Network News

X My Profile
View More Activity

Hacker infiltration ends D.C. online voting trial

Last week, the D.C. Board of Elections and Ethics opened a new Internet-based voting system for a weeklong test period, inviting computer experts from all corners to prod its vulnerabilities in the spirit of "give it your best shot." Well, the hackers gave it their best shot -- and midday Friday, the trial period was suspended, with the board citing "usability issues brought to our attention."

Here's one of those issues: After casting a vote, according to test observers, the Web site played "Hail to The Victors" -- the University of Michigan fight song.

"The integrity of the system had been violated," said Paul Stenbjorn, the board's chief technology officer.

Stenbjorn said a Michigan professor whom the board has been working with on the project had "unleashed his students" during the test period, and one succeeded in infiltrating the system.

The fight song is a symptom of deeper vulnerabilities, says Jeremy Epstein, a computer scientist working with the Common Cause good-government nonprofit on online voting issues. "In order to do that, they had to be able to change anything they wanted on the Web site," Epstein said.

Because of the hack, Stenbjorn said Monday, a portion of the Internet voting pilot -- which was expected to be rolled out this month -- is being temporarily scrapped.

The program, called "digital vote by mail," is intended to allow military or overseas voters to cast secure absentee ballots without having to worry whether the mail would get them back to elections officials before final counting. Those voters, about 900 of them, still will be able to receive blank ballots via the Internet for the Nov. 2 general election, but they will not be allowed to submit their completed ballots via the DVM system, Stenbjorn says. Instead, they'll have to put them in the mail or send them unsecured via e-mail or fax.

The security hole that allowed the playing of the fight song has been identified, Stenbjorn said, but it raised deeper concerns about the system's vulnerabilities. "We've closed the hole they opened, but we want to put it though more robust testing," he said. "I don't want there to be any doubt. ... This is an abundance-of-caution sort of thing."

Last week, Common Cause and a group of computer scientists and election-law experts warned city officials that the Internet voting trial posed an unacceptable security risk that "imperils the overall accuracy of every election on the ballot." But board officials said the system provides security and privacy upgrades over a method of Internet voting that's already legal: filling out a paper ballot, then scanning it and attaching it to an e-mail.

Stenbjorn says he hopes that the Web-voting system's security vulnerabilities will be addressed in time for a D.C. Council special election expected next spring. The board has spent about $300,000 in federal grant money on the project.

A D.C. Council hearing on elections issues, which will include the Internet voting test, is set for Friday.

UPDATE, 5:30 P.M. Verified Voting, another nonprofit concerned with election integrity, has released a statement that "applauds" BOEE's decision to cancel the digital vote return. The release details the hack: "The test pilot was apparently attacked successfully shortly after it began by a team of academic experts led by Prof. J. Alex Halderman at the University of Michigan. The attack caused the University of Michigan fight song to be played for test voters when they completed the balloting process." The group promises "[f]ull details of the hack and its impact on submitted test ballots ... in the coming days."

The group also identifies a separate issue, which it calls a "very serious vote loss problem that caused voters to inadvertently return blank ballots while believing that they had submitted complete ballots." This affected users of "at least two widely used computer/browser configurations." Stenbjorn said Monday that the problem had been identified as affecting certain browsers using the Macintosh operating system, which do not support inline PDF forms. Mac users, he said, can download the file and open it in a standalone PDF reader instead.

CORRECTION, 10/7: The Michigan fight song is "The Victors," not "Hail to the Victors." Mea maxima culpa.

By Mike DeBonis  | October 4, 2010; 2:14 PM ET
Categories:  DCision 2010, The District  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: DeMorning DeBonis: Oct. 4, 2010
Next: For Rhee, staying in D.C. is a 'hard question'

Comments

Hail to the Victors Valiant!

Um...yay alma mater for cyberhacking?

Posted by: gopoohgo | October 4, 2010 3:21 PM | Report abuse

Hail to the Redskins would have been far better!

Posted by: jeffcoud2 | October 4, 2010 4:01 PM | Report abuse

Michigan's fight song is "The Victors," not "Hail to the Victors."

Posted by: Catholepistemiad | October 4, 2010 5:27 PM | Report abuse

Hey this is the right approach. I'm glad to see they're not just approaching the problem in the right way through open testing, but also are acting cautiously about what they do. Combined with robust review and flaw remediation, secure voting ought to be possible.

