Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

ACT NOW: Help Prevent a Rush to Insecure Voting in Illinois -stop bill fo Internet Voting

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
Home » Discuss » Topic Forums » Election Reform Donate to DU
 
WillYourVoteBCounted Donating Member (1000+ posts) Send PM | Profile | Ignore Wed May-27-09 06:55 PM
Original message
ACT NOW: Help Prevent a Rush to Insecure Voting in Illinois -stop bill fo Internet Voting
A bill to facilitate Internet voting is close to passing in the Illinois State Legisture.
This bill is not dead, and anyone who has time to weigh should do so.


CLICK ON THIS VERIFIED VOTING ACTION ALERT TO SEND MESSAGE



UPDATE: On Tuesday May 26, the Illinois House rejected a Senate amendment to HB 85. The amendment called for the Legislature's majority party to outnumber the minority party on the proposed Internet Voting Commission. Now the bill goes back to the Senate for possible reconsideration. There are only several days left in the session: tell lead sponsors Senator Michael Bond and Senator Don Harmon, as well as members of the Senate leadership, that this bill should be stopped.

To recap, HB 85 would establish an Illinois Internet Voting Commission to "study and recommend to the General Assembly" a method of voting over the Internet, starting in 2012.


Internet voting presents severe security challenges, and the language of HB 85 appears to require that the newly created Commission recommend some form of Internet voting.

In 2005, Illinois lawmakers passed a law requiring that each voting system must offer a paper record that the voter can verify before casting his or her vote. There is excellent reason for this law: electronic vote tallies must be verifiable independently of computer software. It is unclear if an Internet voting system would provide a voter-verifiable paper record.

The Internet can do many things to improve our elections - blank absentee ballots can be sent via e-mail, and campaign finance and voter registration information can be provided easily to the public via Web sites. Sending our votes online may seem a next logical step in an age of technology. But sending voted, secret ballots online presents far greater security challenges than the financial transactions people conduct on the Internet. For example, when a person uses a credit card to make a payment or purchase a product online, there are records of the transaction in her bank's record, and with the merchant. Not so with voting: because the state of Illinois's laws require a secret ballot, there is no way for a voter to know that her ballot was recorded as she intended, and there is no physical ballot for election officials to use to verify the electronic record, as there is when a voter votes by mail.

Recent reports from the National Institute on Standards and Technology and the Pew Center on the States reinforce these concerns. As well, in 2008 a group of prominent computer scientists and technologists issued a statement on Internet voting that noted that several "serious, potentially insurmountable, technical challenges must be met if elections conducted by transmitting votes over the internet are to be verifiable." The signers of the statement include Bruce Schneier, one of the world's authorities on computer security, as well as computer scientists from government, the private sector, and leading academic institutions such as Stanford University, