The local government of the District of Columbia has been conducting a pilot project to test an internet-based voting system
that would give overseas and military voters a way to download and submit absentee ballots online. Here's a PDF of the system architecture
. Before using the system in a real voting process, the public was invited to evaluate its security and usability. That's where J. Alex Halderman
of Freedom to Tinker
This is exactly the kind of open, public testing that many of us in the e-voting security community -- including me -- have been encouraging vendors and municipalities to conduct. So I was glad to participate, even though the test was launched with only three days' notice. I assembled a team from the University of Michigan, including my students, Eric Wustrow and Scott Wolchok, and Dawn Isabel, a member of the University of Michigan technical staff.
Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters' secret ballots. In this post, I'll describe what we did, how we did it, and what it means for Internet voting.
An awful lot of meaty details follow, but here's the punchline:
Based on this experience and other results from the public tests, the D.C. Board of Elections and Ethics has announced that they will not proceed with a live deployment of electronic ballot return at this time, though they plan to continue to develop the system. Voters will still be able to download and print ballots to return by mail, which seems a lot less risky.
Oh, diva snap
Hacking the D.C. Internet Voting Pilot (Freedom to Tinker, thanks Jake)
Watch as a crowd of high school students gloriously jeer and taunt the Westboro Baptist hate mongers into a full retreat.
That was bullshit.— Matthew Keys (@MatthewKeysLive) October 7, 2015 A jury in Sacramento, California, today found former Reuters deputy social media editor Matthew Keys guilty of computer hacking under the Computer Fraud & Abuse Act (CFAA).
Augustus Sol Invictus, a Tallahassee, Florida candidate for US Senate, once walked from Florida to the Mojave Desert as part of a ritual that culminated in him sacrificing a goat and drinking its blood. “I did sacrifice a goat,” he said. “I know that’s probably a quibble in the mind of most Americans. I sacrificed […]
Lean Project Management, as the name suggests, is a popular method for wasting less time and effort over the duration of a project. By focusing on prioritizing tasks, Project Managers are able to boost productivity, meet goals, and, inevitably, impress the execs. This exam prep course is led by the accredited Management and Strategy Institute, […]
This Smartphone Photo Lens Kit arms you with six unique smartphone photography accessories, so you can take high-quality and well-composed photos of any subject from small insects to expansive landscapes.6 unique lensesRolls up neatly for transportTripod for stabilitySmall lenses attach seamlessly with magnetMicroscope and 8x telephoto lenses attach with a case (case attaches to phone)Lens wallet […]
Inspired by the universality of symbols, the founders of Noun Project began to collect thousands of hand-drawn icons. The concept has since transformed into a massive digital collection of 150,000+ unique icons that fuel the work of designers every day. Spend less time crafting icons and more time putting amazing designs out into the world with […]