In the meantime, it might be worthwhile to set up something for military members to use through nipernet...

Posted by: Nymous | October 5, 2010 1:48 AM | Report abuse

A test that is supposed to run over the weekend is shut down by mid day on Friday due to "usability issues brought to our attention."? This shows an apalling lack of awareness of the problems inherent in such a voting system.
No, the right approach would be to fire the idiots on the board of elections and hire the students from Michigan.

Posted by: lcollar | October 5, 2010 8:14 AM | Report abuse

Just consider how often and consistently online systems of all kinds are successfully hacked. Why would voting systems be different?

The thought of government by those who get into the position by hiring hackers is truly frightening.

Posted by: observer31 | October 5, 2010 8:21 AM | Report abuse

You think you might mention who the vendor is? That seems kind of important.

Posted by: pj_camp | October 5, 2010 9:28 AM | Report abuse

Hey, look - it's DC. You KNOW who's gonna be elected even before the first ballot is cast. Why worry about hackers? They won't make ANY difference in the outcome. Of course, it's also obvious that the hacking wasn't done by ANYONE who is a District resident. Even WITHOUT the fight song, it's clear that the capability is JUST NOT there. Now maybe some folks in nearby Maryland or Virginia have the capability, but surely not DC!

Posted by: matism | October 5, 2010 11:29 AM | Report abuse

It's unclear to me that "We've closed the hole they opened..." accurately quotes Mr. Stenbjorn. If it does, he should be fired immediately for his illiteracy in this matter.
The students did not "open" a hole in this online voting system. They discovered one that the Mr. Stenbjorn's inept staff did not secure.
If Mr. DeBonis is accurately reporting the quote then this may also indicate a pathological attempt to shift blame from where it belongs - the morons at DCBOEE - to the students that did them a favor.

Posted by: Megadan | October 5, 2010 11:45 AM | Report abuse

How great is this? So let's pretend there's an 800lb gorilla in the room...his name is Acorn, and he's a hacker.

Care to wager what percentage of e-voters will be shown to be cast for Democrat candidates?

Fraud is a huge problem, but not just with e-vote systems. Jokes about dead people voting isn't a joke; our voter roles are full of fraud - 3%, 5%, 20%? ID's should be needed to vote (as in my district), every voter role should be purged, validated and maintained before every election. Without it, the gorilla is going to have his way every time.

Posted by: BarryBinInhalin | October 5, 2010 11:49 AM | Report abuse

Any, [and I mean ANY] system can be hacked, and I have no doubt have been
electronic [and even mechanical] voting is a gamble. Paper ballots are also subject to fraud.
Choose your poison.

Posted by: news41 | October 5, 2010 12:00 PM | Report abuse

Hey, I'm really going to trust the vote coming out of DC. Maybe they can show Chicago how to do it during Rahm's coronation, oh, I mean election.

Posted by: AnnieP1 | October 5, 2010 12:12 PM | Report abuse

Why is it that I can safely access my bank accounts, investment accounts, Ebay, etc. from virtually anywhere on the planet, but I cannot vote online? Maybe it's because having found a proven set of tools to rig elections, the Left is terrified that new technology will erase their advantage. Seems odd that such a hotbed of political neutrality like DC would be "proving" the "danger" of online voting. Remember -vote early and vote often!

Posted by: snipelee | October 5, 2010 12:16 PM | Report abuse

Use of electronic voting is a hideous error.

Posted by: KPosty | October 5, 2010 12:16 PM | Report abuse


Thanks to your PUBLIC education YOU are missing the OBVIOUS ... VOTING sites are referred to as POLLING STATIONS ... Why you ask?
Because for decades now, the government only POLLS THE OPINIONS of ITS public ... Your VOTE has absolutely NO MERIT in the election process ... the Electorial College does ALL the deciding for you - you only convey your opinion - which is ignored!! This is the just the tip of the iceberg when it comes to deceiving Americans! Sorry to burst your patriotic bubble - wake up people - this isn't your country anymore!

Posted by: ScatScat | October 5, 2010 12:21 PM | Report abuse

There is almost nothing more important than insuring the integrety of our elections. It is sure that it isn't 100% free of fraud but to allow it to go on-line kills all hope of keeping the system safe at all.

