The local government of the District of Columbia has been conducting a pilot project to test an internet-based voting system
that would give overseas and military voters a way to download and submit absentee ballots online. Here's a PDF of the system architecture
. Before using the system in a real voting process, the public was invited to evaluate its security and usability. That's where J. Alex Halderman
of Freedom to Tinker
This is exactly the kind of open, public testing that many of us in the e-voting security community -- including me -- have been encouraging vendors and municipalities to conduct. So I was glad to participate, even though the test was launched with only three days' notice. I assembled a team from the University of Michigan, including my students, Eric Wustrow and Scott Wolchok, and Dawn Isabel, a member of the University of Michigan technical staff.
Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters' secret ballots. In this post, I'll describe what we did, how we did it, and what it means for Internet voting.
An awful lot of meaty details follow, but here's the punchline:
Based on this experience and other results from the public tests, the D.C. Board of Elections and Ethics has announced that they will not proceed with a live deployment of electronic ballot return at this time, though they plan to continue to develop the system. Voters will still be able to download and print ballots to return by mail, which seems a lot less risky.
Oh, diva snap
Hacking the D.C. Internet Voting Pilot (Freedom to Tinker, thanks Jake)
Millionaire presidential candidate Donald Trump has a knack for projecting criticisms of himself back onto his opponents, however hamfistedly. The latest: Hillary Clinton is a bigot. “Hillary Clinton is a bigot who sees people of color only as votes, not as human beings worthy of a better future,” Trump said, reading from prepared remarks. Unlike […]
U.S. officials are investigating online security attacks that targeted reporters at The New York Times in Moscow. A U.S. official said Tuesday that the Times was among various U.S. news organizations targeted. CNN was first to report the story, and the Times has since confirmed and corrected some details.
Amid continued weak polling, millionaire presidential candidate Donald Trump has canceled forthcoming rallies and events in Colorado, Nevada and Oregon. He’ll still be attending fundraisers, reports Eliza Collins. Trump was originally scheduled to make a speech on immigration in Denver on Thursday, but according to The Denver Post the speech has been postponed. The campaign […]
If you’re looking to earn a top salary in the tech industry, there’s no better career than coding. However, sometimes the hardest part of entering this career path is knowing where to begin.We took the Complete Web Developer Course because it took that decision out of our hands. This course teaches beginner-friendly coding languages that will also help land an immediate […]
To be a Pokémon master, you’ll need a phone that won’t constantly die on you. Because nothing is worse than seeing the screen go black right as you’ve finally found the Charizard of your dreams.That’s why we’re so excited about the LinearFlux PokeCharger Portable Battery ($39.99). With its 3.0 Amp HyperCharging technology, this slim battery will […]
The tech industry is constantly innovating, and in order to stay competitive, you’ll need to keep up. The Programming Into the Future Bundle was created to teach you the skills employers are looking for at this very moment, including in-demand coding languages like Google Go.The bundle of courses includes instruction on a range of innovative tools that advanced coders […]