"And the stars are projectors, yeah, projecting our lives down to this planet Earth." - Modest Mouse


More E-Voting Security Flaws  

Researchers at Berkeley are claiming that a new federal online voting system set to debut in the next few weeks has many security flaws which could allow voting results to be manipulated. The software, called SERVE - Secure Electronic Registration and Voting Experiment - is designed as an alternative to the absentee ballots currently used by people and military who are overseas for elections.
"Using a voting system based upon the Internet poses a serious and unacceptable risk for election fraud. It is simply not secure enough for something as serious as the election of a government official."

Compare this to the recent revelations about security holes in Diebold electronic voting machines and the more cynical among us might conclude that the government actually wants a backdoor into electronic voting systems...
But after analyzing tens of thousands of lines of programming code purportedly used to make this electronic voting system work, three researchers from the Information Security Institute at Johns Hopkins, aided by a computer scientist at Rice University in Houston, have expressed serious concerns about the voting system. The researchers said they uncovered vulnerabilities in the system that could be exploited by an individual or group intent on tampering with election results.

And from Collision Detection, which has an excellent summary of the whole affair, including the not-too-surprising revelation that Diebold is run by ardent GOP backers:
As the Diebold scandal illustrates, it's incredibly dangerous to let a private company develop proprietary voting software. If they "own" the code, they'll keep it a secret. That means we'll have to trust them that the software is secure. If they're lying to us -- or, more likely, if they're well-intentioned but just unable to realize how buggy their code is -- democracy is screwed.

Comments: Post a Comment

This page is powered by Blogger. Isn't yours?