Software To Capture Votes in Upcoming National Election is Insecure (vice.com) 91
Hackers could have manipulated the results of the upcoming election in Germany by using "trivial" attacks against a program used to count and transmit voting results, researchers warned on Thursday. From a report: White hat hackers from the Chaos Computer Club (CCC), a well-known hacking organization in Germany, claim to have found a series of serious vulnerabilities in PC-Wahl 10, software used by German authorities to count and transmit voting results. The researchers said their attacks show the software is in a "sad state" and that malicious hackers could have compromised it with "one click." "The amount of vulnerabilities and their severity exceeded our worst expectations," Linus Neumann, one of the researchers who conducted the study, said in a press release. The good news, however, is that the researchers believe it would have been hard for malicious hackers to get away with such attacks during the upcoming German election on September 24 without anyone noticing. "Technically, manipulation would be possible in several ways, but it is unlikely that manipulation would remain undetected," Thorsten Schroder, another researcher involved in the study, wrote in an op-ed for the magazine Der Spiegel.
Re: (Score:2)
Bigotry? How dare anyone oppose an invasion of their country! We're bigots if we don't embrace the invaders and give them our money!
Re: (Score:1)
I agree that the campaign donations corrupt the US elections, but I fail to see why you single out Hillary Clinton. Just about every US politician, no matter what side of the isle, and from candidate dog catcher to presidential candidate, needs campaign donations. And yes, it's a real scandal that so much money is pumped into all those elections.
Integrity of a US politician seems to be determined by how much the campaign donations influence their politics. Some of them seem to be pretty clean despite the co
Re: (Score:2)
I mean, seriously, can we not wait a day or so to get votes tabulated and backed up with manual counts of physical ballots?
Isn't getting the will of the people worth it taking a day or so to make sure it is real and accurate?
Re: Oh, no, Russians! (Score:2)
But of Course! (Score:2, Interesting)
The globalists wouldn't want to have another Trump on their hands in the most powerful nation in Europe!
The only people who you really have to worry about hacking the vote are based out of Brussels, not Moscow.
Re: (Score:2)
It has nothing to do with so called "globalists".
If Merkel's coalition doesn't win, then Justin Trudeau becomes the "Leader of the Free World".
That is not acceptable to anyone at this time.
Re: (Score:2)
At least we agree on the group of people who wish to remove the democratic element from the elections in Germany, whether or not we agree on their name.
Re: (Score:2)
What we all really agree on is election are about people not machines. Elections should be one hundred percent manual from go to whoa, pencil, paper, with officials manually counting the vote and representative from those running for government overseeing that count, with elections held on weekends to make sure everyone can participate, not just in voting but also in the https://en.wikipedia.org/wiki/... [wikipedia.org] or https://en.wikipedia.org/wiki/... [wikipedia.org] or http://www.girlscouts.org/en/c... [girlscouts.org]. It should be a social event,
Re: (Score:1)
The entire concept that we need a "leader" is the whole problem. Who came up with this idea? As far as I can tell, the Americans came up with it so they could play World Police. The Americans have done an absolutely hideous job being "world leader", starting wars left and right. Millions of poor brown people died. The most recent US president spent his entire time in office at war, and yet was honored as a man of peace by these same globalists.
Maybe it's time we retired the "world leader" thing. And
Re: (Score:2)
The globalists wouldn't want to have another Trump on their hands in the most powerful nation in Europe!
The only people who you really have to worry about hacking the vote are based out of Brussels, not Moscow.
Don't worry about the "Globalists", or whichever conspiracy theory they came from. Trump has ensured that there isn't going to be a Trump in Europe. Far right parties have been doing spectacularly badly in recent European elections, Centre right and centre left are doing well.
I expect this to be a comfortable win for Merkel. That evil witch who has managed to keep the German economy strong throughout terrible economic conditions. Only the centre-left SPD has the chance to unseat her and they need to pic
This is insane (Score:3)
It is not difficult to build a highly secure e-voting system with highly robust, highly secure reporting.
This is the minimum standard that should be considered acceptable.
Ok, so how do you do this?
1. A system is no better than the platform it is on. So you want a formally verified, tamper-proof platform with no extraneous physical connections.
2. The software should be designed using formal methods (coloured petri nets will work because there are only a fixed number of well-known arcs under well-known conditions, learning from SEL4 won't kill anyone either).
3. Votes should be retained in encrypted form, each voter's public key being on their voter registration card in a computer-readable form (but not remotely readable), and stored in multiple locations. This eliminates the possibility of any database admin trying to delete or insert votes, as the hashes won't tally. Blockchain can be used to ensure majority consent on the hashes, thus excluding corrupt institutions.
4. The server that generates the public/private key pairs should feed the private keys only to official Orange Book A1 servers for counting.
Re: (Score:2)
Sorry, e-voting will never be secure. It will always be black box mysticism.
Re: This is insane (Score:2)
Claims without proofs are worthless. And spineless.
