Experts Critique SERVE Internet Voting System

linuxwrangler writes "SFGate is reporting that a critique by four security experts claims that SERVE, a system being developed to allow US citizens overseas to vote via the Internet, is so vulnerable to attacks that it should be scrapped. The other six experts who examined the system declined to issue a report. Nevertheless, the Pentagon stands by the system and plans to use in in elections next month."

Important

[Mork29]

It's a shame that the government and these companies can't get their act together, and build a simple, secure voting system that includes a paper trail. Why is that so complicated. I'm currently serving in the US Army in Germany, and an online voting system would truly make life easier. It's a soldiers job to defend democracy, so it's a very sacred thing for us to be able to take part in it. To be able to vote right over the internet without much hassle is something has taken far to long to develop.

Re:Important

[WegianWarrior]

A simple secure online system is anything but simple to develop. Now, I don't know how the US has arranged for citizents living or working arbroad in previous elections, but I know that we (ie Norway) has usually asked people to go a central location to register their votes (embasy, consulate, military barracs*). It should be relatively simple to set up a secure** server at each such location which collects the votes casted and contacts the central server once every day or so. The collected votes, complete with a papertrail, chould then be sendt in an encrypted form, possible utilizing a one time pad to prevent tampering.

However, if the system should include a 'log on anywhere' capability, not be reliant on installing a client on the users PC, and be reliant on sending the information over the internet... good luck making it secure. I seriously don't think it will ever be secure enought for this application.

__*) if you look at the number of soldiers on either NATO, UN or other mission*** abroad compared to the number of people living in Norway, we have more soldiers out there than the US have... but then, there are less people living in Norway
_**) Secure in this meaning could include a squad of soldiers making sure no one tampers with the server, if you're so inclined.
***) Like the people we have in Iraq right now, helping secure and rebuild that nation.

Re:Important

[Catbeller]

Paper. Ballots. Count them. Works for everything.

Electronic ballots: enables cheating. Period.

We don't need systems with paper audit trails. We are just adding insane cost to a very simple process. We have systems that work, called "paper". The only people who claim they don't work were the ones who wanted an election to stop *

Why, oh why, do these "designers" insist on an unauditable system, when it is trivial to add a printout? **

And why have a even have a system with a paper backup for audits when we

Re:Important

[Myxx]

Yes...paper works much better. With electronic systems one could use dead people's names, make up people, use children's names, or worse show up and vote for someone else. You could enter a whole bunch of fake votes that way.

Paper allows you to prove beyond a shadow of a doubt that someone voted properly and for whom they voted. *

As is being said over and over, a system can and should be put in place and get rid of the current one. To me, nothing could more absolute than an electronic count. Don't forget

Re:Important

[John Hurliman]

The front page has a link to send them your feedback (javascript required). Let them know what you think.

http://www.serveusa.gov/public/aca.aspx

Re:Important

[dave420]

Defend democracy? Why didn't they all kick the living shit out of Bush when he visited Iraq then :) He's the biggest threat to democracy since Hitler.

Re:Important

[Zeinfeld]

No, because all godwin's law does is serve as a tool for people with weak arguments to call "game over!" when they face an opponent who utters the H-word.

Actually this is pretty much the way Godwin's law came about. Godwin is himself a notorious flame artiste and he has a habit of taking arguments to ludicrous and vitriolic extreemes. His tactics are pretty reminiscent of the tactics used by the followers of totalitarian regimes to quell dissent.

Accusing Bush of being fascist is not something I do, it

Re:Important

[MrLint]

Frankly I dont think anyone in charge of this wants a paper trail. To wax conspiratorial for a moment, non-auditable, hackable, and unverifiable electronic voting it going to give 'them' the ability to hand elections to whomever 'they' want. The voters be damned. I'll warn you now.. there are going to be very dire consequences to this.

Re:Important

[ThePythonicCow]

The article seems to be saying that because the internet and the PC used for voting is insecure, therefore the voting system must be insecure.

That part I don't agree with.

It is fundamentally possible to have secure communications over an insecure link. For example, each voter gets a unique number, encrypts their ballot using a common public key inside a message encrypted using their unique number. At election headquarters, votes can be received by paper, email, or any other insecure means of transmitt

Re:Important

[lynx_user_abroad]

...encrypts their ballot using a common public key inside a message encrypted using their unique number....

I was wondering if you could explain this a little bit more clearly. I'm having a difficult time explaining to my grandmother why this "choose two three-hundred-and-eighty-four-bit prime numbers, multiply them together..." is a better system than "put an "X" into the box by your candidate's name, place it in the envelope.

