts Critique SERVE Internet Voting System 270

linuxwrangler writes "SFGate is reporting that a critique by four security experts claims that SERVE, a system being developed to allow US citizens overseas to vote via the Internet, is so vulnerable to attacks that it should be scrapped. The other six experts who examined the system declined to issue a report. Nevertheless, the Pentagon stands by the system and plans to use in in elections next month."
This discussion has been archived. No new comments can be posted.

Experts Critique SERVE Internet Voting System

Comments Filter:
  • Important (Score:5, Insightful)

    by Mork29 ( 682855 ) <`keith.yelnick' `at' `us.army.mil'> on Thursday January 22, 2004 @03:21AM (#8052753) Journal
    It's a shame that the government and these companies can't get their act together, and build a simple, secure voting system that includes a paper trail. Why is that so complicated. I'm currently serving in the US Army in Germany, and an online voting system would truly make life easier. It's a soldiers job to defend democracy, so it's a very sacred thing for us to be able to take part in it. To be able to vote right over the internet without much hassle is something has taken far to long to develop.
    • Re:Important (Score:5, Insightful)

      by WegianWarrior ( 649800 ) on Thursday January 22, 2004 @03:39AM (#8052839) Journal

      A simple secure online system is anything but simple to develop. Now, I don't know how the US has arranged for citizents living or working arbroad in previous elections, but I know that we (ie Norway) has usually asked people to go a central location to register their votes (embasy, consulate, military barracs*). It should be relatively simple to set up a secure** server at each such location which collects the votes casted and contacts the central server once every day or so. The collected votes, complete with a papertrail, chould then be sendt in an encrypted form, possible utilizing a one time pad to prevent tampering.

      However, if the system should include a 'log on anywhere' capability, not be reliant on installing a client on the users PC, and be reliant on sending the information over the internet... good luck making it secure. I seriously don't think it will ever be secure enought for this application.

      __*) if you look at the number of soldiers on either NATO, UN or other mission*** abroad compared to the number of people living in Norway, we have more soldiers out there than the US have... but then, there are less people living in Norway
      _**) Secure in this meaning could include a squad of soldiers making sure no one tampers with the server, if you're so inclined.
      ***) Like the people we have in Iraq right now, helping secure and rebuild that nation.

      • Re:Important (Score:3, Insightful)

        by Catbeller ( 118204 )
        Paper. Ballots. Count them. Works for everything.

        Electronic ballots: enables cheating. Period.

        We don't need systems with paper audit trails. We are just adding insane cost to a very simple process. We have systems that work, called "paper". The only people who claim they don't work were the ones who wanted an election to stop *

        Why, oh why, do these "designers" insist on an unauditable system, when it is trivial to add a printout? **

        And why have a even have a system with a paper backup for audits when we
        • Yes...paper works much better. With electronic systems one could use dead people's names, make up people, use children's names, or worse show up and vote for someone else. You could enter a whole bunch of fake votes that way.

          Paper allows you to prove beyond a shadow of a doubt that someone voted properly and for whom they voted. *

          As is being said over and over, a system can and should be put in place and get rid of the current one. To me, nothing could more absolute than an electronic count. Don't forget
    • Re:Important (Score:3, Informative)

      The front page has a link to send them your feedback (javascript required). Let them know what you think.

      http://www.serveusa.gov/public/aca.aspx
    • Re:Important (Score:2, Insightful)

      by dave420 ( 699308 )
      Defend democracy? Why didn't they all kick the living shit out of Bush when he visited Iraq then :) He's the biggest threat to democracy since Hitler.
    • Frankly I dont think anyone in charge of this wants a paper trail. To wax conspiratorial for a moment, non-auditable, hackable, and unverifiable electronic voting it going to give 'them' the ability to hand elections to whomever 'they' want. The voters be damned. I'll warn you now.. there are going to be very dire consequences to this.
    • Re:Important (Score:2, Interesting)

      The article seems to be saying that because the internet and the PC used for voting is insecure, therefore the voting system must be insecure.

      That part I don't agree with.