I can prove this system has 100% integrity, that nobody gets illegally excluded, that no vote is altered, injected or deleted, that nobody behind the scenes can tamper with results, that the results can be certified after the fact, that it cannot be hacked, that test data cannot be "accidentally" left there, that votes for opponents don't get magically stuffed behind radiators and office furniture.
In other words, I can prove you wrong.
Re: (Score:1)
In other words, I can prove you wrong.
Only if there a paper copy of the vote that I can verify before putting into the box to count the old fashion way. Without it there is no such proof, only speculation. In other words, you can't. Your claim is equally worthless, and spineless. Your only "proof" is attempted insults, water off a duck's back in this case.
If you could prove what you say, computer malware could not exist, much less run for years without anybody noticing.
Re: (Score:2)
First, where did I say there wasn't a paper copy?
Second, if the software is peer-reviewed and proven to be correct, and you can compare your copy of the digital signature with that in any of the observer databases, I'd say there's a bit more than speculation.
Third, computer malware exists because 99% of all the software out there is written by morons and 99% of what's left is written by enthusiasts who like coding but hate testing or documenting. Name one formally proven A1+ OS that has malware. You're tryi
Re: (Score:1)
Nice troll! I like it!
I can very easily prove what I say, because formal methods are something I am very, very good at.
You should be rich then, and making headlines. Pretty good at blowing your own horn, aren't ya?
Re: (Score:3)
It may not be difficult but it sure as hell is expensive. Most voting equipment is only used once every several years. The added expense is unnecessary and is only wanted by the media so they can get better ratings on election night. There's nothing wrong with waiting a few hours for results.
Re: This is insane (Score:2)
Waiting for results is good. It prevents election rigging.
I'm not interested in reducing delays, I want them increased.
What I absolutely want is to prevent election officials excluding people illegally (a common practice in the Bible Belt where, for twenty pieces of silver, you can have an election murdered) and for said officials to stop stuffing ballot papers for the "wrong people" behind office furniture, claiming innocence.
I want independent observers to be able to verify that the votes cast equals the
Re: (Score:3)
3 & 4 above seem to imply that anyone who gets hold of a voter registration card will be able to vote on the owner's behalf.
Was this intended? If so, you might want to rethink this proposed standard....
Re: (Score:2)
Not remotely. You just have to design the system in a way that makes it infeasible to falsify results without detection.
Step 1: The voting booth. Vote for a candidate. The vote is recorded on a flash card and cryptographically signed by the voting machine and simultaneously sent to a central server and stored locally on the machine.
Step 2: The verifying booth. Verify your
Re: (Score:2)
I think I already covered that. Each device signs the data at each point in the audit trail and maintains copies at each step. There is no "who" here. It's a "what" doing the signing.
Because the verification systems are open source, and thus can be audited (including the choice of crypto).
All that the
Re: (Score:2)
The problem with electronic voting will always be that to the average voter, it is just a black box (or 3 in your example). Ideally the whole process needs to be transparent. When I vote, I can watch the whole process, from the empty ballots showing up at the polling station to the count at the end of the day, if I so choose (and assuming there's room, which is almost always the case) and the process is simple enough that the average 3rd grader can understand and verify it.
Re: (Score:2)
No disagreement there. If people want to, they should be able to obtain a dump from every voting machine and see all the votes that were cast, but with the time stamps scrubbed. (The time stamps would presumably be from a timestamping server anyway, so it would be a separate wrapper signature that could be stripped without affecting the ability to do crypto verification of the voting logs.) Not that anyone sane would ever take the time to verify the paper trail, but it should be possible to do so. :-D
Re: (Score:2)
Governments are incapable of creating secure systems.
The paper system is pretty secure, if it is implemented and executed properly. In stable democracies it is. In corrupt democracies it is, well, corrupt.
Paper ballots & manual counting fine by me (Score:5, Insightful)
So far here in Alberta all federal and provincial elections I've participated in have used paper-based voting systems and been counted by hand (AFAIK), hopefully it stays this way.
Re: (Score:2)
The allure of paper ballots always seemed to me to be based on fear and ignorance. Supporting an old system not because it's actually superior, but be
Re: (Score:2)
The allure of the paper system is that everyone understands it, not just he high priests of computer technology.
Regarding that ballot stuffing scenario: it is an old trick with many variations, but that's why there are observers in voting stations, preferably from multiple parties in the election.
Re: (Score:2)
People in some small town or small area from different political parties watch the vote, paperwork and the counting.
All voters are real citizens and allowed to vote, fully registered and can only vote once. No illegal migrants can vote, no citizen returning to vote many, many times.
One real citizen, one vote counted on paper.
They see a final number and that count is sent up the system. That number is passed up to a region. The people who count and observe in a regio
Re: (Score:2)
Absolutely nothing.
But, you have to be careful because boxes are often serialized, and how many people put votes in a box is tallied. If the count gets ou
Re: (Score:2)
And manual counting of votes by people is failproof because people can't be corrupted/bribed/...?
