Internet Voting Hack Alters PDF Ballots In Transmission 148
msm1267 (2804139) writes Threats to the integrity of Internet voting have been a major factor in keeping the practice to a bare minimum in the United States. On the heels of the recent midterm elections, researchers at Galois, a computer science research and development firm in Portland, Ore., sent another reminder to decision makers and voters that things still aren't where they should be. Researchers Daniel M. Zimmerman and Joseph R. Kiniry published a paper called 'Modifying an Off-the-Shelf Wireless Router for PDF Ballot Tampering' that explains an attack against common home routers that would allow a hacker to intercept a PDF ballot and use another technique to modify a ballot before sending it along to an election authority. The attack relies on a hacker first replacing the embedded Linux firmware running on a home router. Once a hacker is able to sit in the traffic stream, they will be able to intercept a ballot in traffic and modify code strings representing votes and candidates within the PDF to change the submitted votes.
Umm, encryption? (Score:3, Informative)
Why isn't that referenced? E2E encryption eliminates this, assuming the user is not an idiot.
Re: (Score:1)
That's the problem, the users ARE idiots (technically). The most powerful voting block in the country can't tell a PC from a microwave.
Re:Umm, encryption? (Score:5, Funny)
Well, both do run at 2.4GHz, at least in my house... They have a clock, and they beep when they're finished. And the computer keeps my coffee warm. Is there really that much difference?
Re: Umm, encryption? (Score:2, Funny)
One has a cup holder
Re: (Score:2)
Hey, how did you know my pc came with that option?
Are you the NSA? Spying on me or something?
Re: (Score:1)
assuming the user is not an idiot.
Well see, there's your problem.
Re: (Score:3)
I might be wrong, but the last time I checked, the forms feature in Acrobat would allow the stuff in the PDF to be submitted via SSL. It didn't submit the PDF as a file... just the stuff in the forms.
Re: (Score:3)
Maybe you missed the story from tuesday [slashdot.org] where ISPs can and do turn off the encryption for you?
Plus, if you've replaced the router's firmware, it can make it *appear* as if you have e2e when you do not.
Re: (Score:2)
Re: (Score:2)
They can easily man in the middle it.
Remember that ISP crapware they installed on your parents PC in order to connect them... did they or you make sure there wasn't a rouge CA in there?
Re: (Score:2)
Not sure about the rouge, but there could have been some guy-liner.
Perhaps you meant rogue?
Re: (Score:2)
No and no. There are other problems with end-to-end encryption, but you have not identified any of them.
Man in the middle versus E2E (Score:3)
E2E encryption likely won't work. The router would set it self up as a proxy to allow a man in the middle attack. But you might be able to use encryption of the ballot itself, not it's transmission layer to avoid a problem. However this would be a pain in the ass since now the user has to somehow assign passwords and stuff.
ssh / scp / https maybe? (Score:2)
so how about not running an http server but instead using an https connection? Here, solved this one for you.
Re:ssh / scp / https maybe? (Score:4, Insightful)
Snide answer: How about getting off your ass and actually going to the polling place to vote?
More contemplative answer: How do you actually prove the person behind the keyboard is the registered voter in question, even if your system is totally secure from threats in transit? How do you prove they're not being unduly influenced, perhaps by an employer or other person with a financial sword to hold over their head? This can be precluded in the polling place with a secret ballot; it can not be prevented if people are voting via computer or absentee. (*)
(*) Obviously allowances need to be made for people who are disabled or otherwise unable to make it to the polls, but I fail to see why an otherwise able bodied adult should regard a trip to the polling place as onerous.
Re: (Score:2)
How do you know the person at the polling place is actually legally allowed to vote?
Re: (Score:2)
How do you know the person at the polling place is actually legally allowed to vote?
We could implement some sort of credentialing system.
Re: (Score:2)
How do you know the person at the polling place is actually legally allowed to vote?
We could implement some sort of credentialing system.
I don't think Democrats would allow that. It's apparently racist.
Re: (Score:2)
The problem is solved on all sides by announcing ID restrictions that go into effect at the next major election, and providing state ID services at this one.
I mean, if you wanted to solve the problem, and not just keep poor voters from the polls.
