back to article Election hacked, drunken robot elected to school board

Security experts have warned that electronic voting systems are decades away from being secure, and to prove it a team from the University of Michigan successfully got the foul-mouthed, drunken Futurama robot Bender elected to head of a school board. In 2010 the Washington DC election board announced it had set up an e-voting …

COMMENTS

This topic is closed for new posts.
  1. Lars Silver badge
    FAIL

    Yes

    They are far from secure yet, and the temptation to tamper with the results comes from both inside and outside.

  2. Someone Else Silver badge
    FAIL

    This is what passes for testing?

    [...]another tester told them the system was secure, but that they should lose the music on the sign-off screen, as it was rather annoying.

    So this is what passes for a test? Seems to me that a "test" would require some number of annoying little details collectively referred to as "requirements", and any tester that can reasonably be called that would have immediately noticed that there was no requirement for the U of M fight song.

    If this is how these systems are "tested" then there is no hope of ever securing them. (Of course, that would presume that the testers were actually competent, and not some other political hack's cousin or something....)

    I want paper and a pencil!

    1. The Man Who Fell To Earth Silver badge
      Boffin

      Re: This is what passes for testing?

      Note the "testers" were mostly (if not all) Universities. I've yet to encounter any fresh University graduates (even PhD's) who didn't need on the job training on all aspects of professionalism, including how to write and analyze specifications, as well as how to scope out a project, etc.

    2. Ru

      Re: This is what passes for testing?

      Well, if the hacker who got into the system before you takes steps to secure it to prevent others hijacking their hard work, then it could easily be more secure against further attacks. Indeed, a quick read of the article suggests that other attacks were detected and block by Halderman.

      This is why pen-testing alone is insufficient.

    3. Field Marshal Von Krakenfart
      Unhappy

      Re: This is what passes for testing?

      Yes, because a lot of the time what passes for testing is not testing, it is merely verification that something is working. Typically testing is entering 'correct' values into whatever is being tested and when it works it is considered tested.

      Some people have no idea what testing on boundary conditions means.

  3. drengur
    Meh

    Forgive me if I'm wrong...

    but wouldn't running each voting location on an isolated network, handing in the results via encrypted USB key solve most of these issues?

    Apart from the obvious, like changing the admin password :-S

    lords, reminds me of an episode of Archer!

    1. Yet Another Anonymous coward Silver badge

      Re: Forgive me if I'm wrong...

      But difficult for people to vote online - which is the whole point, getting people to vote without them having to get out of the chair and making the whole thing cheaper

      1. Bill Dietrich

        Re: goal of a voting system

        The goal of a voting system should be to accurately record and report votes, not necessarily to "make voting easy". In fact, we'd be better off if we did something small to disocurage idiots from voting. Such as having to pass a simple test (what are the three branches of the federal govt; who is the president; what is the basic legal document of the USA). Yes, I know tests were used in the past to discriminate racially; I think we should use them to screen out idiocy.

        I'd be interested in any feedback about my web page http://www.billdietrich.me/Reason/ReasonVotingMachines.html Thanks.

    2. GreenOgre
      Black Helicopters

      Re: Forgive me if I'm wrong...

      Perhaps, but it does't protect you from the group with the most to gain from tampering ... those on the INSIDE

  4. Naughtyhorse

    But if an election is hacked then we may never know...

    Though that utter retard-inbred-redneck-fuckwit son-of-a-bastard bush jr. getting a second term might have given someone a hint!

  5. Anonymous Coward
    Anonymous Coward

    Bender would probably do a better job too.

  6. Simon Jones [MSDL]
    FAIL

    Secure?

    If it doesn't involve a piece of paper and a pencil then I don't believe it is secure,

    1. Andy ORourke
      Happy

      Re: Secure?

      I've always wondered about the pencil bit, I know it's a stretch but couldnt it be tampered with by the application of an eraser?

      OK, you'd have to be pretty desperate but I'd have thought a pen would be a more permanent mark?

      1. David Dawson
        Thumb Up

        Re: Secure?

