How internet voting can go wrong

News from America:

Small coding mistake led to big Internet voting system failure

The main security weakness that let University of Michigan researchers take control over a planned city of Washington, D.C. Internet voting system pilot for overseas voters in 2010 was “a tiny oversight in a single line of code,” …

It’s evidence, say the researchers – led by Assistant Professor J. Alex Halderman – that Internet voting should be postponed until, when or if major new breakthroughs in cybersecurity occur. Mistakes like the one they exploited are all too common, hard to eradicate, and indicative of a brittleness in web applications, they say. Seemingly trivial errors can result in attackers gaining system dominance – and in the case of an internet voting system, controlling the outcome of an election.

Responding to a call by Washington, D.C., election officials for outsiders with no previous access to test system security, Halderman and his students penetrated the pilot system within 48 hours of it going online. Their successful attack went undetected for another 36 hours.

Quite how it was then detected is rather an amusing musical tale, as you can read in the full story.

* Mark Pack is a member of the Federal Board and editor of Liberal Democrat Newswire. He is a candidate for Party President.

Read more by or more about .
This entry was posted in News.
Advert

7 Comments

  • Andrew Suffield 26th Feb '12 - 5:25pm

    Piffle, we don’t need new breakthroughs. This sort of problem was solved decades ago; the techniques for writing code without this sort of error are known in the field as “formal methods”. They are widely used in fields where there is substantial liability for errors: medical equipment, some critical aspects of aerospace technology (NASA are a major player here), microprocessor design.

    The problem is not that we are unable to fix these issues. The problem is that the people involved are unwilling to do so. It would cost time and money, electronic voting in the US is all about profit margins, and there is no penalty for failure.

    The news article here does not even mention the company responsible for this abject failure, so they don’t even have the fairly weak spectre of reputation damage.

  • Matthew Huntbach 26th Feb '12 - 7:56pm


    Piffle, we don’t need new breakthroughs. This sort of problem was solved decades ago; the techniques for writing code without this sort of error are known in the field as “formal methods”.

    Piffle, formal methods has got nowhere near fully proving systems of this level of complexity. My colleague Peter O’Hearn’s work on separation logic (http://www.eecs.qmul.ac.uk/~ohearn/) is generally considered one of the biggest recent breakthroughs in this area, but they are still only just sorting out basic problems in heap assigned storage.

    If one looks at the paper on this bug, one can see that like most modern systems it ties together code from all over the place. If one wanted to write secure systems, this is not how one ought to do it.

    Of course, even if you really could run a system which mathematically proves it has no openings that could be abused, who proves the proof engine? Do we have all to become experts in separation logic to know for sure our ballots are secure?

    So far as I am concerned, the way in w hich the paper ballot system enables us to track the progress of all ballot papers form voter to count is a valuable safeguard we should NEVER throw away. You do not have to be an expert to see it is safe, no computer program can guarantee the same. Every reputable Computer Scientist I have spoken to on this issue agrees.

  • Richard Dean 26th Feb '12 - 8:08pm

    There’s no way that paper ballots are immune from rigging. See many o the world’s poorer countries for many examples, particularly those where there have been recent fi ds of oil or minerals. Talk to Putin for further info!

    One of the problems with software is that it has many layers, with different languages in each layer, and a writer at one level may have no idea at all of how his or her choicees create securiry issues in another.

  • Maybe we should postpone flying until we have found ways to prevent planes from crashing.

  • Andrew Suffield 27th Feb '12 - 1:25am

    is generally considered one of the biggest recent breakthroughs in this area, but they are still only just sorting out basic problems in heap assigned storage.

    There’s lots of mature techniques that are in widespread use; you’re looking at research rather than practical engineering.

    If one looks at the paper on this bug, one can see that like most modern systems it ties together code from all over the place. If one wanted to write secure systems, this is not how one ought to do it.

    Yes, anybody who knew they were going to verify their system would inevitably design it differently. That’s half the point. We do know how to make this stuff work, and the people who are failing to make it work are not failed heroes, they are scammers.

    Of course, even if you really could run a system which mathematically proves it has no openings that could be abused, who proves the proof engine? Do we have all to become experts in separation logic to know for sure our ballots are secure?

    The idea of everybody in the country understanding how votes are counted and how we attempt to prevent voting fraud is appealing but has never before been true.