Re: (Score:2)
Why not instead just vet a persons right to vote when they register to vote? Why should you need anything other than your registration card on election day?
Re: (Score:2)
How many polling places do you know that ask for a registration card on election day?
More so, unfortunately plenty of people are accidently registered to vote (as one example): http://jacksonville.com/news/f... [jacksonville.com]
Re: (Score:2)
That's a problem with the registration process. Maybe we need to improve that.
Re: (Score:2)
Why not an all of the above solution?
Validate that the person registering is who they say they are and eligible to vote... and again at the polling place to ensure that someone isn't trying to vote in the name of another?
Re: (Score:3)
Out of the hundreds of millions of votes cast over that past 14 years they've found less than 30 cases if in-person voting fraud which is a fraud rate of less than 0.00001%. Voter ID is just a solution looking for a problem. Before Oregon switched to vote-by-mail I would go to the polling place, they'd find my name and address in the poll book, I'd sign the line next to it and get my ballot. Now with vote-by-mail I sign the outside of the envelope (which has an inner secrecy envelope so it can be separat
Re: (Score:2)
Why make voting any more complicated than it has to be?
because there's big money to be made?
Re: (Score:2)
Out of the hundreds of millions of votes cast over that past 14 years they've found less than 30 cases if in-person voting fraud which is a fraud rate of less than 0.00001%. Voter ID is just a solution looking for a problem.
If only that last sentence were true. VoterID is a solution to a major problem: getting rid of people who don't vote Republican. If you think the whole megillah was set up with actual fraud-protection in mind, you're seriously naive.
Re: (Score:2)
It's sort of like asking why I need something other than your credit card to make purchases. It's no problem for small purchases, but voting for our elected officials is (or should be) a big deal.
There's no problem with making sure that people don't fraudulently vote. I don't think that voter fraud is a big problem, mind you, and I think "voter fraud' are just scare words mostly used to drive republican voters out to the polls to make sure their voice isn't drowned out by all the terrible "fraud" being pe
Re: (Score:2)
Yes, let's solve the problem. First we should probably look at the evidence of the problem to ensure we're actually solving it: so where is it again? It's not like this is an issue of electronic voting machines secretly switching your vote with no papaer trail for confirmation. Every polling place I've ever gone to has some sort of voting roster to ensure that you don't spend all day voting at different places, so if there's voter fraud going on there's going to be a paper trail. And yet, aside from a fe
Re: (Score:2)
The powers that be like to tout how background checks have prevented some untold number of bad guys from getting guns... often left out is the woefully small # of prosecutions of said people for their illegal attempts to acquire a firearm.
When the penalty on the books is rarely enforced, it quite easy to look for other ways to do what you want to do and know that you probably aren't going to get caught... a problem that has existed in the voting world for years: http://www.washingtonpost.com/... [washingtonpost.com]
Re: (Score:2)
We could implement some sort of credentialing system.
You mean like registering to vote?
Re: (Score:2)
uh, their name is on the voter rolls at the polling place?
you make it sound like voter fraud is an actual thing.
Re: (Score:2)
uh, their name is on the voter rolls at the polling place?
you make it sound like voter fraud is an actual thing.
You make it sound like it's not.
Re: (Score:2)
Give me a single solid example - voter validation leaves a paper trail, so the evidence should be easy to come by. And yet the only evidence seems to be in areas that let the dead vote - a avenue of fraud that could easily be fixed by cross-referencing the voter registry with the orbituaries, if only the dead didn't so consistently vote for the people making the rules.
Re: (Score:2)
Utter BS!
What paper trail? You walk in, say you are Joe Blow, live at a given street, make your mark and you get a ballot... the only way you know that this was done fraudulently is if the real Joe Blow comes in later to vote and told that he already did... which mathematically wouldn't always happen depending on how well a fraudulent voter picked their targets.
Want cases of people who were told
Re: (Score:2)
Give me a single solid example - voter validation leaves a paper trail
I worked elections for eight years in the State of New York. All we had to go on was your signature and address. The process in NYS goes like this:
Me: What's your name?
You: I'm Mr. Immerman.
Me: *Flipping through poll book, finds you* What's your address Mr. Immerman? (many poll workers omit the address verification, but we are supposed to ask, and I always followed procedure)
You: 123 Main St.