        Indeed, but in the UK at least, the (locked) boxes are taken from the polling booths straight to be counted. So, you'd have to break into them either in the polling booth, in the transporting vehicle or in the counting station. Any of which would be pretty obvious, since people (volunteers) are always around them.

        I like our system, generally good physical security. Problems generally appear with the postal ballots.

        1. Yag

          Re: Secure?

          In France, we do not even move the boxes : the ballots are counted in situ by volunteers (usually a subset of the voters of this polling office) with several parties delegates frantically texting the count as it progress...

          Quite interesting to take part in actually :)

          1. Tom 13

            Re: Secure?

            That assumes you have all parties properly represented at the polling booth - a situation that all too frequently doesn't occur in the states. I work as a partisan observer at my local polling location during elections. I'm authorized to challenge voters whom I think are ringers, but that's it. They were actually quite surprised when I showed up. Seems my party hasn't had a rep there in forever (being as I represent the minority party and we'll never win an election in my precinct). Oddly enough, since they are assured of victory I've never seen my partisan counterpart either.

            Having observed from the inside, the one thing of which I am certain is that the only thing keeping the election honest is that the people doing the work at the station are also trustworthy. I can't be there the whole time, so there's plenty of opportunity both before and after, that if one of those folks was properly equipped and intent on doing so, the election results could be altered.

        2. Jimbo 6
          Black Helicopters

          Re: Secure?

          A friend has parents who are both Salvation Army officers (pretty upstanding & reliable members of society, I think we'd all agree), and they have frequently (and for many years) been involved in the physical process as monitors at the polling stations. However they have *never* been invited to join in the teams that actually count the papers, and say that they have *no idea* who those people are...

          If anyone knows how the counters are recruited, I'd be interested to hear.

          (Personally I think all 'representative democracy' is like giving sheep the choice of which wolf they want to be eaten by... it doesn't really matter which one wins)

          1. Bluewhelk

            Re: Secure?

            A few years ago they had bank clerks doing this as they are good at counting lots of bits of paper.

          2. zb

            Re: Secure?

            It is a while since I have been involved but in the UK the tellers are bank employees who are junior enough to want to earn a few extra quid. They are supervised by the returning officer (often the Mayor) and his staff of couciol employees.

            Your friends sound like tellers who are unofficial volunteers from the political parties who sit outside the polling station and invite to voters to identify themselves. The candidates' representatives use this information so that they can identify their probable supporters who appear not to have voted yet.

            Each candidate is entitled to be present at the count and is allowed nominees to watch each table. It is open to the press but the public are not allowed in.

            There is a more detailed description here http://www.helium.com/items/1798154-counting-the-votes-in-a-uk-election It took me at least ten seconds to find that so I guess your were not that interested to hear how it works.

        3. Anonymous Coward
          Anonymous Coward

          Re: Secure?

          WARNING: Anecdotal 'evidence'

          I have a relative who was one of those polling station volunteers and apparently they have the means to re-seal the ballot box. At some point in the day they realised they'd neglected to stamp some of the ballot papers, rendering those votes invalid. They opened the ballot box, stamped the papers, and resealed the box with nobody else being any the wiser.

      2. jonathanb Silver badge

        Re: Secure?

        It is actually more difficult to completely remove all traces of a pencil mark than it is to remove all traces of ink. That's why pencils are used.

    2. Tom 13

      Re: Secure?

      As with security in all systems, paper and pencil alone is not the answer. Paper and pencil alone are easily duplicated and easier for BOFPH to manipulate. Despite the hanging chads from a certain incompetent Democrat district in Florida, The old IBM punch systems are probably the most secure given proper maintenance of the systems, and a known secure system of first transporting tested and certified machines from the certification location to the voting place, and then transporting them from the voting place to the vote counting certification location. It also requires a known secure means of counting the ballots after they arrive at that location. Compromise any of those links and you're frelled. For purposes of this exercise, I have assume horses are frictionless perfect spheres, I mean the voting process itself was not compromised via multiple voting techniques.