Suse, we can write software to do all the dirty bits, but at that point how d

Re:Important

[Twylite]

1. Anyone can generate votes with "unique numbers" that don't belong to them. Some may be invalid, others are successfully forged. Unless the "unique number" is a randomly-generated 128+ bit number, forgery is quite possible.
2. It is trivial to trace the vote back to the voter. Method #1: decrypt the vote. Not supposed to happen in theory, but in practice not unlikely. Method #2: given a voter's unique number, generate all possible votes and match the results. Can be defeated by including a random number

Re:Important

[ThePythonicCow]

However, regardless of whether a secure voting mechanism can be implemented over the internet, this one is in deep doo-doo:

1. I doubt that our institutions are capable of providing a secure voting mechanism without much trial and error (at the expense of our elections)
2. Those who make the most use of election fraud now have much to gain from claiming that this voting system is allowing the _other_ side to steal elections. It puts the heat on the other side, and tends to delay the acceptance of these new s

Re:Important

[drooling-dog]

I'm currently serving in the US Army in Germany, and an online voting system would truly make life easier.

Plus, it would be so much cheaper and easier for authorities to get the required results. No more trucking bags of ballots off to secure & undisclosed locations for selective overnight spoilage, etc. The efficiency of military planning would be enhanced by the greater predictability of elections on the national level, and the American Empire would be strengthened as a result. It would also help pro

Online voting?

[einhverfr]

Electronic voting could be had today.

The fact is-- a simple, secure, electronic voting system which includes an electronic signature and paper trail would not be too hard to put together. The hard parts are already built.

I would design a system to have the following components:
1: Kerberos V authentication

2: Digital signatures on database entries (this is probably the hardest part because you have to figure out how to generate a signature based on many fields, though a simple field1 || field2 || field3

Re:Important

[Mork29]

When I joined the military I raised my right hand and swore an oathe to defend the constitution, and I take that very seriously. Now, I also swore to follow the orders of the president of the united states. He was elected in a democratic election. There may have been problems with that election, he may not have had the popular vote, but he was elected by a democratic proccess, and I've followed his orders and the orders he has given to the officers appointed over me. That is what democracy is. I'd appreciat

Re:Important

[AtheismIsGood]

I'd like you to walk into a VFW hall and tell them what you've said.

A lot of people would like to be able to walk in those countries that have had the "pleasure" of hosting american soldiers.

Honestly, do you really think that all military interventions the US does abroad is good? I hope you know that the track record of supporting the democratic process of foreign countries isn't very good.

I hope that you will refuse to follow orders the day your heart tells you they are wrong.

Re:Important

[tuxette]

He was elected in a democratic election. There may have been problems with that election, he may not have had the popular vote, but he was elected by a democratic proccess,

Please explain to me (and I'm sure many others here) how the electoral college system is "democratic." Because I don't think it is. Bush was elected by the electoral college, not by the people. Had it been an election by the people for the people, Gore would be president.

Gore won an election that wasn't held

[jjo]

The electoral college system is democratic. If the electoral college had turned out to be the independent, deliberative body that the Framers envisioned, that might not have been the case, but in reality it is nothing more than an administrative way of conveying the results of the popular election in each state.

The electoral college system is democratic , but combined with state laws providing that the winner in that state gets all of the electoral votes, it weights the votes in each state differently. V

Re:Important

[YrWrstNtmr]

Had it been an election by the people for the people, Gore would be president.

Not necessarily. This graphic [freewebs.com] puts the 2000 election results in a different light.

Re:Important

[Ath]

First off, we have a Constitution which defines the election process for the Presidency is based on the electoral college. Don't like it? Get it changed.

That said, this is the most ridiculous spin on the popular vote argument I have yet to see about the 2000 elections. The fact is, Gore won the popular vote. No respectable person disputes that fact.

The idea of one person one vote doesn't apply in the US presidential elections. And that chart simply reinforces why no one really wants to change it. Even on

Re:Important

[imadork]

Please explain to me (and I'm sure many others here) how the electoral college system is "democratic." Because I don't think it is.

The electoral college as it currently stands is "democratic" if you consider that the US President is not elected by a single election, but 50 separate elections held by each state. Each voter has an equal vote to determine the outcome in that state. It traces its origins to when the president was not directly elected by voters, but elected by people appointed by their individ

Re:Important

[Zeinfeld]

Now, I also swore to follow the orders of the president of the united states. He was elected in a democratic election. There may have been problems with that election, he may not have had the popular vote, but he was elected by a democratic proccess, and I've followed his orders and the orders he has given to the officers appointed over me.

The point here is that although Bush and Co manifestly abused the spirit of the democratic process, the forms of that process were not affected. The decision of the Su

Re:Important

[Mork29]

If they're illegal, we can justly refuse them. If they're not illegal in the purest sense of the word, we follow them. Our job is to say what's right and wrong. That's the job of congress, the president, and the voters. The voters willed President Bush into power. Congress voted for action in Iraq (even if they regret it). Then President Bush sent us to war. It was a democratic proccess.