Me: Sounds good, sign here please.
In theory I can challenge you if the signature doesn't match what I have i
Re: (Score:2)
I believe the problem is that the US has a long history of organized interference in the acquisition of voting-specific ID. I've heard far fewer complaints against the usage of a state-issued photo-ID (aka drivers license, assuming you drive) Even those though can often cost upwards of $50 or so, and have limited usage outside of driving and banking, thus imposing a substantial financial burden on the poorest members of society who still wish to vote.
Keep in mind - the social safety net in the US is mostl
Re: (Score:2)
Re: (Score:1)
Really freaking simple reason: Ability to sell, coerce or otherwise influence a vote.
Physical presence at a polling location makes it impossible to do these things, at least on a large enough scale to change an election. No one knows your vote so you can't sell it and no one can "check" to make sure you voted a certain way.
Pure online voting could / would lead to massive fraud, "voting parties" where peer pressure will rule, and otherwise socialize voting. It is one thing to tell someone who you voted for
Re: (Score:2)
Really freaking simple reason: Ability to sell, coerce or otherwise influence a vote.
Physical presence at a polling location makes it impossible to do these things, at least on a large enough scale to change an election. No one knows your vote so you can't sell it and no one can "check" to make sure you voted a certain way.
1. It is possible to design an electronic system where no one but you knows your vote. That is, where no one but you can uniquely verify that a given vote is yours, and that it is set th
Re: (Score:2)
1)Possible, but difficult - any system which lets you verify your vote also makes it possible for you to provide that verification to a third party. Which probably means the sytem also has to allow you to produce airtight false verification. You still have the problem though that someone, somewhere needs to be able to discard the false votes to get the final tally - and the system breaks down if they are comprmised.
2) Your examples are all of disenfranchisement - which is a problem, but one independent of
Re: (Score:2)
>It is extremely hard to provide PROOF to someone you voted a certain way in a physical voting situation
Back when a video camera was the size of a loaf of bread that may have been true, but I've never even been asked to leave my phone outside the voting both - which means I could easily have filmed the final ballot sheet and my submission of it. The only way to avoid making such proof possible is to strip-search incoming voters. Which I don't see going over well, nor being terribly effective as miniatur
Re: (Score:2)
A physical polling station prevents this by ensuring a) the voter is not documenting the vote and b) no one else is documenting the vote. Neither a) nor b) can be guaranteed with online voting. It is extremely hard to provide PROOF to someone you voted a certain way in a physical voting situation. It is easy to SAY you voted a certain way, but that doesn't have to be true.
A physical polling station does nothing to ensure that the voter is not documenting their own vote, nor was it designed for this purpose. It's trivial in the modern era to take out your phone and film yourself voting, from beginning to end, inside the booth. Whether you throw some tantrum and manage to get your vote changed, or edit the video footage later, is your own business of course. Your peers pressuring you into demanding "proof" is just as much a problem with paper voting as it is with any other
Re: (Score:2)
When all the rest of human activity is moving to virtual spaces, why should the practice of representative government not do the same?
You can have all the virtual-space representative government you want, just as long as it doesn't intrude on the meat-space real government we all have to live with.
But I see no reason why voting must forver remain an exception to the general tendency of location-independent life.
If you care so little about a place that you cannot bother to live there, why should you be allowed to vote there? Voting on location-dependent laws has been and should be done by location-dependent people who are subject to them. I think there was a war or something about one group of people who thought the proper location for voting on laws
Re: (Score:2)
Re: (Score:2)
US citizens abroad, or voters registered to vote in one state but currently in another state,
Neither are an example of location-independent people, especially not the latter. "Currently" is a dead giveaway.
Re: (Score:2)
Re: (Score:2)
You think that having US citizenship makes one somehow bound to the US?
Where did I say that?
Not only are there people who have left the US for good but still vote (often so that they can try to make the US more like the country they currently enjoy living in).
And you can explain why they should have any say in any election in a country they've chosen not to live in? I don't particularly care about those who think they should change where I live to be more like where they live.
And with regard to out of state voting, it's entirely possible to be registered to vote in one state, and then spend the rest of one's life in another state.
Not legally. It's hard to claim residency in one state when you don't live there anymore.