      In short, only significant involvement of trustworthy people in the entire voting process assures proper elections. Which is frequently a hurdle too high for even the simplest systems.

  7. ElReg!comments!Pierre
    Unhappy

    E-voting, bear defecation policies, Pope religious preferences

    I find it worrying that this kind of things are still newsworthy. There is ample evidence of e-voting systems being ripe for abuse, together with real-life examples of exploitation, dating as far back as JW Bush first election, that it smells like conspiracy. I hate to come across as the tinfoil-hat person, but these things just cannot have been missed by the people in charge. It must be at the very least considered gross negligence. Heads should have rolled a long time ago. It really looks like officials in charge of elections have been covering their ears and singing "lalalala I can't hear you" for the past decade. If _any_ other kind of tech vendor had attempted that kind of embezzelment, they would have been sued into oblivion faster than you can say "not fit for purpose". It seems that democracy really is the least concern for the people whose job is precisely to safeguard it. Which is where the reader should refer to the title of this post...

    1. Turtle

      Re: E-voting, bear defecation policies, Pope religious preferences

      Good example! The "hanging chads" on the paper ballots in the 2000 Presidential elections dispute was *really* good "evidence of e-voting systems being ripe for abuse".

      (How are those reading comprehension lessons going, by the way? You need to put a bit more effort into them, apparently.)

      Incidentally, while you were wherever it was that you've been for the last few years, there have been any number of examples of high-profile and government organizations being "hacked". Had you been able to pay just a little more attention, you might have noticed this, and then drawn the inescapable inference that there seems to be no sector of government (or industry) that has the first clue about computer security, and that, consequently, your idea that e-voting systems are insecure, not because of incompetence, but because of some kind of devious plot, is pretty damn stupid. Which is what we would have to expect from you, right? After all, plus ca change, know what I mean?

      And yet you are nevertheless correct: electronic voting systems *are* a really bad idea. (But then again, even a broken clock tells the correct time twice a day.)

      1. This post has been deleted by its author

      2. Mark 65

        Re: Re: E-voting, bear defecation policies, Pope religious preferences

        So you just want to gloss over the e-voting systems that had a negative seed total against certain candidates and whose audit logs were thrown in a skip? Believe they were the shitty Diebolds that had totals stored as a count on a removable card so you could just "reset" the device and stick a count of -10000 against a candidate. You must have missed that investigation that was televised around the World.

    2. Anonymous Coward
      Anonymous Coward

      Re: E-voting, bear defecation policies, Pope religious preferences

      Are bears Catholic? Does the pope...?

  8. Bjorg

    Decades away?

    What sort of keyboard do they have that takes decades to type anything besides "admin"? Write as many files as you want to the image directory, you're just going to annoy the server admin and they'll patch that up real quick. You might think "well if there are things as simple as shell injection and a default username/password, you have to wonder what else there is" and that's a valid point, but this particular team didn't prove anything except that they know the first rule of hacking: always try the default username/password. Presumably before any system goes live they have at least one person with at least some experience test it? They would easily find this vulnerability and change the password, but maybe I give the government too much credit.

    1. Anonymous Coward
      Anonymous Coward

      Re: Decades away?

      The whole point is that security cannot ever be a huge pile of retrospective patches to a broken design, that's always a fatal error.

      Security has to be well considered and designed in with a spec for both functionality and how that relates to security from the beginning of that project. You then test that the device meets that spec, and only that spec (i.e. unauthorized features are a security violation), and then you might have a secure device.

      The fact is that the supplier of this technology thought this was a "production ready" device three weeks before an election, and external testing picked up all of these problems. Assuming internal testing missed all of these issues, and if they had missed all of these glaringly obvious problems then you have to then ask "what else did they miss"?

      Good security requires the right mindset - these kind of bugs implies this supplier doesn't have it. And Ruby - really? You want a secure system which has to cope with "please tick the box" type answers, and you stick a huge unaudited third-party codebase in the middle of your system. Security needs KISASS (keep it simple AND small stupid) - minimal attack surface, and therefore minimal verification required.

