Did E-Vote Firm Patch Election?

Wired ^ | 02:00 AM Oct. 13, 2003 PT | By Kim Zetter

[GirlyGirl2003]

Welcome to Wired News. Skip directly to: Search Box, Section Navigation, Content.

Diebold Election Systems has had a tumultuous year, and it doesn't look like it's getting any better.

Last January the electronic voting machine maker faced public embarrassment when voting activists revealed the company's insecure FTP server was making its software source code available for everyone to see.

[Darksheare]

Ouch.

[The Westerner]

And the problem with paper ballots was...? (Too hard to tamper with)

[Lefty-NiceGuy]

Regarding electronic voting there is an security technique "Blinded Certificates" which works similar to RSA, but lets you do some pretty cool things regarding elections.

Here's how it works:
1) I make out my ballot in a standard format.
2) I blind the it.
3) I give it to authority A and identify myself
4) He checks that I've voted only once and signs it.
5) I unblind it.
6) I turn it in annoymously to authority B via drop-box or onion routing.
7) Authority B knows A has certified this ballot.
8) The unblinded ballots can be published in the paper on or on the web.
ANYONE CAN RECOUNT THEM.
NOBODY KNOWS WHO VOTED WHAT

We have the technology to do this. The main problem is that people have to use thier own trusted computer to ensure security isn't broken, since anyone can create a device that looks like it's letting you vote and then does something else.

I know Germany and Canada just use plain simple check off ballots, and count the things quicker then we do. Many people who were at first excited about electronic voting say we should just get back to the basics.

[Lefty-NiceGuy]

Regarding electronic voting there is an security technique "Blinded Certificates" which works similar to RSA, but lets you do some pretty cool things regarding elections.

Here's how it works:
1) I make out my ballot in a standard format.
2) I blind the it.
3) I give it to authority A and identify myself
4) He checks that I've voted only once and signs it.
5) I unblind it.
6) I turn it in annoymously to authority B via drop-box or onion routing.
7) Authority B knows A has certified this ballot.
8) The unblinded ballots can be published in the paper on or on the web.
ANYONE CAN RECOUNT THEM.
NOBODY KNOWS WHO VOTED WHAT

We have the technology to do this. The main problem is that people have to use thier own trusted computer to ensure security isn't broken, since anyone can create a device that looks like it's letting you vote and then does something else.

I know Germany and Canada just use plain simple check off ballots, and count the things quicker then we do. Many people who were at first excited about electronic voting say we should just get back to the basics.

[The Westerner]

Thanks for the reply. I'm still not sold. Having been a systems software programmer in another lifetime, I firmly believe in paper ballots! I worked for Sony for awhile, debugging the stuff the programmers accidently did with the code. Sometimes a problem couldn't be tracked through the dumps. Very frustrating. Anyone can take advantage of this.

Think of it this way: when the Soviet Union collapsed, lots of brilliant scientists were out of work...now in the U.S., same thing is happening in tech. How easy would it be to hire the best and brightest and hungriest to do some fancy coding? And if you were the head of the Dixie mafia, just think how easy it would be to make sure that programmer never talks! This could be a terrific novel, doncha think?

[BlackRazor]

Wonder how long it will be until they scream that the vote was rigged electronically?

Actually, they already are. It's a pretty common conspiracy theory over at DU and other places that the Georgia Senate and gubernatorial elections were rigged in favor of the GOP. Apparently, there is some tie between Diebold and the Republicans, and the theory goes that the machines were pre-programmed (or alternatively hacked) to give the GOP wins in those races.

[Doctor Stochastic]

The newsgroup comp.risks has more. See Google or us a news reader. Below is the link to message 22.95; message 22.94 has stuff too but isn't in Google yet.


http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-8&group=comp.risks&selm=CMM.0.90.4.1065824799.risko%40chiron.csl.sri.com

[Darksheare]

*face in hand*
Shoulda figured as much.

[Lefty-NiceGuy]

Thanks, sorry about posting it twice.

USSR? Is it that bad back in the states now for IT? It'd be ironic if captialism beat commmunism only to die on its own later.

As far as the Dixie mafia hiring someone to hack a digital voting system, he won't be able to break the blinded certificates or the public counting done at the end. He may definately attack people's PCs or try to DNS attack the two administrative points.

I'm with you. We should stick with simple paper ballots and maybe look into what went wrong in the last couple elections. Personally I think we should standardise some things like the ballots at the national level so local corruption can't effect national elections.

There are voices left and right that are worried about these proprietary black-box voting boxes. I won't trust it unless it's open source.