Re:Important

[lfourrier]

...The voters willed President Bush into power...

It remains to be demonstrated.
Note: for foreigners, your US ssystem with one level of indirection seems the best way to have undemocratic results. You can have a president elected without the majority of the people vote. Last time was an example of such, not the first, but the most flagrant. And don't bother me with federalism, and the weight of the states. Your constitution begin with: We the People, not We the States, or We the Corps.

Re:Important

[kfg]

We the people of the United States, in order to form a more perfect union, establish justice, insure domestic tranquility, provide for the common defense, promote the general welfare, and secure the blessings of liberty to ourselves and our posterity, do ordain and establish this Constitution for the United States of America.

Following this sentence is the definition of what "the people" considered to be a more perfect union in order to secure the blessings of liberty.

Innate in that definition is that "t

Re:Important

[Eivind]

It's Constitutional.

...and therefore beyond critisism. Seriously, I agree that the US constitution is not hopeless, indeed for the time it was written it was quite radical.

But today it *does* show it's age. And a few points are downrigth undemocratic.

Worst when it comes to the elections are not the Electoral College in itself, but rather the fact that even though multiple people are elected from each state for the college, it is winner takes all.

It's pretty obvious to most people that if the population of a state is split 50/50, and that state sends 8 representatives, the democratic option would be to send 4/4 representatives, not 8/0 in favor of whichever party happens to get 50.2%.

It's also pretty obvious that a system in which everyone living in a clearly-republican or clearly-democratic state has no reason at all to go voting is not exactly optimal. How much, exactly does my vote for the republican candidate count if I live in a state far away from the balance-point (in either direction!)

Re:Important

[Abcd1234]

Sounds like a good reason to *not* leave that decision up to the state. The government that's currently in power and has the majority is going to favor a winner-takes-all approach, because it favors their party. Big surprise. And I think it's pretty clear that such an approach is, generally speaking, less democratic than the vote-splitting approach, as it less accurately represents the will of the voting public. So, why not just enforce the more democratic approach?

And, BTW, yes, I think state autonomy

Re:Important

[Vengeance]

ROFL -- Even Al Freakin' GORE got more votes than George W. Bush did... They just weren't distributed 'correctly'. One cannot honestly say that the voters willed him into power, unless one amends it to say 'a close minority of voters'.

Re:Important

[Mork29]

Where is the justification for your illegal war? The look on the Iraqi's school childrens faces when you give them a pack of markers to bring to school with them. The mass graves that were uncovered, because of Sadam's rath. That's what I personally think is the justification. The fact of the matter is my opinion doesn't matter. What I think is sad, is that I can post my comments with pride and my handle shown, but your forced to send out your forced to troll without saying who you are. I'll bite on your c

NYTimes Link

[a.koepke]

Here is the no rego NYTimes link [nytimes.com] for the article mentioned in the report.

So for decision 04,

[gnu-sucks]

We'll be counting hanging TCP connections?

Why is this so hard?

[Corpus_Callosum]

If the U.S. govt would ask a University Comp-Sci department (any University) to initiate an open-source secure electronic voting system, this problem would solve itself very rapidly.

Why do these things continue to go out to bid instead of being handled in academia where they should be?

Re:Why is this so hard?

[gid13]

Get your tin-foil on for a moment. :)

Speaking... hypodermically... IF the government was completely unethical, and IF the company handling the voting systems was completely unethical, THEN instead of getting a quality open-source voting system for free, the corrupt voting systems people could get some tax dollars, and the government could take a kickback and a guarantee of reelection. Then again, that would require the voting systems people to apply uncertified code to voting systems, right? Oh, wait...

Re:Why is this so hard?

[Daengbo]

Speaking... hypodermically...
So, you want your post to get under my skin? What is that, something like flamebait?
Dan

Re:Why is this so hard?

[cperciva]

Why do these things continue to go out to bid instead of being handled in academia where they should be?

You know, computer scientists aren't necessarily good programmers. In fact, most computer scientists are incredibly bad programmers -- they may know all the algorithms, but actually being able to produce working code is a completely different matter.

Re:Why is this so hard?

[Reivec]

If it were open source patches would come in from all over the place. The algorithm is the important part! The bugs can be worked out as you go. But if your algorithm is crap, no amount of debugging will make it better.

I totally agree with the parent here. It would be cheaper, it would be a good educational tool for universities to get their students in. It wouldn't be hidden from the public since this is such a public issue. Experts could inspect the code at will and provide patches. I can't even really think of a negative here. I simply think too many government officals are convienced that if the source is open that means anyone can figure out how to break it, which isn't really the case.