      1. Tom 13

        @Pete H, Re: Decades away?

        Well, the first and most obvious thing missed is the one skipped over by the author of the article: of all the voting areas in the entire USA, the most corrupt and most incompetent is the District of Columbia. It almost doesn't matter who is running, the fix is in long before the first ballot is cast. They just threw out the moderately competent Adrian Fenty for a machine politician who paid cash to another candidate so the other candidate could keep attacking Fenty without the machine guy getting obvious shit on his suit. Said other candidate is now in the pokey, but no charges filed against the sitting mayor.

  9. Onid
    FAIL

    Sheer stupidity not absent technology

    The technology and the means do exist. Who on earth invites hackers to hack system but leaves admin/admin as user/pass? is this for real ? that' s not a test it's a joke. If that's the best they can manage then best they scrap all e-voting machines asap...

    1. Yet Another Anonymous coward Silver badge

      Re: Sheer stupidity not absent technology

      The admin/admin was on a terminal server on the network.

      Are you sure about all the default passwds on everthing on your network?

      Really sure? Including the printers, VOIP phones, the conference system, the security cameras, the fax machine.

      Are you sure there are no manufacturer's update/service passwds you don't know about on an of them?

      1. Dotter

        Re: Re: Sheer stupidity not absent technology

        Servers might be a good start on changing the default password - you'd hope most people had at least realised that.

        1. This post has been deleted by its author

      2. SYNTAX__ERROR
        Boffin

        Re: Sheer stupidity not absent technology

        Yeah, there's this thing called a domain as well in the Windows world, there is similar functionality available for *nix systems, which involves using some kind of directory service as a central location for user accounts and passwords.

        This normally means you don't have to update passwords on every box. That kind of thing would get very tiring on a network with thousands of users and machines.

      3. Onid
        Facepalm

        Re: Sheer stupidity not absent technology

        You are justifying this?

        If you find this understandable then would love to see your network.

        As for the questions you ask - yes I'm damn sure. Everything is scanned/probed routinely and anything found like some odd back door is either disabled or if not possible the kit is thrown out and replaced. And even if a printer or a fax machine get's somehow pwned then all that can happen is maybe some paper waste at most...

        I do this for my own micro enterprise cause it's my background but I'd expect an even higher level of checks for something like elections...

        1. Anonymous Coward
          Anonymous Coward

          Re: Sheer stupidity not absent technology

          And if the printer has scanner functionality that can launch applications on demand on a target machine are you sure those apps run under a suitably secure set of credentials? If it does have hosted functionality are you sure it can't be subverted to run the 'wrong' app?

          Did that printer keep a copy of your printed bank statement in a hard disk or flash memory buffer that could be downloaded? Especially if it's been 'thrown out'?

          Are you sure that the manufacturer didn't build in their own credentials and hide them? Scanning for 'back doors' as you claim isn't enough to detect that, especially if the login is 'just another' user account.

  10. Mikel
    FAIL

    We should allow computers to count votes someday

    We should allow computers to count votes one day: they day they're certified as full citizens and given the franchise to vote.

  11. Anonymous Coward
    Anonymous Coward

    Easy fix.

    Use technology that is easy enough for those that run the ballots to completely understand the system and to fully understand the implications. We know what properties an election should have. Somehow, no electronic system on the market today can fulfill them all. So the obvious solution is to stick with paper systems and have humans tally the results.

    Sometimes, it is simply more important to have a system you can trust, that will work properly and can easily be audited, than to have the very latest in technology. Even cost is no argument: A system that looks costly to run but will reliably do so uneventfully, might suddenly look a lot cheaper than the fancy replacements full of projected savings bullshit that then cause endless squabbles, disputes, and dissatisfaction.

    1. Tom 35

      Re: Easy fix.

      Here we have a hybrid system. You vote on paper, but they scan the votes (with the ballets then dropping into a sealed box). So you get the fast results of an e-voting system, but if the vote is close, or there is a dispute they open up the boxes and count them by hand.