      It is fundamentally possible to have secure communications over an insecure link. For example, each voter gets a unique number, encrypts their ballot using a common public key inside a message encrypted using their unique number. At election headquarters, votes can be received by paper, email, or any other insecure means of transmitt

      • Re:Important (Score:2, Insightful)

        ...encrypts their ballot using a common public key inside a message encrypted using their unique number....

        I was wondering if you could explain this a little bit more clearly. I'm having a difficult time explaining to my grandmother why this "choose two three-hundred-and-eighty-four-bit prime numbers, multiply them together..." is a better system than "put an "X" into the box by your candidate's name, place it in the envelope.

        Suse, we can write software to do all the dirty bits, but at that point how d

      • Re:Important (Score:3, Interesting)

        by Twylite ( 234238 )
        1. Anyone can generate votes with "unique numbers" that don't belong to them. Some may be invalid, others are successfully forged. Unless the "unique number" is a randomly-generated 128+ bit number, forgery is quite possible.
        2. It is trivial to trace the vote back to the voter. Method #1: decrypt the vote. Not supposed to happen in theory, but in practice not unlikely. Method #2: given a voter's unique number, generate all possible votes and match the results. Can be defeated by including a random number
    • Re:Important (Score:3, Insightful)

      However, regardless of whether a secure voting mechanism can be implemented over the internet, this one is in deep doo-doo:
      1. I doubt that our institutions are capable of providing a secure voting mechanism without much trial and error (at the expense of our elections)
      2. Those who make the most use of election fraud now have much to gain from claiming that this voting system is allowing the _other_ side to steal elections. It puts the heat on the other side, and tends to delay the acceptance of these new s
    • Re:Important (Score:3, Insightful)

      I'm currently serving in the US Army in Germany, and an online voting system would truly make life easier.

      Plus, it would be so much cheaper and easier for authorities to get the required results. No more trucking bags of ballots off to secure & undisclosed locations for selective overnight spoilage, etc. The efficiency of military planning would be enhanced by the greater predictability of elections on the national level, and the American Empire would be strengthened as a result. It would also help pro

    • Electronic voting could be had today.

      The fact is-- a simple, secure, electronic voting system which includes an electronic signature and paper trail would not be too hard to put together. The hard parts are already built.

      I would design a system to have the following components:
      1: Kerberos V authentication

      2: Digital signatures on database entries (this is probably the hardest part because you have to figure out how to generate a signature based on many fields, though a simple field1 || field2 || field3
  • NYTimes Link (Score:5, Informative)

    by a.koepke ( 688359 ) on Thursday January 22, 2004 @03:23AM (#8052761)
    Here is the no rego NYTimes link [nytimes.com] for the article mentioned in the report.
  • by gnu-sucks ( 561404 ) on Thursday January 22, 2004 @03:23AM (#8052764) Journal
    We'll be counting hanging TCP connections?
  • by Corpus_Callosum ( 617295 ) on Thursday January 22, 2004 @03:25AM (#8052779) Homepage
    If the U.S. govt would ask a University Comp-Sci department (any University) to initiate an open-source secure electronic voting system, this problem would solve itself very rapidly.

    Why do these things continue to go out to bid instead of being handled in academia where they should be?
    • Get your tin-foil on for a moment. :)

      Speaking... hypodermically... IF the government was completely unethical, and IF the company handling the voting systems was completely unethical, THEN instead of getting a quality open-source voting system for free, the corrupt voting systems people could get some tax dollars, and the government could take a kickback and a guarantee of reelection. Then again, that would require the voting systems people to apply uncertified code to voting systems, right? Oh, wait...
    • Why do these things continue to go out to bid instead of being handled in academia where they should be?

      You know, computer scientists aren't necessarily good programmers. In fact, most computer scientists are incredibly bad programmers -- they may know all the algorithms, but actually being able to produce working code is a completely different matter.
      • by Reivec ( 607341 ) on Thursday January 22, 2004 @03:51AM (#8052871)
        If it were open source patches would come in from all over the place. The algorithm is the important part! The bugs can be worked out as you go. But if your algorithm is crap, no amount of debugging will make it better.