Plus any good NEW ideas that might come out of it would also be open and could be used in other applications. And if they did, they would make good standards since they would probably be under a BSD type license. Good all around I say!

Re:Why is this so hard?

[Ckwop]

SSL is a secure channel protocol and the simplest of the standard cryptographic problems. It is monsterously complicated to code but the basic premise of how it works is fairly easy to understand..

However, Just the description of secure voting schemes is pretty monsterous.. In Applied Cryptography, Bruce takes a chapter to develop a secure voting protocol.A real world system is an order of magnitude more complicated..

I think the way to develop a secure voting system is to have an international competit

Re:Why is this so hard?

[xenocide2]

In real world systems, internet secure voting protocols are indeed on another level of existance. They require that the person who cast the vote is who they say they are, while at the same time needing to ensure that nobody can figure out who the person casting the vote is. A difficult bag indeed.

Re:Why is this so hard?

[EvilTwinSkippy]

Er, no. The problem would seem to be hopelessly complex and require a new branch of mathematics.

Much better to send it to an Engineering school. Or better yet, a bunch of Engineering school dropouts.

Presidency on eBay?

[Slashamatic]

Forget acxademia, you must remember that politics is about real things. Greenbacks in particular.

A real solution would be to put the various central government jobs, congresscritter, senator up to president on eBay and auction them off. eBay is reasonably secure and at least we are taking a fair view of the political system. The money raised goes towards the next year's budget.

Re:Why is this so hard?

[Lolox]

Please explain what the Comp-Sci department grad students can do about creating an e-voting system where you can vote from any PC, anywhere, and that is resistant to

• DoS attacks (SERVE's webpage says that they have something up their sleeves, but the experts in the article don't buy it)
• Trojans/Malware in the voter's computer
• Man-in-the-middle attacks
• Insider attacks once the system has been verified

(Acknowledged: having widely-reviewed source by academics across the globe would help guard against

Re:Why is this so hard?

[mpe]

If the U.S. govt would ask a University Comp-Sci department (any University) to initiate an open-source secure electronic voting system, this problem would solve itself very rapidly.

No doubt the US government would get upset were the answer something along the lines of using a system which could be easily counted by hand or machine, without involving lots of computer hardware and software. Especially if "not invented here" syndrome was involved.

Why do these things continue to go out to bid instead of being handled in academia where they should be?

It's a political dicision. The claim is that putting things to "the market" (the criteria being such that only a very few businesses could even put up a bid in the first place) is "more efficent". Whereas in actual practice it could just as easily be "corporate welfare".

Re:Why is this so hard?

[laird]

Please go visit the Open Voting Consortium [openvotingconsurtium.org]. They are working on an open souce voting platform [sourceforge.net]. Their system is nearly ready for a public demonstration, and will need all sorts of volunteers in order to ramp up for the "production" version for certification. The people involved are pretty amazing.

Re:Why is this so hard?

[laird]

Damn, typo in the link. Here it is: http://www.openvotingconsortium.org/ [openvotingconsortium.org].

In other words...

[gid13]

...100% of respondents (in this case, all qualified) say the system sucks, and the people in power say "Nah, go with it!"

The optimistic interpretation: The pentagon is full of idiots.

The pessimistic interpretation: The pentagon is full of corrupt people.

My interpretation: The pentagon is full of corrupt idiots.

Re:In other words...

[jmv]

Let's see...

The optimistic interpretation: The pentagon is full of idiots.

Even idiots would have changed their mind after the results.

The pessimistic interpretation: The pentagon is full of corrupt people.

Non-idiot corrupt people wouldn't have asked for a security analysis like that (makes them look bad).

My interpretation: The pentagon is full of corrupt idiots.

I have to agree with this interpretation, since it's the only one that's consistent.

The defense department's response?

[gid13]

From the article:

"We've had things put in place that counteract the things they talked about."

Gee, thanks for being specific. I'm convinced.

How It Works

[stewwy]

1) Decide who will win

2) Allow Voting

3) Announce result

Using this task order means that 2) is redundant and therefore has no impact on the result, therefore you do not need a secure system and can save money by purcasing a system off your friends

Re:How It Works

[miguel_at_menino.com]

1) Decide who will win

2) Allow Voting

3) Announce result

4) Profit!!!!!

Yea! EVERYONE gets to vote!

[narratorDan]

Most Americans don't vote, so I think it's only fitting that the people who are most effected by American policy now have a chance to have their votes counted!

NarratorDan

Re:Yea! EVERYONE gets to vote!

[narratorDan]

I've also voted in every election since I turned 18. I was barely eleven in 1984, so it's not as many votes as you have made. However, the simple fact is less that 40% of Americans vote. What does that say about American democracy? Answer: Most Americans don't care enough to vote. There are too many reasons for me to count.