      Still have to watch for the old games like stuffing the ballet box, gaming the voters list and such but it beats e-voting hands down when it comes to trust.

      1. h4rm0ny

        Re: Easy fix.

        The trick then being to create results that are plausible but in your favour, so you don't trigger manual inspection.

        But really what is the mad hurry to get the results out? Surely democracy is worth taking a couple of days over?

        1. Tom 13

          Re: Easy fix.

          For the last line I'd love to give you 10 up votes.

          First line, not so much. Some of the most obvious fixes have never been challenged because the areas from which they have been run were too corrupt to prove otherwise. The most famous of which would be Nixon vs. Kennedy in which Cook county at the very last minute delivered just enough "previous unfound" ballots to hand the state to JFK. Of course, since that outcome is approved of by the LSM as opposed to the Bush vs Gore recount, you never hear about it.

          1. Anonymous Coward
            Anonymous Coward

            Re: "First line, not so much."

            You want a system that protects against wilful malice from those entrusted with overseeing the process?

            I think that's a bit much to ask. I'd rather we trust the people entrusted with the process and have them show their trustworthyness (pulling "previously unfound" votes out of a hat doesn't count as "trustworthy"), rather than have a system that's effectively opaque to the same people running the show, making them vulnerable to meddling and tampering by third, fourth, fifth, and so on parties. It won't eradicate the incentive and the will, it will hopefully reduce the problem to something that's overseeable by humans so that they can reasonably be held accountable.

          2. OsamaBinLogin

            Re: Easy fix.

            One thing that would help a lot would be to get rid of the ossified Electoral College in the US. This is used only to elect the US president. All other elections use straight popular vote. Nobody would be stupid enough to do such a thing for a governor or senator.

            The most dangerous aspect of the EC is the winner-take-all properties of most state's election points. Therefore there's 45 opportunities to have a large block of points thrown by a small box of previously "lost ballots" in one or another state with close results. See also Ohio, Florida.

            If it was a straight popular vote, an extra thousand votes cooked up here or there probably could not make a dent in 50M or 100M votes.

    2. streaky
      Black Helicopters

      Re: Easy fix.

      Yeah because nobody ever tampered with a paper election.

      1. Ru

        "nobody ever tampered with a paper election."

        Two words for you: "audit trail".

        Many electronic voting systems fail miserably in this regard, whereas boring old pen-and-paper elections do in fact leave a paper trail that can be inspected after the fact. Not perfect, sure. But significantly better.

        1. Field Marshal Von Krakenfart

          Re: "nobody ever tampered with a paper election."

          Hi Ru, So what do you think of the result of Syria's referendum on a new constitution? Who would have predicted that 89% of Syrian's would approve on the new constitution that would allow Assad to remain in office until 2028.

          Does anyone want to make a prediction on how ex-KGB man Vladimir Putin will do in the Russian presidential election?

        2. streaky
          Boffin

          Re: "nobody ever tampered with a paper election."

          "do in fact leave a paper trail that can be inspected after the fact"

          Which can *also* be tampered with.

          I put it to you with proper attestation a digital audit trail can be *far* more secure and reliable than any paper one ever could be.

          The issue with digital voting systems is that the companies involved are incompetent not that it is inherently worse.

        3. OsamaBinLogin

          Re: "nobody ever tampered with a paper election."

          An audit trail - I don't see why this can't be done with a (partial) computerized voting system. Yes I do know why - the people who set up the election systems fully intend to tamper with the results. Any voting system without some sort of double-checking, you might as well get out the yellow tape, because it's a crime scene. 2+2.

          Money is handled through totally computerized systems, from the cashier to the bank to the CEOs paycheck, with audit trails and security that's solid enough to keep corporate losses to a minimum. Yes there are breakins, yes cashiers regularly have discrepancies in their dimes and shillings. But with someone's bottom line in jeopardy, there's plenty of effort put in to making it as secure as possible and keeping the mayhem to small amounts.

