The local government of the District of Columbia has been conducting a pilot project to test an internet-based voting system
that would give overseas and military voters a way to download and submit absentee ballots online. Here's a PDF of the system architecture
. Before using the system in a real voting process, the public was invited to evaluate its security and usability. That's where J. Alex Halderman
of Freedom to Tinker
This is exactly the kind of open, public testing that many of us in the e-voting security community -- including me -- have been encouraging vendors and municipalities to conduct. So I was glad to participate, even though the test was launched with only three days' notice. I assembled a team from the University of Michigan, including my students, Eric Wustrow and Scott Wolchok, and Dawn Isabel, a member of the University of Michigan technical staff.
Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters' secret ballots. In this post, I'll describe what we did, how we did it, and what it means for Internet voting.
An awful lot of meaty details follow, but here's the punchline:
Based on this experience and other results from the public tests, the D.C. Board of Elections and Ethics has announced that they will not proceed with a live deployment of electronic ballot return at this time, though they plan to continue to develop the system. Voters will still be able to download and print ballots to return by mail, which seems a lot less risky.
Oh, diva snap
Hacking the D.C. Internet Voting Pilot (Freedom to Tinker, thanks Jake)
Many “progressives” looked the other way while the Obama administration asserted unprecedented presidential powers, like the right to murder anyone the president feels like, anywhere in the world, using drones and other technologies; and the right to spy on everyone, all the time. Now that Donald Trump is about to inherit those powers, the Obama […]
Data journalists pulled 26,234 of Trump’s 34,062 tweets (dating from Jun 1 2015 to Nov 17 2016) from the Twitter API and analyzed them for news-sources, producing a long, detailed analysis complemented by interactive graphics.
“I look at this election not as a victory for Mr. Trump, who wins the election as the most unpopular candidate in perhaps the history of our country, but as a loss for the Democratic Party.” -Senator Bernie Sanders, speaking to a sold-out crowd in San Rafael, CA.
Holiday shopping is in full swing, and the Striiv Touch is one of the best gift ideas I’ve landed on. Its simple design works for females and males, and its wide range of features makes it suitable for even the non-fitness enthusiasts in your life.Unlike traditional fitness trackers, the Striiv Touch also acts as a smartwatch. It […]
The Pocket Tripod PRO had massive Kickstarter success in 2013, raising almost $85,000 in a single month. But this isn’t just another case of pre-release product hype. This ingenious little device folds out from a credit-card-shaped plastic slab into a sturdy stand with a surprisingly wide range of motion. In portrait orientation, your phone slides […]
Loot Crate is a totally different kind of subscription service that mails subscribers monthly boxes filled with curated geek, pop culture, and gamer paraphernalia. Its cult following awaits a box every month filled with everything from bobble heads to T-shirts to special edition collectibles. But nothing gets Loot Crate fans as excited as the limited […]