These morons in charge of this test either 1.have NO IDEA how computers work 2. are actively trying to steal elections 3. are just plain stupid or 4. have NO sense of what their country is about

I don't see any good on that list!

Election rlls need to be continuously scrutinized (by people with brains) and ballot need to be paper only. The last bit of the puzzle? Honesty

Posted by: rleored1 | October 5, 2010 12:23 PM | Report abuse

Another bad idea beat down. Voting online, Missile defense systems, etc. can only be truly tested when the real world comes into play. SO, never go there.

IF banks etc. are not hack-proof, why would we ever want our elections and our country to be vulnerable by depending on a computer program which can never be truly tested before it is used.

That's a hard way to learn. We should NEVER go there. There are no hack-proof or bug-free programs when they are as elaborate as would be required for voting or missile defense. NEVER! Ask any programmer or QA Tester.

Posted by: tojo45 | October 5, 2010 12:27 PM | Report abuse

How many D.C. voters that actually VOTE are there serving over seas for our country? It can't be more than a hand full. So, I'd love to see how much the cost per vote is in this $300,000 waste of money.

Posted by: arbogastd | October 5, 2010 12:30 PM | Report abuse

In 2012 a hacked voter system in favor of Obama is the only way he'll win reelection...

Posted by: mrcyberdochotmailcom | October 5, 2010 12:30 PM | Report abuse

THANK YOU, HACKERS! I can think of few greater threats to liberty than, even assuming no technology-based corruption or mischief (HA!), by allowing lazy, livin'-off-the-taxpayer-dime, do-nothings to be able to sit on their indolent butts while electing their welfare patrons as they watch another episode of Judge Mathis.

Posted by: jnsesq | October 5, 2010 12:30 PM | Report abuse

Well, d@amn it, there is such a thing as making it too easy to vote. Just as all in-person voters should be required to present a valid government-issued ID card in order to vote, so should we also be carefully review all absentee ballot procedures to maintain the security of the voting process and the integrity of our democracy. Many of us Republicans have been screaming about ballot security for years, and those of us who have actually run campaigns have witnessed real, live voting fraud around the country. I don't care if you're a Republican, Democrat, Libertarian or Martian, we should all agree that the integrity of our democracy must be paramount. If we can't agree on that, and any party, candidate or interest group can cheat, then we're on a slippery slope to becoming Venezuela.

Bottom line: we should put aside on-line voting until its iron-clad security can be assured. If this debacle had occurred in a hotly contested swing state in the middle of a presidential election, this could have caused a national, if not a constitutional crisis. Think clearly, people.

Posted by: Dirtlawyer1 | October 5, 2010 12:36 PM | Report abuse

Every lab geek at M.I.T. is now on the case. Winner of the next presidential election: Oliver R. Smoot

Posted by: floyddabarber | October 5, 2010 12:37 PM | Report abuse

I figured it would have been CalTech or MIT that would have pulled this one off.

My thoughts are this-

Election Day is Election Day. No "Early Voting" or "provisional ballots." Absentee balloting is allowed.

Either people do their "Civic Duty" and appear, on Election Day or they don't deserve to vote.

Casting one's ballot is serious and these lazy bums that are trying to "reach-out," for more time, are way out of line.

Posted by: Computer_Forensics_Expert_Computer_Expert_Witness | October 5, 2010 12:43 PM | Report abuse

I could understand why liberals want this system.
As republicans investgate Dem voter fraud they will need a new method to cheat.

Posted by: jpalm32 | October 5, 2010 1:06 PM | Report abuse

All hail online voting! What could possibly go wrong?!?!?

Posted by: Armed_Texan | October 5, 2010 1:12 PM | Report abuse

I'm pretty sure most of Maryland's votes are rigged, because most of the state is actually republican bu the democrats always win

Posted by: interloper5 | October 5, 2010 1:27 PM | Report abuse

Can D.C. do anything right?

Posted by: COOLCHILLY | October 5, 2010 1:28 PM | Report abuse

Every lab geek at M.I.T. is now on the case. Winner of the next presidential election: Oliver R. Smoot

Posted by: floyddabarber

As a Harvard alum, I appreciated this posting. LOL.