Worth noting that there is no electronic voting (Score:5, Informative)
In Germany, we use paper ballots which are counted manually. The software is only used for transmitting and aggregating results. Every part of the process that is handled by the software is observable by the public and can be verified by the public. If the people who do the counting at the polling places make a note of the result and check that it matches what is published upstream and that the aggregation is done correctly upstream (from public input to public output according to defined, simple algorithms), then any manipulation that a hacker could inject through the flaws in this software is detectable.
Re: (Score:2)
Do they not have telephones in Germany yet? Why is specialty network software required to read off vote totals?
Re: (Score:3)
In Germany, we use paper ballots which are counted manually. The software is only used for transmitting and aggregating results. Every part of the process that is handled by the software is observable by the public and can be verified by the public. If the people who do the counting at the polling places make a note of the result and check that it matches what is published upstream and that the aggregation is done correctly upstream (from public input to public output according to defined, simple algorithms), then any manipulation that a hacker could inject through the flaws in this software is detectable.
Arguably it is better for the manipulator that it is detected. Sure, by manipulating the tally secretly you might get your preferred candidate elected but it would still have to be a one of the leading candidates otherwise you rouse suspicion, meaning the damage is limited. If you can invalidate the government in such a public way then you start undermining the trust the population has for the government. Shake the population's confidence in government and you have done real damage.
It's corruption (Score:2)
Everyone involved hopes to exploit the system to their own benefit, they're not interested in a fair, honest, open system. That's why ballot stuffing is a thing and why we have secret ballots so people can't be reliably threatened or bribed for their votes.
Then there's the fact that there is a lot of money on the line, and you can bet lobbying (both honest and dishonest) is going on to keep that money flowing.
It seems very strange that there's so much wrangling over how to create a ballot until you recogni
Re: (Score:3)
The UN has established 'best practices'. It's time the first world accepts that those standards are not just for the 'stans' and banana republics.
Paper ballots, see through ballot boxes (so they aren't half full at the start), tracked chain of custody of the boxes, ID requirements and stained fingers. All interested parties can have a representative in the counting rooms and polling stations. Done.
Re: (Score:2)
Believe it or not, it's really difficult to cleanly erase a mark left by a pencil. If someone is scrutinizing ballots looking for tampering, the indentation of the previous mark will be visible even if every speck of graphite is lifted from the paper.
Re: (Score:2)
Hanging chads.
Leaving any discretion in the hands/eyes of the counters is a very bad outcome.
If you fuckup your ballot with ink, you ask for another. Pencils have no advantage.
Re: (Score:2)
>Pencils have no advantage.
They don't dry out, they don't leak if broken, and their marks don't run if the paper gets wet.
But Why (Score:3)
1) The critical importance of voting in Democratic societies,
2) The ease at which eVoting devices appear to be compromised,
3) The effectiveness paper voting as proven over untold millennium
4) The inherent lack of accountability in current eVoting ,
No logs, Insecurely stored, No validation, etc
It begs the question, why even bother with eVoting machines? Just because it’s “new”, “electronic”, can be “web enabled”, seems insufficient to perch the entire construct of Democracy on such weaknesses
Re: (Score:2)
Pure profit. Money is flowing for new machines, secure networks, support services, repairs, staff support and further education. Cryptography and "private sector" academic certification.
All costs that some federal or state gov can be expected to pay in full for again and again.
Then later updates, upgrades, support for all the different levels of politics in a nation. The cash keeps flowing and the few trusted brands can then sell intern
FTP (Score:2)
The update process is completely unsecured as well. However, the current problems are not a real issue since the software will receive an online updare that fixes the discovered vulnerabilities before the upcoming election.
Re: (Score:2)
Also not an issue as long as the totals are kept at the counting stations and the numbers are cross checked after.
Any shenanigans would be easily found with a routine audit.
Dear Editors... (Score:2)
Slashdot is a website read around the world. When posting an article of this type about a "national election", it would make a shitload of sense to add, in the title, the name of the country the election is for.
Re: (Score:2)
You're obviously bucking for a job as /. editor.
Didn't even RTFS, qualified! But spelling and grammar are too good, work on it.
Re: (Score:2)
I read the summary, and am aware of the country is Germany from it -- thank you.
But, that does little for those of us looking at the titles on our RSS readers. In a normal news source, if the country is not mentioned then readers will assume the location is the home country of the publication, and Slashdot is a U.S. site. I'd argue in the case of an internationally read website it would be more logical to always list the country of origin.
It's true (Score:2)
It's true but this has been well known in the security industry for years, if not decades..
A more fundamental problem (Score:2)
Which voting technology is the most secure is secondary, really, when the whole process is fundamentally flawed by the fact that voters can't be bothered to learn the actual facts or even turn up to vote, and when elections are completely overwhelmed by deliberate misinformation campaigns. As it is, it would be fairer to play dice for the presidency. Simpler too, and it might even engage people more.