Mr. (Miss||Mrs.) AC, my hat is off to you, and here is a toast, "may this election signal the turning point in American political apathy."

NarratorDan
Yea, I responded to an AC.

Re:Yea! EVERYONE gets to vote!

[andreMA]

Answer: Most Americans don't care enough to vote

Alternatively, some care deeply but think the candidates on the ballot all suck and stay away from the polls in disgust. Allowing them to vote "None of the Above" and having that total reported with the other results would likely increase turnout to fair degree, since their voice ould then be 'heard'.

I seem to recall that at least one state (Nevada?) does this and "NOTA" has on occasion 'won' in state-wide races.

One of them disgusts you less than the others

[Motherfucking Shit]

Alternatively, some care deeply but think the candidates on the ballot all suck and stay away from the polls in disgust.

I don't care how disgusted I am, I'm not going to stay away from the polls. Voting for a candidate because you see him as the lesser of all evils, even if that candidate still disgusts you somehow or another, is not a wasted vote, because you're voting for the candidate you most approve of. That's what an election is all about. Not bothering to show up at the polls because all of the candi

Pentagon??

[femto]

What is the Pentagon doing developing voting systems? As a major recipient of government money, with no funding guarantees, wouldn't it have a significant vested interest in election results?

Re:Pentagon??

[WegianWarrior]

Uhm, maybe because a very large part of those US citizens abroad are soldiers, and would like to be able to vote? After all, it's the politicans who decided to put their asses on the line, so it makes sence if they (ie; the soldiers) want to have a say in which politicans that run the show...

Re:Pentagon??

[Qrlx]

well, they could just vote the normal way. even when their ballots came in late in 2000, and technically should not have been counted, they were still added to the tally in ... florida

nevermind. i think i figured it out.

Re:I know it still stings that your boy Gore has b

[Qrlx]

Fine, here's the non-tinfoil-hat version of my comment.

My point is that the system we have been using, called mailing in paper ballots, works fine. The electorate even recognizes the extra difficulty in receiving votes from military personnel out of the counry, and bends over backwards to make sure the votes are counted.

I said "technically" should not have been counted. I don't think it would be fair or proper, (though technically it would be correct) to dismiss their votes because the mail took an extr

Re:Pentagon??

[femto]

That's not a reason.

Soldiers can still vote if the overseas voting system is developed and run by an independent entity, with independent funding. Soldiers may have to trust the Pentagon with their well being, but hat trust should NOT have to extend to trusting the Pentagon with their vote.

Re:Pentagon??

[YellowBook]

It certainly does. But if you look at the problem closer, it gets even worse.

Now, presumably the reason the Pentagon is involved in the development of an absentee voting system is that military personnel overseas are the largest group of absentee voters. All well and good; it is vitally important that our troops be able to exercise their rights while they're out there doing their duty.

However, things are more Interesting this year. Traditionally, military absentee ballots have been free votes for the

vote

[edverb]

Vote by absentee ballot this year. I reckon the paper trail might be necessary (again).

Pentagon in the Democratic Election Space ?

[leoaugust]

An Internet voting system developed by the Pentagon for U.S. citizens overseas is so vulnerable to attacks that it should be scrapped, four computer security experts said in a report released Wednesday.

Forgive me for asking but why is the Pentagon involved in the conduct of Elections? Isn't there some more neutral organization ? It is like asking the Republican-leaning ("I am committed to delivering ...") Diebold to be in charge of conducting elections. If it was the State Department (Colin Powell) it would make sense but the Pentagon (Donald Rumsfeld) ? There is no democracy in the Defense Services and None at the Pentagon - what makes them so confident that they know what democracy needs.

Defense Department spokesman Glenn Flood said the Pentagon was confident the system is secure. "We knew from the start that security would be the utmost concern," Flood said. "We've had things put in place that counteract the things they talked about."

Again forgive me for bringing it up, but they seem to be brushing off concerns like the did before attacking Iraq. (We have it all under control, and it will cost less than 1.5 billion dollars ...)

"We knew from the start that security would be the utmost concern ..."

Yes, but they said the same before attacking Iraq. Knowing something does not mean that they have planned for it. It is like a doctor who knows the name of the disease but that does not mean he/she knows how to cure it. And the Pentagon has not addressed the legitimate concerns.

But the Pentagon is standing by the system, which could get its first test Feb. 3 in South Carolina's primary election.

Bring 'em on.

Re:Pentagon in the Democratic Election Space ?

[mpe]

Forgive me for asking but why is the Pentagon involved in the conduct of Elections? Isn't there some more neutral organization ? It is like asking the Republican-leaning ("I am committed to delivering ...") Diebold to be in charge of conducting elections.