Re: (Score:2)
Re: (Score:2)
It's you who is arguing for a change to a very old tradition in America (and many other developed nations) of absentee voting.
I'm WHAT? I'm arguing for a change? Now I know you're replying to someone else.
Really, you remind me of those tiresome Slashbots in the early millennium who read a little too much Heinlein and urged a requirement of military service before one could have voting rights.
I've already commented on the events that came about based on people in one place voting on laws to be followed elsewhere. That you equate a fictional requirement for some public service to earn the right to vote, and a logical and existing requirement that you be a resident of the jurisdiction in which that right exists, is the tiresome part here.
Some states have very lax requirements for maintaining residence and voting rights there.
'Lax' is not 'none', and maintaining a residence is creating a less than location
Re: (Score:2)
Re: (Score:1)
You think that having US citizenship makes one somehow bound to the US?
Yes, it [irs.gov] does [sss.gov].
And with regard to out of state voting, it's entirely possible to be registered to vote in one state, and then spend the rest of one's life in another state.
Possible but not legal; one is required to vote in the state they're resident in. Residency is defined differently in each of the 50 States you're generally required to actually maintain a residence there (i.e., own or rent some piece of property) and may further be required to spend a plurality or even a majority of your time at that residence.
Re: (Score:2)
Re: (Score:2)
would satisfy Obfuscant's demand
If you cannot make your own arguments, at least stop making them up in my name. I made no demand. I stated my opinion.
The US simply has too old a tradition of people who have permanently left,
Yeah, there are a lot of old traditions that the sole reason they can't be changed is because they are old traditions. The Democrat voting machine in Chicago being one. Using paper ballots at a physical polling place would be another. Oh, wait, That 'old tradition' is one you think should change. Hmmm. Seems like 'old tradition' is only an argument against change when you don't want somet
Re: (Score:2)
But... but... but... your toilet might overflow! [cnsnews.com]
Re: (Score:1)
I was under impression we are talking about a technical problem here, however if you want to take it to the next level of /. conversation, Ok, let's do that. My answer: most people shouldn't be voting anyway, a vote of one informed intelligent person is cancelled by thousands of uninformed idiots, so what's the difference? AFAIC democracy killed the Republic, the only correct answer is stop playing the game and remove the government judiciously.
Re: (Score:2)
Ah yes, a meritocracy is definitely superior. And I can only assume you'll be wanting a place on the committee that decides the standards by which such merit is measured?
It doesn't matter how incompetent the populace is, if you deprive them of a voice in government then you are consigning them to be slaves to that government in short order. And to quote C.S. Lewis: "Aristotle said that some people were only fit to be slaves. I do not contradict him. But I reject slavery because I see no men fit to be mast
Re: (Score:2)
Well, if you're going to pull up taxes as a form of theft then we'd better go back a little further and point out a much, much bigger one: private property rights. The law of the jungle is you can only accumulate as much wealth as they can personally defend - anything that someone can take from you by force or trickery becomes theirs by right of possession. It's only in the presence of "civilized" private property rights that you can get the current situation where a tiny minority can accumulate many orde
Re: (Score:2)
Every place I've ever voted required a valid state ID matched against the voter roster in order to gain access to the polling booth. Proof of identity. The problem is when additional proof such as a voter ID card is required - as the process of acquiring said proof is typically compromised in short order.
PDF (Score:1)
Do any electronic voting systems actually work by sending around PDFs? If so I don't recall hearing about them.
Re: (Score:2)
From TFA:
Re: (Score:2)
Becasue wherever there's a clusterfuck, there's an opportunity for massive fraud in your favor?
I could save money on my server costs (Score:3, Interesting)
I do PDF processing using a server class rack mount machine. Damn, if I could have known that I could have used a cheap off-the-shelf router to do this, I could have had a raise..
Oh, is that all (Score:2)
Well then, the obvious answer is to not have embedded Linux firmware on the home router. There, problem solved.
We know voting from home is fraught with dangers, but this is another one of those situations where you would have to spend inordinate amounts of time tracking down each router, finding a way to get into it, change the firmware, then wait until you're sure the person is in the process of vot
Re: (Score:2)
You don't need to know the specifics of each and every router... just one or two which there are enough of that you can identify and exploit remotely.