    And to answer your question: no, there is no need to understand any of the logics used in order to validate the proof checker. Undergrad math is more than sufficient; a good proof checker uses only primitive and well-understood rules. This is a non-problem, solved a long time ago.

    So far as I am concerned, the way in w hich the paper ballot system enables us to track the progress of all ballot papers form voter to count is a valuable safeguard we should NEVER throw away.

    There is no legitimate or rational reason for building an electronic voting system that did not include this kind of paper trail. So far every system that fails to include one has done so for illegitimate or irrational reasons. Every time you see an electronic voting system without one, you should be immediately thinking that you’re being scammed. Because you are.

    You do not have to be an expert to see it is safe, no computer program can guarantee the same.

    Careful. No paper voting system is safe, and voting fraud happens often. No electronic counting system can do any better, because most fraud happens long before the ballots are counted. We merely attempt to keep the fraud as low as possible.

  • Matthew Huntbach 27th Feb '12 - 10:59am

    While I’m aware that paper voting systems can be defrauded, it seems to me the physical nature of the process is a very big part of the protection against fraud. When you can actually see and handle the ballot papers it is much easier to see where things are going wrong or could potentially go wrong than when it is a matter of information being transmitted through the execution of software. Human beings are physical creatures, we have evolved to live in a physical universe – that is why we do not have to be trained experts to gain a good understanding of how paper systems can be manipulated in the way we would if we were to fully understand the protections and any remaining risks of software proof checkers even supposing we could develop fully reliable proof checkers or at least restricted the software to forms where what we have is reliable.

    I write this as someone who develops new research software and teaches computer programming for a living, and has some knowledge and links with the formal methods approach. Sorry, but this stuff is just not as easy-peasy as Andrew is claiming. I have seen the struggle of even reasonably intelligent undergraduates to understand it. While of course I accept that the arcane details of how paper voting systems work are not something your average person knows much about, the barrier of comprehension is very much lower.

    I don’t see the throwing away of the safeguards given by a paper system in return for the convenience of internet voting as doing anything much to counter the malaise in democracy which seems to be an argument for it. To me, it’s just a silly – and potentially dangerous – gimmick, which like many other such gimmicks just works to turn people away from the real problems. The real problems are much more to do with the way politics is played, with its emphasis on top-down centralised campaigning in which ordinary people are seen as having just the role of making a passive choice between competing products, and also to do with the constant denigration of politics by the powerful figures in our society because it is very much in their interest to see the power of the ballot box degraded and the power of the money box enhanced. Every door slammed in your face when you are canvassing with the message “we’re not interested in politics – you lot are just in it for yourself” is a sign of how money boxes are winning out over ballot boxes. It is particularly sad that those who have least money box power tend to have been twisted into holding the most dismissive views of ballot box power.

Post a Comment

Lib Dem Voice welcomes comments from everyone but we ask you to be polite, to be on topic and to be who you say you are. You can read our comments policy in full here. Please respect it and all readers of the site.

If you are a member of the party, you can have the Lib Dem Logo appear next to your comments to show this. You must be registered for our forum and can then login on this public site with the same username and password.

To have your photo next to your comment please signup your email address with Gravatar.

Your email is never published. Required fields are marked *

*
*
Please complete the name of this site, Liberal Democrat ...?

Advert



Recent Comments

  • User AvatarTom Harney 21st Oct - 3:52am
    I would like to think that it is everyone’s duty to put forward ideas on how our country should be run. There is a lot...
  • User AvatarDavid-1 21st Oct - 12:23am
    It is not merely the task of a democratic opposition to hold a government to account; it is also (and, I might add, primarily) their...
  • User AvatarDenis Loretto 20th Oct - 11:20pm
    Just on the VONC issue it can be said that Jo was too quick in pointing out the impossibility of Corbyn getting the necessary support...
  • User AvatarArnold Kiel 20th Oct - 10:51pm
    John Marriott, here is my explanation: leavers in 2016 had indeed no clue and were lied to. Their vote had nothing to do with the...
  • User AvatarJames Pugh 20th Oct - 10:20pm
    @Nigel Jones No actually. Should Bulgaria raise it's minimum wage from 1.7 euros per hour to be on part with ours? Or should Sweden, Norway,...
  • User AvatarNonconformistradical 20th Oct - 10:10pm
    "The last thing we want is a race towards the USA’s methods under which too many people work excessive hours; we have already gone far...