In many places elections are run by a neutral "civil service". (With care being taken to ensure that any civil servant is not seen to be in a position of conflicting interests.) AFAIK no such entity even exists in the US.

If it was the State Department

Re:Pentagon in the Democratic Election Space ?

[karmaflux]

The Pentagon was ordered to create a voting system to replace the current mail-it-in absentee ballot system... because a shit-ton of soldiers in Korea, Germany, Iraq, and all the other myraid places we show up.

It's the Pentagon developing it because the soldiers will be using it. This is not intended to be John Q. Backwoods voting from his AOL.

This [fvap.gov] is their home page, and here is the here [fvap.gov] is the law that brought them into being.

They'll probably recognize that something's...

[Undefined Parameter]

... not working right when 700,000 Privates with the last name of Chen vote for the Communist party candidate. Who needs a Manchurian Candidate when you can just elect Chairman Jia Qinglin himself? :-P ~UP

Why Not use Soldiers?

[Linus Sixpack]

Considering the US military presence in so many countries (I think 145 at last count) whats wrong with a few polite soldiers, a few witnesses, and a paper trail.

Lightning fast counting with no paper trail seems too much like an adaptable magic wand to say whatever Bush wants it to say.

ls

Bush? (was Re:Why Not use Soldiers?)

[cascadingstylesheet]

Lightning fast counting with no paper trail seems too much like an adaptable magic wand to say whatever Bush wants it to say.

Why Bush?

Those dead people in Chicago, the inner city residents who get bussed from polling place to polling place, and those who aren't, er, technically citizens, weren't voting Republican last time I checked.

Does you're side really want to start talking about voting fraud (as opposed to metaphysical "voter intent" and "hanging chads")?

You're goddamn right I do

[revscat]

Does you're side really want to start talking about voting fraud (as opposed to metaphysical "voter intent" and "hanging chads")?

As a matter of fact, YES. Very much so. This is not a Republican issue, or a Democratic issue, or Libertarian or Green or Constitutional or any other party issue. This is an American issue, one which crosses party boundaries and loyalties. It is about the country, not a party, whatever party that may be. The goal is a strong democracy, above and beyond pointing fingers at which

Re:You're goddamn right I do

[cascadingstylesheet]

ANYONE who engages in vote fraud is reprehensible.

Yep, no argument here.

Saying "Yeah? Well they did it, too!" is no excuse, and, by dividing people into us-versus-them camps, does nothing to advance democracy.

Good thing that's not what I was saying, then. I wasn't saying "they did it too", I was saying "they did it, period". Stamping out vote fraud would probably eliminate the Democrat party, on a national level, unless they can use lawyers again to magically transform spoiled ballots into votes.

I say go for it, America

[varjag]

..and I'll be your next President!

*evil laughter*

bush

[oohp]

I won't be suprised if Bush wins again with as little as +0.0001% votes in the 2004 elections.

Switzerland and e-Voting

[Azurstorm]

In Switzerland, we have tested from some years now an online voting system (more than 4 years ago already). I can not assure that there is an absolute security but until today, it appears no problem at all. The last census in 2000 was on Internet and it was a great success, people were very happy and have for a lot of people, using the Internet way instead the paper.

Switzerland is in Europe the most developed country in Internet with more than 70% of people using Internet.

There is a LOT of security check (for me a little too much hehe), at least three codes on each page, but for what I've studied the system, it appears very good, strong and evolved.

Now it is used for some small votes until that it will be absolutely validated. After that, we will have the possibility to use it for national vote.

Perhaps you should have test SERVE on some small votes before to use it for a national election. From other countries, people were looking the last US election with a suspicious mind, it would not be very good that one time again USA will have huge problems with that!

But Internet is for sure the voting machine of the future !

Re:Switzerland and e-Voting

[dew-genen-ny]

Interesting,

But your figures on internet usage are waaay off.

Switzerland :- 4,271,998 Internet users as of Aug./2003, 57.9% penetration, per NielsenNR.

Sweden has the highest in Europe: ( 6,726,808 Internet users as of Sept/2003, 75,8% penetration, per NielsenNR.)

Other countries including the UK and NL are ahead of you as well, with 58.2% and 63.7% respectively.

I'm afraid you're a casuality of Swiss propoganda ;) and yes, I live in CH too so I am not talking out of my arse.

FYI the stats came from here:

Did they steal this from the onion?

[jsebrech]

I swear, this seems like an onion article or a monty python sketch.

"We've had things put in place that counteract the things they talked about."

Yeah, those things that counteract things are just great. You can xyzzyfy the floobargs to make them do really cool things too.

There is no way to verify that the vote recorded inside the system is the same as the one cast by the voter.

Sounds like the wheel of fortune of election systems. Sadly, the regular electronic election systems (diebold anyone?) are no

Can someone assist us in developing e-voting?