          Now, the managers at retail locations understand the cash registers and understand all the ways they can be hacked and customers, or cashiers, can cheat. We don't have that at electronic voting sites. obviously. If we have to simplify the system down to make people understand it, so be it, that's why so many are still voting with paper. The security is more obvious with paper. I think a significant part is getting voting machines managed by people who can competently keep people from hacking in by wire or by air or by finger.

      2. Tom 13

        @streaky, Re: Easy fix.

        Perfection is not required. What is required is the system which is most easy for honest auditors to check. To date, his proposal has the best fit to the requirements.

        And yes, I'm stuck using one of those new-fangled electronic devices when I vote.

    3. Tom 13

      @AC 04:05, Re: Easy fix.

      Hmmm...

      Nope, that system didn't work so well in the Iowa caucuses, where you nominally have similarly oriented partisans working to select their nominee (that is, reduced inducement to corruption of the process). On the night of the election all the LSM outlets announced Romney was the winner. A week later it turned out to be Santorum because some of the trusted counters couldn't be arsed to turn in their paperwork.

  12. Old Handle
    Go

    Nice Going!

    “They found that the cameras installed to watch the voting systems weren't protected, and used them to work out when staff left for the day and so wouldn't spot server activity.”

    Straight out of a Hollywood movie. Actually it sounds like that was a totally unnecessary flourish, but who could resist?

    1. perlcat

      Re: Nice Going!

      Exactly. From the looks of it, I don't think they'd spot unusual server activity if it jumped up and bit them on the ass.

  13. Rune Moberg
    FAIL

    Proof?

    I would gladly vote for Bender in any election anywhere. He would be a great improvement over any currently elected leader out there.

    How do we know that he did not win fair and square?

  14. Christian Berger

    Missing the point

    It doesn't matter how secure such a system is, but how easily you can check it. The usual pen and paper based system can easily be checked. You can detect tampering trivially without any special knowledge.

    It can be understood by everybody and checked by everybody.

    Plus its cheap and gets results quickly.

    So why even think about electronic elections?

    1. Rune Moberg
      Thumb Up

      Re: Missing the point

      First of all, I trust electronics more than I trust people. I don't know what happens to my paper vote after it gets placed in the magic box. I do know that some of these magic boxes are sometimes found after the election is over, containing a bunch of uncounted votes.

      Secondly, by cutting costs (both on the counting side, as well as for me, the voter), maybe we can hold _more_ elections, letting me vote on issues rather than on some pretty face with a slick tongue.

      Today I do not have to visit my local bank and fill up my wallet with cold cash. I use a credit card instead, and more importantly: I can pay bills using their Internet solution.

      In my country of residence, I use the same electronic ID to access my bank as well as various state services (e.g. accessing the DMV records, paying my taxes or book an appointment with my doctor).

      If there is a hole in that system, then my bank account would be empty now. Well, truth be told, it is nearly empty, but for different reasons not pertaining to security issues.

      1. John G Imrie

        First of all, I trust electronics more than I trust people

        Then my I just say. Who designed / built / runs the electronics.

        'It's Not the People Who Vote that Count; It's the People Who Count the Votes' - Josef Stalin

        1. Field Marshal Von Krakenfart

          Re: First of all, I trust electronics more than I trust people

          'It's Not the People Who Vote that Count; It's the People Who Count the Votes' - Josef Stalin

          Ooooohhhhh!!!! Look! Vladimir Putin just won the election in Russia, what a surprise!

      2. Alfred
        Facepalm

        Re: Missing the point

        "First of all, I trust electronics more than I trust people."

        If there was some way of designing, making and using electronics without using people, this would make sense. As it is, there isn't, so your choice is untrustworthy people with electronics, or untrustworthy people with bits of paper.

      3. h4rm0ny

        Re: trust electronics more than people

        Electronics don't remove the human element. All they do is mean that to subvert the election you don't have to have dozens or hundreds of corrupt people, you just need one.

        1. SYNTAX__ERROR
          Boffin

          Re: trust electronics more than people

          Umm, there might be some value to the point that it is much easier to have other people verify the integrity of a software solution than it is to check the manual process in a large number of local constituencies.

