Hacker infiltration ends D.C. online voting trial

Washington Post ^ | October 4, 2010 | Mike DeBonis

[tlb]

Last week, the D.C. Board of Elections and Ethics opened a new Internet-based voting system for a weeklong test period, inviting computer experts from all corners to prod its vulnerabilities in the spirit of "give it your best shot." Well, the hackers gave it their best shot -- and midday Friday, the trial period was suspended, with the board citing "usability issues brought to our attention."

Here's one of those issues: After casting a vote, according to test observers, the Web site played "Hail to the Victors" -- the University of Michigan fight song.

"The integrity of the system had been violated," said Paul Stenbjorn, the board's chief technology officer.

Stenbjorn said a Michigan professor whom the board has been working with on the project had "unleashed his students" during the test period, and one succeeded in infiltrating the system.

Last week, Common Cause and a group of computer scientists and election-law experts warned city officials that the Internet voting trial posed an unacceptable security risk that "imperils the overall accuracy of every election on the ballot." But board officials said the system provides security and privacy upgrades over a method of Internet voting that's already legal: filling out a paper ballot, then scanning it and attaching it to an e-mail.

[tlb]

I would have chosen a more meaningful song to signify the casting of a vote. Perhaps The Holy Model Rounders singing "Do You Like Boobsalot".

[LadyBuck]

>>the Web site played “Hail to the Victors” — the University of Michigan fight song<<

We in Buckeye Nation have our own salty version of that song, which in a happy coincidence, accurately describes most politicians.

[Mr. K]

I am a computer software engineer- it is possible to vote securely online- money transaction are even MORE vulnerable but they are successfully done all the time

[freekitty]

Maybe the government doesn’t realize it; but the hackers can see them cheat too.

[thackney]

Those are the only words to the song I know.

Quite fitting for most politicians.

Go Bucks!

[KarlInOhio]

I am a computer software engineer- it is possible to vote securely online- money transaction are even MORE vulnerable but they are successfully done all the time

The big difference is that most of those making money transactions have no anticipation of anonymity. When I tell my bank to send another bank money, both banks know who I am and have a complete record of my transaction and sometimes even call me to verify the transaction if it doesn't fit my normal habits. Should the board of elections keep track of all of your votes so they can call to ask you why you voted for a Dem this time because it doesn't match your history of voting for Republicans?

[zeugma]

I am a computer software engineer- it is possible to vote securely online- money transaction are even MORE vulnerable but they are successfully done all the time

The two types of transactions are very different, with very different problems that need to be solved unless you want to get rid of the concept of a secret ballot. 

See The Problem with Electronic Voting Machines by Bruce Schneier. He and others have written extensively about the issues. I wouldn't trust any electronic voting system I've seen proposed so far.

[oh8eleven]

... without having to worry whether the mail would get them back to elections officials before final counting.
Ah so, we replace one failed gov't system with another. "We're here to 'hep 'ya."

[LomanBill]

[money transaction are even MORE vulnerable but they are successfully done all the time]

 

Uhuh...  One if by Land, Two if by Sea, and Three if by wire transfer.

LomanBill: So basically, at the wire transfer level, the separation between Argent and Ameriquest is a facade that's being maintained to pretend compliance with the AG agreement?

 

H1B "Software Engineer":  Ha ha ha.  Yeah but nobody knows that.

 

LomanBill: Ha ha ha? It's not your country that's being raped, is it a$$hole.

 

NO SALE

[slowhandluke]

I am a computer software engineer- it is possible to vote securely online- money transaction are even MORE vulnerable but they are successfully done all the time

You aren't the only software engineer here. It is possible to steal money from online transactions, but stealing from 100 out of 10000 transactions in a day doesn't change much. Stealing 100 votes out of 10000 can be a very big deal.

Even stealing from 9000 out of 10000 transactions doesn't change the direction of the country ... oops. I've gone too far now, HFT might just be doing that.

[Mr. K]

Those are geeks with names like “deathmaster” who think they are so tough in their mom’s basement

computer transaction can be made secure- you just have to be serious about it

I really dont care one way or another if they use computers or not. the fraud from hand ballots can be just as bad if they hijack the truck and exchange the ballot boxes or stuff them

i am NOT promotig computer voting at all, I am just making a point about computers - not about the voting

[LomanBill]

[Those are geeks with names like “deathmaster” who think they are so tough in their mom’s basement]

No.

That was essentially the conversation I, MYSELF, had with Mr. H1B "Software Engineer" - when I was being trained to take over the maintenance and development of software used to process the wire transfers of Argent Mortgage and Ameriquest - just before I'd seen enough, pushed the eject button, and got the hell out of there.

 

This was my desk Argent Mortgage


The issue isn't only the security of the transactions themselves - but the systemically corrupt environment in which those transactions were initiated.

[am just making a point about computers]

FAIL.

[Mr. K]

dumbASS FAIL

the corrupt ENVIRONMENT is my point, exactly

not the computers- the computer so exactly what ytou tell them to do

[LomanBill]

>>the computer so exactly what ytou tell them to do

LOL. Which in the case of the D.C. online voting trial was to play the Michigan Fight song?

 

Oops. 

 

FAIL again.

>>my point, exactly

Your point was that the folks who coded the voting software wanted it to play the Michigan Fight song?

>>dumbASS

Not having much luck covering yours are ya? Maybe you should try bigger pants.  Or a muzzle.