[Quizo69]

First off, before lots of people visit our site, could one or two of you please, PLEASE mirror our site as we have very limited bandwidth (8GB per month).

I have just put up the beginnings of an Australian political party based largely online, and one of the central tenets is to have members be able to directly influence policy creation and modification by submitting secure, anonymous-yet-verifiable votes. In the age of near ubiquitous internet access I see this as the most logical progession of true democr

Fundamemtally Insecure

[igaborf]

My problem with any such system is that it doesn't protect against coercion. One reason traditional polling booths are set up the way they are is to prevent anyone from knowing how you voted. If you're voting from home via the Internet, that's not possible. Imagine someone who has power over you standing behind you while you vote to ensure you vote "right." (If you're a leftie, you can think of that person as a representative of the evil corporation. If you're a rightie, you may want to think of a union shop steward.)

Note that this is not a computer security problem. Even if the voter's identity is established to a certainty, it doesn't ensure the voter is not being coerced.

There is simply no substitute for casting your vote in a manner that ensures your choice is unknown to those who might wish to coerce you. The only viable method for doing that is to have your privacy ensured in a public polling place, by poll watchers.

Re:But absentee votes are also subject to coercion

[igaborf]

You have to compare it to the system it's intended to replace/augment: the current overseas absentee ballot system, which is also subject to coercion.

That's a valid point, but there has been a lot of talk about using systems like SERVE for domestic voting, so I think the issue of coercion needs to be raised.

It also suggests that the SERVE system is not attacking the problem of voting by deployed service members in a manner that solves the real underlying issues.

simple, secure, anonymous

[slash.dt]

simple, secure, anonymous - if you chose only 2 it is easy, if you want all three it is hard.

Simple and secure online banking is commonplace - but there is no anonyminity involved.

Simple and anonymous vote counting is easy - but if you want to make it secure you have a whole extra set of problems

why is this story posted at 3am ???

[Petronius]

Just curious.

Did anyone read this report?

[digrieze]

I hate to ask, but did anyone besides me read the actual report? These comments were based on attending (sitting) through two 3 day meetings, not even noting if the authors actually bothered to ask any questions or just sat through the powerpoints. Does anyone think these were the only ones there? Even the authors acknowledge they were not.

The criticisms basically fall down on "computers are broke and can be exploited" - ain't that a newsflash. They fail to note that the system is being deployed in phy

security and e-voting

[BobRooney]

Unfortunately, with remote technology the only way to have results that are verifyable as correct is to remove anonymity from voting. Currently when you roll into your local voting precinct they record your info with a pen and paper and let you have at voting. It's irrelevant to track who you vote for because all that matters is person A showed up and voted, and as long as the number of people matches the number of ballots all is good.

With e-voting, it becomes necessary to know specifically who voted AND

Implications for Other Internet Services

[Pooua]

Google News featured an "Information Week" article, "Internet Voting Inherently Flawed, Researchers Say." That word, "inherently," caught my attention. As in, "cannot be fixed," "an essential part of the nature of the Internet." IOW, *anything* that uses the Internet for polling is inherently unsecure in a similiar situation.

What does this imply for business applications over the Internet? Perhaps simple commercial transfers do not require the same level of security and reliability as voting does, but wo

Could be done, but not on PCs

[hey!]

Here one way of looking at the problem:

You don't vote in the election. You tell your computer how you want to vote and the computer votes for you.

So: should you trust your computer?

Smart people don't trust something that flexible and software driven.

I think a reasonably secure single purpose system could be devised. This would in effect be a personal voting machine. However it would have the same drawback that all voting machines have: the needs of democracy aren't factored into the design requir

Re:Internet voting

[Sarojin]

Given that the US can't seem to get in-person voting right (Goooo Diebold), I doubt they're really ready for remote voting.

Re:Internet voting

[Fembot]

Hell they can't even manage Paper ballots [jardmail.co.uk] let alone Diebold voting machines! :-)

Re:Internet voting

[Anonymous Coward]

It's good. Now us hackers will finally control the government.

A-A-A-WHOOP!

Re:why sumthing new?

[Dak_x]

Seriously, There are enough problems with the E-voting systems in the US. Deploying insecure systems overseas just makes a bad problem worse.

US Armed Forces

[Anonymous Coward]

There are thousands of troops overseas who'd like to vote. Given that an election's outcome could easily determine the amount of time that these men and women remain overseas, I say their opinion matters...

I'm not sure why there's a push to do this electronically instead of the absentee ballots that troops have been using for years, but it's probably something to do with "possible impropriety" in how soldiers' overseas ballots were counted (or not) in 2000.

as long as expats have to fill out tax foms...

[tuxette]

...they will have the right to vote. No taxation without representation.