Coming up with a single fake drivers license and voting gets you only a single vote... exploiting say... the standard ISP provided router may be a bit harder... it will get you far more votes and less visibility.
all your voting system are belong to us (Score:2)
your pals @ diebold
Paper? (Score:5, Insightful)
Seriously?
Whats wrong with paper?
Lots of systems for automatically dealing with it. Unique and irrefutable record. Easy to recount. Don't like one machine? Design a better one to scan and count. People really pissed off? Count those SOBs one at a time in front of a crowd on a big-screen TV.
Ballot boxes are easily placed out in the open; they're easily observed and tracked by as many people as would like to. The entire way through the process.
Lots of very large, modern democracies just use paper. Including your neighbours up north. X marks the spot.
Crazy.
Voter surpression (Score:3)
You'll never see voting day a national holiday because the powers that be don't want the lower caste voting. Progressives do though, and we're trying to come up with ways to combat voter suppression. From the progressive standpoint who cares if it gets hacked? The paper vote has already been hacked so to hell by voter suppression that things can
Re: (Score:2, Informative)
Re: (Score:2)
I'm not opposed to vote by paper. Indeed the bottom rung of society will still need it (they can't afford a computer + internet connection). But a two pronged assault on voter suppression is definitely a good thing. If the lower classes could vote more I don't think we'd have lower classes
Re: (Score:2)
The problem with making election day a national holiday is that we usually have more than one day of elections in a year. Maybe it's enough just to make the 2nd Tuesday in November a holiday but you've also got the primary elections and special elections that come up from time to time. I can remember having as many as 4 elections in a year. I think it would be better to have more than one day for an election and have it over a weekend, perhaps Saturday to Monday or Friday to Sunday. I like our system he
Re: (Score:2)
Nothing is perfect when humans are involved. But I challenge you to find a method that is less potentially subject to manipulation than paper (other than the town hall open voting in some New Hampshire towns).
Re: (Score:2)
The problem I have with your solution is the complexity. The average voter will never understand what is going on there which doesn't help their confidence in the outcome of the vote. A simple paper ballot is understandable by any one intelligent enough to vote.
Re: (Score:2)
Yes, the younger generation would understand it better but I doubt even a quarter of them would either. It's mainly computer geeks like us that understand that.
Re: (Score:2)
You forgot:
Non-Agent D coerces you into giving him your private key so that he can vote in your stead. And if it's illegal for you to do so then you have even more incentive to keep quiet about it.
Re: (Score:3)
..or just use a piece of paper.
Re: (Score:3)
Do you know how this works?
The box goes out in the open. Everyone can watch things go in.
The count is done with several people. Observers can watch. That's how it's done in Canada. Really.
The whole process, if fraud is a concern, can be watched end-to-end. There is no opportunity for "extra slips".
Paper works and is AFAIK the hardest to game and has the most oversight. I question those who are so quick to get rid of it.
Code execution privileges allow code execution! (Score:5, Insightful)
Re: (Score:3)
Um, SSL? (Score:4, Interesting)
Otherwise known as the "voting machine company was too stupid to implement SSL" attack?
Or, for email, the "what idiot thinks email is secure without local S/MIME or PGP signatures" attack. Seriously, on-wire tampering is the least if your worries if you're *emailing* ballots around.
This is not about router security (Score:2)
If this can happen at home router level, think what can be done at the ISP. This is not an issue of router security, because your traffic can be intercepted with other techniques, this points to a much larger problem that electronic voting results can be changed in transit and they travel over open internet. Who can change packets in transit, let's see:
* US government (NSA, FBI, or any other agency with full access)
* Government sponsored hackers (Russia, China, etc...)
* Your ISP (Comcast, Verizon, etc)
* Bac
Re:Pedantic (Score:4, Insightful)
Clearly, this would never happen outside of an academic setting. Who would bother?
Does it matter, who?
Re:Pedantic (Score:5, Insightful)
Clearly, this would never happen outside of an academic setting. Who would bother?
Does it matter, who?
The outcome of elections are worth billions to vested interest groups. $4 billion was donated to candidates and PACs in the months preceding the election on November 4th. Many, many, people would "bother".