Posted by: WashingtonDame | October 5, 2010 1:36 PM | Report abuse

Each state has different laws... In one of the presidential elections I voted in here in Michigan, we had a machine that reads your pencil marks on a ballot. I noticed while waiting in line, 2 out of 3 ballots scanned were rejected as miss-votes - meaning some of their votes would not be counted. Everyone accepted this. So, when it was my time, I was extra - extra - extra careful that I did it perfectly. Mine was rejected too. I took back the ballot and checked again. Everything was still perfect, so I had them scan it again. This time it took When I quested this, the election officials said they only test the machine at the start of voting, so if some dirt gets on the lenses of the scanner, they will never know. Also, as a voter I was not allowed to request a re-count. Only a person on the ballot.

Posted by: arbogastd | October 5, 2010 1:37 PM | Report abuse

Since when were Democrats worried about the integrity of the vote???

Posted by: CapsNut | October 5, 2010 1:52 PM | Report abuse

dems want the internet voting so they can assure their coming wins by fraud.............dems know that America has had it with their damage to America and the American way of life

Posted by: M_Algore | October 5, 2010 1:52 PM | Report abuse

Cyber security. The only thing you can prove is its "secure" as you are writing this very sentence. Ten secs from now, it may be hacked. And we spend hundreds of millions on this.

Wouldn't a low tech solution be better, like maybe dipping our fingers into purple dye? It would stop voter fraud, and would also be env friendly, since you wouldn't need all those "I voted" stickers.

Posted by: jcl154 | October 5, 2010 1:56 PM | Report abuse

Why even bother having elections in DC? If there's a black candidate, award the office to him. If both candidates are black, pick the one who's most liberal. The outcome will be the same as if they had wasted time with an election, which would be stolen by ACORN and SEIU operatives anyway.

Posted by: p3orion | October 5, 2010 2:06 PM | Report abuse

Oh, for God's sake another idiot who doesn't understand the electoral college.It's more fair, you fool, not less fair. If you allowed only the popular vote to determine the outcome of a presidential election then only the most populous states would elect the president. It would be whomever California wanted as president not whomever the country wanted. Congressional seats are apportioned by population so that larger populations can be represented properly in congress but each state gets two senators to balance that out. Mob rule is dangerous. There has to be checks and balances.

Posted by: haunches | October 5, 2010 2:08 PM | Report abuse

Of course the internet program was open to being hacked. Don't these elections officials ever listen to the experts?

Posted by: dubious1 | October 5, 2010 2:15 PM | Report abuse

This is a joke, systems can be secured, our banking system is secure enough. Put some republicans in charge of this and I bet they'll get the job done. Anybody notice the Democrats are the only ones trying to shoot down electronic voting, as if it's less reliable than a gang of volunteers?

Posted by: zardinuk | October 5, 2010 2:20 PM | Report abuse

Most of the voter fraud is in favor of Republicans. Look at Ohio in 2004 when all the votes were run through a computer in Tennessee that was running GOP software before being sent back to Ohio. Look at the hack in Florida that nearly caused Gore to concede on election night before it was revealed. Almost all hacks benefit Republicans. Check it out.

And using the internet is to invite the hackers to have great fun.

Posted by: dubious1 | October 5, 2010 2:24 PM | Report abuse

Just print the ballots on rolls of free toilet paper so the totally uninformed, and uninvolved can more easily cancel out your vote.

Posted by: borntoraisehogs | October 5, 2010 2:31 PM | Report abuse

ACORN... really? lol

Anyway, at least the testing of this system is more transparent than the testing done on the Diebold systems that are actually in use.

Posted by: AJohn1 | October 5, 2010 2:33 PM | Report abuse

E-Voting was brought to US by Al Goron & the Dims.

Welcome to hanging e-chads!

Posted by: harpotoo | October 5, 2010 2:37 PM | Report abuse

@ dubious1

So if the voter fraud is all republicans, why not use electronic voting? It's your best bet at eliminating fraud. I know I want to see the fraud eliminated, tired of seeing the bag of votes someone forgot about magically appearing, I want electronic voting because it will solve all of the problems. They leave a paper trail, it's as good and better than your preferred paper ballot.