        I totally agree with the parent here. It would be cheaper, it would be a good educational tool for universities to get their students in. It wouldn't be hidden from the public since this is such a public issue. Experts could inspect the code at will and provide patches. I can't even really think of a negative here. I simply think too many government officals are convienced that if the source is open that means anyone can figure out how to break it, which isn't really the case.

        Plus any good NEW ideas that might come out of it would also be open and could be used in other applications. And if they did, they would make good standards since they would probably be under a BSD type license. Good all around I say!
    • by Ckwop ( 707653 )

      SSL is a secure channel protocol and the simplest of the standard cryptographic problems. It is monsterously complicated to code but the basic premise of how it works is fairly easy to understand..

      However, Just the description of secure voting schemes is pretty monsterous.. In Applied Cryptography, Bruce takes a chapter to develop a secure voting protocol.A real world system is an order of magnitude more complicated..

      I think the way to develop a secure voting system is to have an international competit

      • In real world systems, internet secure voting protocols are indeed on another level of existance. They require that the person who cast the vote is who they say they are, while at the same time needing to ensure that nobody can figure out who the person casting the vote is. A difficult bag indeed.
    • Er, no. The problem would seem to be hopelessly complex and require a new branch of mathematics.

      Much better to send it to an Engineering school. Or better yet, a bunch of Engineering school dropouts.

    • Forget acxademia, you must remember that politics is about real things. Greenbacks in particular.

      A real solution would be to put the various central government jobs, congresscritter, senator up to president on eBay and auction them off. eBay is reasonably secure and at least we are taking a fair view of the political system. The money raised goes towards the next year's budget.

    • by Lolox ( 643678 )

      Please explain what the Comp-Sci department grad students can do about creating an e-voting system where you can vote from any PC, anywhere, and that is resistant to

      • DoS attacks (SERVE's webpage says that they have something up their sleeves, but the experts in the article don't buy it)
      • Trojans/Malware in the voter's computer
      • Man-in-the-middle attacks
      • Insider attacks once the system has been verified

      (Acknowledged: having widely-reviewed source by academics across the globe would help guard against

    • by mpe ( 36238 ) on Thursday January 22, 2004 @07:03AM (#8053455)
      If the U.S. govt would ask a University Comp-Sci department (any University) to initiate an open-source secure electronic voting system, this problem would solve itself very rapidly.

      No doubt the US government would get upset were the answer something along the lines of using a system which could be easily counted by hand or machine, without involving lots of computer hardware and software. Especially if "not invented here" syndrome was involved.

      Why do these things continue to go out to bid instead of being handled in academia where they should be?

      It's a political dicision. The claim is that putting things to "the market" (the criteria being such that only a very few businesses could even put up a bid in the first place) is "more efficent". Whereas in actual practice it could just as easily be "corporate welfare".
    • Please go visit the Open Voting Consortium [openvotingconsurtium.org]. They are working on an open souce voting platform [sourceforge.net]. Their system is nearly ready for a public demonstration, and will need all sorts of volunteers in order to ramp up for the "production" version for certification. The people involved are pretty amazing.
  • by gid13 ( 620803 ) on Thursday January 22, 2004 @03:25AM (#8052780)
    ...100% of respondents (in this case, all qualified) say the system sucks, and the people in power say "Nah, go with it!"

    The optimistic interpretation: The pentagon is full of idiots.

    The pessimistic interpretation: The pentagon is full of corrupt people.

    My interpretation: The pentagon is full of corrupt idiots.
    • Let's see...

      The optimistic interpretation: The pentagon is full of idiots.

      Even idiots would have changed their mind after the results.

      The pessimistic interpretation: The pentagon is full of corrupt people.

      Non-idiot corrupt people wouldn't have asked for a security analysis like that (makes them look bad).

      My interpretation: The pentagon is full of corrupt idiots.

