back to article Researchers propose simple fix to thwart e-voting attack

Researchers have devised a simple procedure that can be added to many electronic voting machine routines to reduce the success of insider attacks that attempt to alter results. The approach, laid out in a short research paper (PDF), augments the effectiveness of end-to-end verifiable election systems, such as the Scantegrity …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Stick with Paper Ballots

It seems that the only people who stand to gain from Electronic voting are those that wish to subvert them.

How can you trust a system with no verifiable Audit trail?

Be wary of any politician who is trying to push for such a system.

1
0
Devil

It's not that simple

It should be easy to make electronic voting systems which give better, more verifiable audit than UK-type paper systems: indeed, that's kind of what this article is about. Some of the voting systems used to elect Bush in '04 gave no audit at all, and stored their data in an Access database.. IMHO, whoever signed off on those systems ought to have been fired (but as that would have probably included the President's brother, it's not entirely surprising that didn't happen).

But..

One of the main drives in turning voting to electronic over paper-based systems is counting efficiency; the other is trying to make voting "easier" as turnouts fall. What doesn't seem to have been realized is that the easier voting gets, the fewer people vote: look at Afghanistan - serious risk of being bombed/gunned down in the long polling station queues, and they get a turnout in excess of 90%.

That's what we should do: have random attack squads with machine guns & IEDs hitting random polling stations - put a real sense of fear into people so they'll get a real adrenaline rush from voting. Have assault courses or minefields that need to be traversed to get to the polling booth.. make people work to cast a vote.

What could go wrong?

2
0
Anonymous Coward

Researchers have devised a simple procedure...

I did hear of a system where blank receipts were to be handed out only after a scrutinised check that the voter was eligible to vote and had not already cast another vote. This would ensure one vote per voter and, the check being carried out prior to voting, it doesn't enable any information to be gleaned about the voter's choice.

The actual vote would be cast by the voter putting a mark on the receipt and then folding it so as to cover the mark. Being shielded from the gaze of any onlooker, this would ensure that no one else could know what that vote was.

After voting, all the receipts were to be gathered up in boxes under public scrutiny so that no one could tamper with them. Then, in order to check the voting process, all that would be required is to count up the number of votes each candidate has been accorded on the receipts.

1
1
Anonymous Coward

"the check being carried out prior to voting" isn't the problem

It's the check being written out prior to voting.

With no limits on campaign spending, campaign funding is far more important to the politicians than mere votes or voters.

0
0

But think of the Floridians...

What will they now have to argue over?

0
0
Boffin

What about Denial of Service attacks?

If the tampering of a single vote could cause all subsequent votes from that machine to be discarded, there is the possibility of effectively wiping out a large number of votes - possibly affecting the overall result.

In some ways it's no worse than paper ballots with seals - damage/remove the seal and the contents must be discarded - but the paper does not discuss any pitfalls of the chained-hash method. That's quite a big omission I feel.

Of course, if it's currently possible to tamper with the results and it's not possible to detect it, then that's a serious problem in itself. Better to know it's been tampered with, than to stick your head in the sand and say "I know some were tampered with, but best keep them all anyway".

0
0
This topic is closed for new posts.

Forums