The DNC is afraid of electronic voting machines because they have relied on the fraud that goes on in the voting locations for so long. It's quite clear to me. Your argument makes no sense whatsoever.

Posted by: zardinuk | October 5, 2010 2:37 PM | Report abuse

Nymous Yes one would THINK there should be a way to vote on line for at least our Military.. however, while they allowed anyone to GIVE IT THEIR BEST SHOT.. did that include CHINA who seems to LOVE to hack our Pentagon? It is not just hackers HERE but elsewhere that we have to watch for..

Posted by: lcky9 | October 5, 2010 2:46 PM | Report abuse

Thank God this crack attack has stopped the overseas military from voting. Everyone knows that those people are the best possible representatives of their city, and so they shouldn't be allowed to vote, because they might cause something good to happen if they could.

In another way, this is more proof that the District of Columbia is going to get about another $100 million to "improve its systems."

Posted by: Extempraneous | October 5, 2010 2:51 PM | Report abuse

Yeah, baby! Saw off another chunk of that federal cash log!

Posted by: Extempraneous | October 5, 2010 2:53 PM | Report abuse

In a city so replete with disfunction, where under every rock there is a corrupt politician and/or contractor, who in their right mind thought the government could implement a HACKER PROOF on line voting system?

Sheesh!

Posted by: Curmudgeon10 | October 5, 2010 2:57 PM | Report abuse

There is an easy way to eliminate any voting fraud. Simply require a biometric when a voter registers and each time he or she votes, with a system that verifies the biometric. A fingerprint is provided at registration and the same fingerprint is given when the voter votes. It's not rocket science, but the Party of Illegal Voters would fight it to the bitter end... I'll leave it to the reader to figure out what party THAT is.

Posted by: danny70000 | October 5, 2010 3:04 PM | Report abuse

get the money back!!

stop paying these con artists...

seize their assests ...

give to my charity...

Posted by: wingdingluey | October 5, 2010 3:08 PM | Report abuse

I have never understood the rationale behind changing the voting process. It worked. The new systems are fraught with the potential for mischief and criminality. Voting by mail - a terrible idea. How does anyone know that the ballots counted are truly the ballots received? There's nothing equivalent to a precinct where votes are tallied in a public way. And voting machines? How do we know that they haven't been hacked (as in this story), except worse: to provide one party or another with an advantage - whoever the hacker happens to favor?

Worse - how do we know that the hackers aren't in the employ of one of the political parties?

I want America to go back to the good old paper ballot (no chads). And a requirement that you be intelligent enough to complete a ballot and live with whatever careless mistakes you make after you drop the ballot in the box. The time to correct your mistakes is before you drop it in the box.

We OUGHT to be a nation of adults instead of winy entitled spoiled brats who think that the sun shines up their a$$es and makes the world a better place just because they have the wonderful decency to show up.

Posted by: harrygett | October 5, 2010 3:12 PM | Report abuse

there was a time when the washington post had enough clout to stop something such as this fiasco long before the taxpayer ever got clobbered. and internet access from jails and prisons keeps convicted felons actually serving time from being disenfranchised. i gather the dc experiments are off limits i.e. politically incorrect targets of the wash post. no wonder your profits continue to drop. retro back 40 - 50 years if you intend to remain in business. ps - when are you going to expose the money pit known as pretrial services. possibly the biggest waste of tax money on the planet.

Posted by: anonymoose1990 | October 5, 2010 3:22 PM | Report abuse

As long as systems can be hacked no vital system - like voting - can be entrusted to online technology. Even with manual systems if voter tampering is discovered AFTER an election the results are not overturned. The perpetrators are prosecuted (maybe) but the election results are not overturned. Moreover, with cyber tampering it is extremely difficult to find and prove direct links to the guilty. Add to that how long it takes to move thru federal courts.

Posted by: aceswild1 | October 5, 2010 3:38 PM | Report abuse

I'm wheelchair bound and have been for a couple years, I was on a chicago thread yesterday about absentee ballots saying this same thing;

If I can drag my tired broken azz to the local elementary school like I did even before while becoming crippled from MS and did to vote against Obama anyone else can too.

WTF?

We know online voting is nuts as we can't even keep dead liberals from voting the old way ;( , now we want the CHICOMS, Ruskies and all to be able to as well, because THEY WILL if they OK this anytime in the near future.