      I have to agree with this interpretation, since it's the only one that's consistent.
  • by gid13 ( 620803 ) on Thursday January 22, 2004 @03:31AM (#8052809)
    From the article:

    "We've had things put in place that counteract the things they talked about."

    Gee, thanks for being specific. I'm convinced.
  • by stewwy ( 687854 ) on Thursday January 22, 2004 @03:34AM (#8052817)
    1) Decide who will win

    2) Allow Voting

    3) Announce result

    Using this task order means that 2) is redundant and therefore has no impact on the result, therefore you do not need a secure system and can save money by purcasing a system off your friends

  • by narratorDan ( 137402 ) <narratordan@gmail.com> on Thursday January 22, 2004 @03:43AM (#8052846)
    Most Americans don't vote, so I think it's only fitting that the people who are most effected by American policy now have a chance to have their votes counted!

    NarratorDan
  • Pentagon?? (Score:4, Insightful)

    by femto ( 459605 ) on Thursday January 22, 2004 @03:49AM (#8052865) Homepage
    What is the Pentagon doing developing voting systems? As a major recipient of government money, with no funding guarantees, wouldn't it have a significant vested interest in election results?
    • Uhm, maybe because a very large part of those US citizens abroad are soldiers, and would like to be able to vote? After all, it's the politicans who decided to put their asses on the line, so it makes sence if they (ie; the soldiers) want to have a say in which politicans that run the show...

      • well, they could just vote the normal way. even when their ballots came in late in 2000, and technically should not have been counted, they were still added to the tally in ... florida

        nevermind. i think i figured it out.
      • Re:Pentagon?? (Score:4, Insightful)

        by femto ( 459605 ) on Thursday January 22, 2004 @04:17AM (#8052950) Homepage
        That's not a reason.

        Soldiers can still vote if the overseas voting system is developed and run by an independent entity, with independent funding. Soldiers may have to trust the Pentagon with their well being, but hat trust should NOT have to extend to trusting the Pentagon with their vote.

    • It certainly does. But if you look at the problem closer, it gets even worse.

      Now, presumably the reason the Pentagon is involved in the development of an absentee voting system is that military personnel overseas are the largest group of absentee voters. All well and good; it is vitally important that our troops be able to exercise their rights while they're out there doing their duty.

      However, things are more Interesting this year. Traditionally, military absentee ballots have been free votes for the

  • vote (Score:3, Insightful)

    by edverb ( 644426 ) on Thursday January 22, 2004 @03:49AM (#8052868)
    Vote by absentee ballot this year. I reckon the paper trail might be necessary (again).
  • by leoaugust ( 665240 ) <<leoaugust> <at> <gmail.com>> on Thursday January 22, 2004 @03:54AM (#8052877) Journal

    An Internet voting system developed by the Pentagon for U.S. citizens overseas is so vulnerable to attacks that it should be scrapped, four computer security experts said in a report released Wednesday.
    Forgive me for asking but why is the Pentagon involved in the conduct of Elections? Isn't there some more neutral organization ? It is like asking the Republican-leaning ("I am committed to delivering ...") Diebold to be in charge of conducting elections. If it was the State Department (Colin Powell) it would make sense but the Pentagon (Donald Rumsfeld) ? There is no democracy in the Defense Services and None at the Pentagon - what makes them so confident that they know what democracy needs.
    Defense Department spokesman Glenn Flood said the Pentagon was confident the system is secure. "We knew from the start that security would be the utmost concern," Flood said. "We've had things put in place that counteract the things they talked about."
    Again forgive me for bringing it up, but they seem to be brushing off concerns like the did before attacking Iraq. (We have it all under control, and it will cost less than 1.5 billion dollars ...)
    "We knew from the start that security would be the utmost concern ..."
    Yes, but they said the same before attacking Iraq. Knowing something does not mean that they have planned for it. It is like a doctor who knows the name of the disease but that does not mean he/she knows how to cure it. And the Pentagon has not addressed the legitimate concerns.
    But the Pentagon is standing by the system, which could get its first test Feb. 3 in South Carolina's primary election.
    Bring 'em on.