  15. Anonymous Coward
    FAIL

    Get help from the banks.

    They are good at this kind of stuff. ATMs, Chip'n'Pin, etc.

    Oh... wait...

    1. Ru

      Re: Get help from the banks.

      Diebold make ATMs and voting systems. Turns out the two are only superficially similar.

  16. WonkoTheSane
    Terminator

    Obligatory...

    I for one, welcome our new alcohol-fueled robotic overlord!

  17. Winkypop Silver badge
    Devil

    Animated cartoon character versus a politician?

    Hmmmm, how to chose?

    Both are 2 dimensional.

    1. Alexandicity
      Thumb Up

      Re: Animated cartoon character versus a politician?

      It's true, number of dimensions is my most important issue about a candidate!

  18. Alexandicity

    Bender 4 Prez

    They could have made their study a little more interesting. I assume that since the code was released for public testing, that the code was unlikely to see further detailed inspection. I might have added a discrete bit of work that would sit there until election day, add Bender to the actual list of candidates, and allocate plenty of votes to him. Would make for interesting watching when they wanted to release the final tallies :)

    1. Rob - Denmark

      Re: Bender 4 Prez

      I think you missed this part of the article:

      >>"It was too good an opportunity to pass up," explained Professor Alex Halderman from the University of Michigan. "How often do you get the chance to hack a government network without the possibility of going to jail?"<<

      But if you call the risk of going to jail 'a little more interesting', you are right.

  19. Anonymous Coward
    Anonymous Coward

    extremely enlightening

    "Financial attacks by hackers are relatively easy to detect – because at some point money has to leave the system. But if an election is hacked then we may never know, because it's a one-time action that typically isn't checked after the results have been announced and officials elected."

    And herein, stated more succicntly than ever before, is the entire problem in a nutshell.

    What's REALLY important in the world?

  20. drunk.smile

    I always assumed that...

    these e-voting systems would print out a copy of the person's vote for them to check and place in a ballot box so physical recounting is possible.

    They don't do that?

    It still wouldn't help with removing/changing candidate names from the ballot paper as in the article example though so, as above, old school pen & paper for me.

    1. Anonymous Coward
      Anonymous Coward

      Re: I always assumed that...

      Sorry, but it needs to be anonymous; I wouldn't want my vote to be traced back to me in the UK, never mind somewhere like Iran!

      1. El Richard Thomas

        Re: I always assumed that...

        Your UK vote isn't anonymous. The ballot paper has a serial number which matches the counterfoil in the book the paper is ripped out of. Your electoral roll number is written on the counterfoil.

    2. El Richard Thomas
      FAIL

      Re: I always assumed that...

      Doesn't help. You can't be sure that what is printed on your receipt matches the vote recorded in the system.

      1. Loyal Commenter Silver badge

        Re: I always assumed that...

        Easy enough to fix. Below the touch screen / set of buttons for voting, is a transparent plastic window. Behind this is a receipt printer, like those used in checkout tills. When you make your selection, this prints your choice, displaying it so that you can verify it. This then feeds the roll of paper into a sealed box, so the next voter cannot see your choice. The sealed box then contains an audit trail of every vote passed.

        You are also right about anonymity int he UK. The voting card has a voter number on it, which is written on the counterfoil of the ballot paper. Anyone who has access to the list of voter numbers and names, and also the counterfoils, and the ballot papers can trace a vote back to its origin. This does require physical access to both the ballot paper, and the counterfoil, which I would imagine would be securely held, and presumably eventually securely disposed of.

        1. Anonymous Coward
          Anonymous Coward

          Re: I always assumed that...

          "Easy enough to fix. Below the touch screen / set of buttons for voting, is a transparent plastic window. Behind this is a receipt printer, like those used in checkout tills. When you make your selection, this prints your choice, displaying it so that you can verify it. This then feeds the roll of paper into a sealed box, so the next voter cannot see your choice. The sealed box then contains an audit trail of every vote passed."

          But this isn't possible for an online system.

  21. Jeebus

    Only one question remains.