Posted by: chicagoray40 | October 5, 2010 3:50 PM | Report abuse


Wrap a band aid around the nose piece of those geeky glasses, then DeBonis can claim he did it.

Posted by: screwjob21 | October 5, 2010 4:06 PM | Report abuse

it would be fitting to use the anthem of the peoples republic of Ann Arbor

Posted by: jibreelriley | October 5, 2010 4:09 PM | Report abuse

@snipelee, what makes you think that your online access to banking and financial services are safe?

to the hacker.. Go Blue!

Posted by: SpecTP | October 5, 2010 5:07 PM | Report abuse

There is nothing in the US more sacred than voting. If one cannot get off the couch to go to the polls, they should lose their vote!! However, power is enticing and the Left will not go down quietly!!

Posted by: MadonnaDJ88 | October 5, 2010 5:28 PM | Report abuse

Not good. These were just students. Real pros would have ZERO problem breaking that system.

Posted by: illogicbuster | October 5, 2010 5:39 PM | Report abuse

North Carolina is satisfied and is willing to buy the software unchanged for the November election.

Posted by: James10 | October 5, 2010 6:21 PM | Report abuse

The only truly secure system is one that can be audited by the voters. Voters should be able to log in at any time afterwards and confirm their vote the same way they confirm their bank account balance.

Posted by: c094728 | October 5, 2010 6:53 PM | Report abuse

If any of the students could hack it to change all repub votes to dems and keep all dem votes, then it would have been a go for Obomba/Pelousy/Reed express.

The student who hacked needs protection now.

Never Forget the young men who were murdered so Obama could run for office:
Donald Young, Nate Spencer, Larry Bland, Lt. Quarles Harris, Jr.

Posted by: LaVie | October 5, 2010 7:05 PM | Report abuse

Non-Taxpayers should not vote

Posted by: LaVie | October 5, 2010 7:11 PM | Report abuse

Thank you Hacker! This just shows how dangerous and vulnerable online voting is. This person did us a favor. Just think if he can do it what is to stop the government or a candidate hiring someone to do it. Ever hear of black ops? These a..holes have the key to every server. Thank you very much.

Posted by: sdchanman | October 5, 2010 7:24 PM | Report abuse

This is old news. How do you think the Obama Mafia got Barack elected?

Posted by: DigitalBob1 | October 5, 2010 7:41 PM | Report abuse

Okay, all you dopes who thought online voting could be relied upon, raise your hands. Now, put your hands down and go stand in the corner.

GET THIS NOW, GET IT RIGHT AND HOLD ONTO IT:

THERE ARE NO MACHINES THAT ARE AS GOOD AS A PAPER BALLOT, WHETHER MARKED OR PUNCHED. YOU MUST STOP IMAGINING THAT SIMPLY BECAUSE A THING CAN BE DONE ON A COMPUTER THAT IT THEREFORE MUST BE DONE ON A COMPUTER.

JM (Electronics/Computer Systems Engineer with decades of experience)

Posted by: JMinSanDiegoCA | October 5, 2010 7:59 PM | Report abuse

I can only imagine Obama sitting up late with his laptop at his side, trying to figure out how to enlist these folks to rig the 2012 vote. He should be banging Michelle but have you taken a good long look at her face???????

Posted by: dougonesko | October 5, 2010 8:41 PM | Report abuse

The Democrats will hack the voting process, whether or not computers are involved.

Posted by: Jack64 | October 5, 2010 8:50 PM | Report abuse

I don't care what song they played to hail the voting system, that's some funny $hit!

Posted by: jayesouthworth | October 5, 2010 8:56 PM | Report abuse

Haha. When will people figure out anything that involves a computer can be compromised? Especially if it's online, since the guy doing it doesn't have to be anywhere near the actual machines. Some things are just best kept offline.

At least they tested it openly rather than hoping a flimsy attempt at security through obscurity would save them, unlike *some* electronic voting efforts.

Posted by: CppThis | October 5, 2010 11:30 PM | Report abuse

The "system" was compromised in 2008 when DUH WON.

Posted by: LoneWolf1 | October 5, 2010 11:41 PM | Report abuse

snipelee: Why is it that I can safely access my bank accounts, investment accounts, Ebay, etc. from virtually anywhere on the planet, but I cannot vote online?