    • Forgive me for asking but why is the Pentagon involved in the conduct of Elections? Isn't there some more neutral organization ? It is like asking the Republican-leaning ("I am committed to delivering ...") Diebold to be in charge of conducting elections.

      In many places elections are run by a neutral "civil service". (With care being taken to ensure that any civil servant is not seen to be in a position of conflicting interests.) AFAIK no such entity even exists in the US.

      If it was the State Department
    • The Pentagon was ordered to create a voting system to replace the current mail-it-in absentee ballot system... because a shit-ton of soldiers in Korea, Germany, Iraq, and all the other myraid places we show up.

      It's the Pentagon developing it because the soldiers will be using it. This is not intended to be John Q. Backwoods voting from his AOL.

      This [fvap.gov] is their home page, and here is the here [fvap.gov] is the law that brought them into being.
  • ... not working right when 700,000 Privates with the last name of Chen vote for the Communist party candidate. Who needs a Manchurian Candidate when you can just elect Chairman Jia Qinglin himself? :-P ~UP
  • by Linus Sixpack ( 709619 ) on Thursday January 22, 2004 @04:07AM (#8052924) Journal
    Considering the US military presence in so many countries (I think 145 at last count) whats wrong with a few polite soldiers, a few witnesses, and a paper trail.

    Lightning fast counting with no paper trail seems too much like an adaptable magic wand to say whatever Bush wants it to say.

    ls
    • by cascadingstylesheet ( 140919 ) on Thursday January 22, 2004 @08:14AM (#8053791) Journal

      Lightning fast counting with no paper trail seems too much like an adaptable magic wand to say whatever Bush wants it to say.

      Why Bush?

      Those dead people in Chicago, the inner city residents who get bussed from polling place to polling place, and those who aren't, er, technically citizens, weren't voting Republican last time I checked.

      Does you're side really want to start talking about voting fraud (as opposed to metaphysical "voter intent" and "hanging chads")?

      • Does you're side really want to start talking about voting fraud (as opposed to metaphysical "voter intent" and "hanging chads")?

        As a matter of fact, YES. Very much so. This is not a Republican issue, or a Democratic issue, or Libertarian or Green or Constitutional or any other party issue. This is an American issue, one which crosses party boundaries and loyalties. It is about the country, not a party, whatever party that may be. The goal is a strong democracy, above and beyond pointing fingers at which

        • ANYONE who engages in vote fraud is reprehensible.

          Yep, no argument here.

          Saying "Yeah? Well they did it, too!" is no excuse, and, by dividing people into us-versus-them camps, does nothing to advance democracy.

          Good thing that's not what I was saying, then. I wasn't saying "they did it too", I was saying "they did it, period". Stamping out vote fraud would probably eliminate the Democrat party, on a national level, unless they can use lawyers again to magically transform spoiled ballots into votes.

  • ..and I'll be your next President!

    *evil laughter*
  • by oohp ( 657224 )
    I won't be suprised if Bush wins again with as little as +0.0001% votes in the 2004 elections.
  • by Azurstorm ( 744228 ) on Thursday January 22, 2004 @05:51AM (#8053260)
    In Switzerland, we have tested from some years now an online voting system (more than 4 years ago already). I can not assure that there is an absolute security but until today, it appears no problem at all. The last census in 2000 was on Internet and it was a great success, people were very happy and have for a lot of people, using the Internet way instead the paper.

    Switzerland is in Europe the most developed country in Internet with more than 70% of people using Internet.

    There is a LOT of security check (for me a little too much hehe), at least three codes on each page, but for what I've studied the system, it appears very good, strong and evolved.

    Now it is used for some small votes until that it will be absolutely validated. After that, we will have the possibility to use it for national vote.

    Perhaps you should have test SERVE on some small votes before to use it for a national election. From other countries, people were looking the last US election with a suspicious mind, it would not be very good that one time again USA will have huge problems with that!

    But Internet is for sure the voting machine of the future !
    • Interesting,

      But your figures on internet usage are waaay off.