Taxes

[Detritus]

I've worked overseas, both in and out of the military. In both cases, I had to pay state income tax to my legal state of residence, not to mention federal income tax and social security tax. If they are going to tax me, even when I am living on the other side of the world, they damn well better allow me to vote.

Re:One idea I've heard is that expats ought not vo

[surprise_audit]

By "residents" do you mean "US citizens currently residing in the US"? How about Green Card holders, or the various work permit holders (H1, L1, etc)? These people are not allowed to vote, yet are required to pay tax.

In some parts of the country it can take up to 10 years for a legal immigrant to progress from visa to green card, and then there's a further 5 year wait before he can apply for citizenship

Re:One idea I've heard is that expats ought not vo

[AKnightCowboy]

By "residents" do you mean "US citizens currently residing in the US"? How about Green Card holders, or the various work permit holders (H1, L1, etc)? These people are not allowed to vote, yet are required to pay tax.

Some of us would say they should be deported. We have a high enough unemployment rate that we don't need to be importing workers. The country is full, find another to live in or go back to your home country. Try becoming a Japanese citizen sometime if you're not born there.

Re:One idea

[Zontar The Mindless]

> I've heard the idea batted around that only those
> residents of the actual States should get the
> right to vote as they're vote has a direct bearing
> on the policies that will affect them, whereas
> expats are removed from such policies by living in
> foreign countries.

Yeah, I've heard lots of ignorant and unfair ideas batted around in my time, too...

We're just as American as you are, thank you very much. And it's not like we're unaffected by US Government policy... For example -- you think Americans living abroad are exempt from paying taxes? If the US declared war on Australia tomorrow (granted, that's an unlikely event, but nevertheless), do you think the Aussie would just let me hop the next flight out of Brisbane Internaitonal back to LA? Hell, no -- I'd be interned as an enemy national.

In addition, living abroad gives us a unique advantage in seeing just how US foreign policy affects other countries and US relations with them.

> This suggestion also leads to the debate about
> allowing illegal immigrants the right to vote.

Apples and oranges. And what, pray tell, is there to "debate"? Answer: Zero. Nada. Zilch.

If immigrants can qualify for US citizenship, then they get to vote in US elections. Non-citizens are not allowed to vote. I think that's pretty easy to understand.

As for me, I was born and raised in the USA of native-born American parents; my American ancestors fought in the Revolution, the Civil War, and both World Wars; I hold a US passport; I pay US taxes. I am definitely a US citizen, and I definitely am enitled to vote in US elections.

Some people obviously have very fucked up ideas about what "citizen" means and no clue as to what it's like to be considered a foreigner.

Re:One idea

[esme]

We're just as American as you are, thank you very much. And it's not like we're unaffected by US Government policy...

Not only that, but Americans living abroad are likely to return to the US. Lots of people live abroad for short periods of time and come back. Businesses do this, universities do this. And, of course, the military does this all the time.

In my case, I'm out of the country for 2.5 years, and there are three elections (02 primary, 02 general, 04 primary). Just because I'm out of the co

New Zealand for example

[pommiekiwifruit]

Does have recent residency/visiting requirements. If you have been out of the country for X years without visiting, you don't get to vote. After all, I might know who the prime minister is (nice lady - chatted to her once) but I would not know who the local MP is in the area I lived in so many years ago.

Re:One idea

[Zontar The Mindless]

> So, is it which culture you beleive in, or which country you pay taxes to?

That's irrelevant. I'm a US citizen with the rights, responsibilities, and liabilities that go along with being one.

Re:conclusiveness?

[CB-in-Tokyo]

The concnesus was a majority, 4 votes against; nil for.

Re:conclusiveness?

[Urkki]

• Any way about it, it's probably safe to assume that the voting program probably really is a chunk of manure.

You wish! I bet it's carefully crafted to allow insertion of votes only by Pentagon, and is actually quite secure from everybody else. That's far from manure, more apt comparison would be a modern waste processing plant, filtering out the undesired material...

Re:Only in limited cases

[PizzaFace]

If it were necessary to vote in a public location where officials can exclude outside influences, then voters would not be allowed to use absentee ballots.

Because. . .

[Fantastic Lad]

Err... What does the Pentagon have to with the development of voting systems?

Oh, well, you see, this system is only intended for use with soldiers away from home so that they might participate in delights of democracy, (other than lavishing it upon the freedom-starved denizens of this world, that is).

Since it's for the soldiers, then it only makes sense that, um, the military provide the system. Or something like that. . .

See? It all makes sense! Every baby-step towards outright fascism is always ea

Re:It's been said before, but...

[bludstone]

While I agree with you to some extent *wears his tin hat proudly* you could also argue that the law makers are just being stupid.

What bothers me here, is that most americans.. having never experienced it, do not know the draw that "power" has.

Its huge.