For one thing, because voting includes a "secret ballot".

There are a number of commercial startups addressing the on-line voting "market". Their sites generally contain white papers explaining the problems and their solutions. Read a few.

Secret ballots are an example of voting system problems eBay and banks don't have. The voting system must be able validate that each counted vote comes from one and only one voter. But the system cannot know who that voter is. And, at the same time, the system must be able to prove to you that your vote was counted one and only one time - and it was for who you voted for. Except, again, the voting system cannot know who you voted for. Take a minute to think of a way to do this. :)

That said, it sounds like the problem with this site had nothing to do with voting and everything to do with running a secure web site. That also said, it's one thing for a few thousand, full time, highly paid, expert specialists to run a secure web site, and quite another for 10's of thousands of amateurs to do so. That means that, unlike a paper system run by amateurs and subject to the sorts of controls a normal person can understand (try not to let dead people vote, don't lose the ballots, etc), on-line voting systems will either be run centrally by pros (do you trust them? why?) or be turn-key products produced by pros (do you trust them? why?). And, in either case, they'll run like the dozens of computers running in your new car - outside your knowledge and vision.

And, as another example of why eBay and banks are not like voting systems: eBay and banks tend to have custom systems. You break one, the others still stand. Every county ain't gonna roll their own, custom on-line voting system. If all counties buy the same system - well, you break that system, you can pretty much count on getting that paving contract anywhere you bid for it.

Posted by: bar_washington_post | October 6, 2010 3:54 AM | Report abuse

When are people going to learn that NOTHING online is secure. My god Hugo Chavez could be elected president with this system. Or worse BHO might get re-elected.

Posted by: backliner | October 6, 2010 4:57 AM | Report abuse

This is very likely a test of the DNC ability to hack the system in preparation for Massive cheating in the coming elections. NAAAHHH couldn't be....thats much too far fetched!

Posted by: rabiddog9 | October 6, 2010 7:05 AM | Report abuse

Might this online voting ploy be another misguided attempt by Obama's people to once again by way of deception insure a victory in the upcoming November elections? After all, that is the only possible explanation for 2008!

Posted by: hindsight2040 | October 6, 2010 7:16 AM | Report abuse

Go Blue!

Posted by: gb11231 | October 6, 2010 1:21 PM | Report abuse

It is shameful that the scientific community allows ego driven agendas to impede efforts to secure the vote counting process. We know open source and paper ballots are minimal mandatory requirements. Hopefully OVC will address oversea ballot issues- as they have effectively demonstrated open source / paper ballot systems for precinct use.. We don't need licensing schemes and ego games.. we need election system security !!

Posted by: UnderdogUSA | October 10, 2010 10:22 PM | Report abuse

The only ones that seems to be seeing this correctely are JMinSanDiegoCA and c094728 with a few other interspersed good ideas. There is a world of difference between an excellent computer scientist and one that specializes in security. Even if they do correct the problems in the system it still has excised the most important element - people who can monitor to make sure things are progressing fairly. There is a reason polling places have at least both a Republican and a Democrat running them. Both are there to assure as much as possible voting fairness. If you don't like the system then get involved in how to correct it by being one of these polling control people or blogging about where you have actual proof the system is failing. It would be nice to also have a post check to make sure what you voted for actually happened.

As to the people complaining about the absentee ballot, shame on you. The people in the armed forces in Iraq, Afghanistan, and other parts of the globe, many in harms way have just as much right to vote as you do. They maybe have even more right to vote than you do. I for one want to make sure they have that right and opportunity to vote. If I was a Democrat and they were all Republicans I would still want it. Ditto for vice-versa. This is not a partican issue.

Please, lets keep this central to the point at issue, which is whether we can trust online voting. As one of those computer security analysts I have to say the answer is no. If you see it differently my answer will still be no. The instant something is open to attacks from the entire world then the more likely it is to be successfully attacked. Really, they didn't have the sucker protected from a shell injection attack? Bad. REALLY BAD!

Posted by: hhhobbit | October 11, 2010 1:22 PM | Report abuse

Post a Comment

We encourage users to analyze, comment on and even challenge washingtonpost.com's articles, blogs, reviews and multimedia features.

User reviews and comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions.




characters remaining

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company