      Switzerland :- 4,271,998 Internet users as of Aug./2003, 57.9% penetration, per NielsenNR.

      Sweden has the highest in Europe: ( 6,726,808 Internet users as of Sept/2003, 75,8% penetration, per NielsenNR.)

      Other countries including the UK and NL are ahead of you as well, with 58.2% and 63.7% respectively.

      I'm afraid you're a casuality of Swiss propoganda ;) and yes, I live in CH too so I am not talking out of my arse.

      FYI the stats came from here:
  • I swear, this seems like an onion article or a monty python sketch.

    "We've had things put in place that counteract the things they talked about."

    Yeah, those things that counteract things are just great. You can xyzzyfy the floobargs to make them do really cool things too.

    There is no way to verify that the vote recorded inside the system is the same as the one cast by the voter.

    Sounds like the wheel of fortune of election systems. Sadly, the regular electronic election systems (diebold anyone?) are no
  • First off, before lots of people visit our site, could one or two of you please, PLEASE mirror our site as we have very limited bandwidth (8GB per month).

    I have just put up the beginnings of an Australian political party based largely online, and one of the central tenets is to have members be able to directly influence policy creation and modification by submitting secure, anonymous-yet-verifiable votes. In the age of near ubiquitous internet access I see this as the most logical progession of true democr
  • by igaborf ( 69869 ) on Thursday January 22, 2004 @07:51AM (#8053675)
    My problem with any such system is that it doesn't protect against coercion. One reason traditional polling booths are set up the way they are is to prevent anyone from knowing how you voted. If you're voting from home via the Internet, that's not possible. Imagine someone who has power over you standing behind you while you vote to ensure you vote "right." (If you're a leftie, you can think of that person as a representative of the evil corporation. If you're a rightie, you may want to think of a union shop steward.)

    Note that this is not a computer security problem. Even if the voter's identity is established to a certainty, it doesn't ensure the voter is not being coerced.

    There is simply no substitute for casting your vote in a manner that ensures your choice is unknown to those who might wish to coerce you. The only viable method for doing that is to have your privacy ensured in a public polling place, by poll watchers.

  • simple, secure, anonymous - if you chose only 2 it is easy, if you want all three it is hard.

    Simple and secure online banking is commonplace - but there is no anonyminity involved.

    Simple and anonymous vote counting is easy - but if you want to make it secure you have a whole extra set of problems

  • I hate to ask, but did anyone besides me read the actual report? These comments were based on attending (sitting) through two 3 day meetings, not even noting if the authors actually bothered to ask any questions or just sat through the powerpoints. Does anyone think these were the only ones there? Even the authors acknowledge they were not.

    The criticisms basically fall down on "computers are broke and can be exploited" - ain't that a newsflash. They fail to note that the system is being deployed in phy
  • Unfortunately, with remote technology the only way to have results that are verifyable as correct is to remove anonymity from voting. Currently when you roll into your local voting precinct they record your info with a pen and paper and let you have at voting. It's irrelevant to track who you vote for because all that matters is person A showed up and voted, and as long as the number of people matches the number of ballots all is good.

    With e-voting, it becomes necessary to know specifically who voted AND
  • Google News featured an "Information Week" article, "Internet Voting Inherently Flawed, Researchers Say." That word, "inherently," caught my attention. As in, "cannot be fixed," "an essential part of the nature of the Internet." IOW, *anything* that uses the Internet for polling is inherently unsecure in a similiar situation.

    What does this imply for business applications over the Internet? Perhaps simple commercial transfers do not require the same level of security and reliability as voting does, but wo

  • Here one way of looking at the problem:

    You don't vote in the election. You tell your computer how you want to vote and the computer votes for you.

    So: should you trust your computer?

    Smart people don't trust something that flexible and software driven.

    I think a reasonably secure single purpose system could be devised. This would in effect be a personal voting machine. However it would have the same drawback that all voting machines have: the needs of democracy aren't factored into the design requir

Any sufficiently advanced technology is indistinguishable from magic. -- Arthur C. Clarke

Working...