TLbhtlhblthttt. (Score:2)
Run the numbers. How much would it cost to
1. convince a voting authority to accept UNENCRYPTED PDFS as a means of voting
2. covertly install functioning hacked firmware on the wireless routers of a significant percentage of the citizenry
Wouldn't the return-on-investment be far better just running a bunch of attack ads?
Re: (Score:2)
A bit of upfront coding, a few stolen credit card numbers and spinning up a few hundred instances in AWS to scan for exploitable routers seems rather cheap to me.
Re: (Score:3)
2. covertly install functioning hacked firmware on the wireless routers of a significant percentage of the citizenry
That's already been done in the real world. It looks like it was done on a budget that's trivial compared to the value of modifying votes.
Re: (Score:2)
Re item 1: What's the going rate for a Senator? I'm sure your local voting authority (I believe in CA it's the local county that decides voting methods) are a hell of a lot cheaper.
Re: (Score:2)
Clearly, this would never happen outside of an academic setting. Who would bother?
Does it matter, who?
The outcome of elections are worth billions to vested interest groups. $4 billion was donated to candidates and PACs in the months preceding the election on November 4th. Many, many, people would "bother".
The point of the question "Does it matter who?" is to point out that the outcomes of elections are worth billions to vested interest groups, and that $4 billion was donated to candidates and PACs in the months preceding the election.
So from here, it looks as if you think you disagree with someone with whom you actually agree.
Mod Parent Up !
Re: (Score:2)
Re: (Score:2)
Why, you want to cause Leonard Nimoy to off himself or what?
Don't worry, Sheldon still has Leonard Nimoy's DNA on a napkin Penny gave him. He can always clone more.
Re: (Score:2)
He just needs a healthy ovum.
Re: (Score:2)
Re: (Score:2)
Whoever it is - if there is anyone - they'll be relying on people having exactly that attitude to get away with it.
Re:Open Vulnerability (Score:4, Insightful)
No computer is suited for elections. They need constant verification, which they are not getting.
And I sure do hear a lot of people saying, *I didn't vote for that!*, more than usual, but I don't expect anything to come of it. Everybody is just too conditioned to write off such talk as crazy.
Re: (Score:2)
And I sure do hear a lot of people saying, *I didn't vote for that!*, more than usual, but I don't expect anything to come of it.
Polling data predicted the outcome in 50 out of 50 states during the 2012 presidential election. During the election this month, there was some gaps with the pre-election polls, but the exit polls were mostly dead-on. There may be some cheating here and there, but comparisons with the polling data suggests it is insignificant.
Everybody is just too conditioned to write off such talk as crazy.
People are just jaded on conspiracy theories unsupported by any evidence whatsoever.
Re: (Score:2)
"Calibration" Issues are not a conspiracy theory. When on screen choices switch to a candidate you don't want, while you're in the booth, there is a problem. I would say, BIG problem. Once an electronic ballot is cast, there is no way to verify it actually gets counted the way it was cast. And there is no backup.
Re: (Score:3, Insightful)
When you keep the divisions within the margin of error, it is very easy to push the results one way or the other without raising suspicion, and any possible evidence is very easy to hide, or destroy, as the case may be. But without that, it is not difficult to trace means and motive, and only one conclusion can be drawn. Why should I ever give the authorities the benefit of the doubt? Isn't 10,000 years of precedence enough?
Re: (Score:2)
Amen.
Paper and pencil and optical readers.
Scan the ballots three separate times at the district and compare the results. Report the results over the network...confirm via portable media, confirm again with rescan at central location before certification of the election.
Electronic ballots are slow and stupid.
Re: (Score:2)
So, let's see, what's better: a Linux kernel or some barely working "micro" TCP implementation on a microcontroller of some sort? I'll take linux any day, thank you.
Re: (Score:2)
We have a system today where we are told it's just too hard to come up with a photo id and show up to the polling station on election day.
Given the degree of laziness and helplessness that the electorate is told it has... is it no wonder that some think that voting from the comfort of your home and on your own PC might be a good thing?
Gimme a old school paper ballot and an oval to fill in after showing my id any day.
Re: (Score:2)
Only if the election commission failes to purge the dead from the voting roster. And if they fail on such a basic task I can only assume they've already been compromised by the people who want to steal the election.