    Three hundred one dollar hookerbots or one three hundred dollar hookerbots?

  22. Anonymous Coward 15
    Terminator

    Electronic voting?

    Bite my shiny metal ass.

  23. Ben Rosenthal

    (V) (;,,;) (V)

    Why not Zoidberg?

  24. Anonymous Coward 15

    "I consider it completely unimportant who in the party will vote, or how;

    but what is extraordinarily important is this—who will count the votes, and how." - Joseph Stalin

  25. Mint Sauce
    Terminator

    Kill all humans...

    Go Bender! Go Bender! Go Bender!

  26. Goldmember
    Facepalm

    'Drunken Robot'

    Bender isn't drunk when he drinks. Future robots need alcohol for fuel. They get 'drunk' when they DON'T drink.

    And the cigars make them look cool.

  27. Anonymous3

    Re: Re: I always assumed that...

    To: Anonymous Coward

    who wrote:

    > Sorry, but it needs to be anonymous; I wouldn't want my vote to be traced back to me in the

    > UK, never mind somewhere like Iran!

    Sorry to burst your bubble.

    It has been widely known for decades that The Establishment uses the _unique_ pinhole punched pattern at the top of every ballot paper to identify those who vote anti-establishment e.g. anarchist, communist etc.

    Its been going on since long, long _before_ there was 'special branch' and long before the creation of 'anti terrorist' smokescreen.

    If you don't Know your history ....etc.

  28. Gordon Fecyk
    Boffin

    Did anyone else notice the "inherent flaw" conclusions?

    Technical details of the hack aside, the paper explained, "Why internet voting is hard," especially, "Tensions between ballot secrecy and integrity." Implementing both secrecy and integrity seems very difficult in any electronic system, but we've mastered both in a paper ballot.

    I mean a real paper ballot, that uses "X" for an anonymous signature.

    And I couldn't help but notice this little jab: "[...]despite the use of the term “commercial [off-the-shelf software],” includes most everyday open-source software."

    In exchange I offer this little jab: "You can't blame Microsoft for this one."

  29. disgruntled yank

    Hate to tell you, but

    In 2006, Adrian Fenty ran for mayor of Washington, DC, and was elected, on a platform that included a takeover of the city schools from the school board. By late 2007, the school board had effectively no function at all. It was a pretty humble start for ROTM.

    1. Tom 13

      Re: Hate to tell you, but

      Yep, and after he put in a competent Super, test scores started going up and even more surprisingly, getting students back from private schools, even some of the affluent white ones. First thing the new mayor did was fire the competent person. Fortunately for citizens in DC, the changes wrought meant he had to at least keep someone who would keep the process going forward instead of completely reversing like he was supposed to do to line the pockets of his union masters.

  30. David Eddleman
    FAIL

    No.

    They need to do the same thing they do on Nevada state voting machines -- random inspections, any discrepancies found and the machine is shut down and investigated, background checks on all devs, board of inquiry for the public to use, and more. Nevada voting machines are more secure because of this, and because there's serious penalties for fuffing about with them.

  31. John A Blackley

    Not new

    Elections have been 'hacked' since God's dog was a puppy.

    Only now they're doing it with computers.

    1. h4rm0ny

      Re: Not new

      "Only now they're doing it with computers."

      More quickly, more efficiently, less traceably.

  32. Bill Dietrich

    need multi-vendor, receipt-based system

    It's reasonably easy to make a secure, verifiable e-voting system: print receipts, allow verification by the voter later, establish some standards and support multiple vendors. See my web page http://www.billdietrich.me/Reason/ReasonVotingMachines.html Thanks.

  33. Anonymous Coward
    Anonymous Coward

    They always accuse the innocent...

    We're not 100% sure the robot is a drunk...

  34. Anonymous Coward
    Anonymous Coward

    Magic Pencils

    If I could create magic pencils that would cause a mark made anywhere on a piece of paper to appear in a specific part of the paper, then I could rig a paper ballot.

    In software, the magic pencil is a few lines of code.

This topic is closed for new posts.

Other stories you might like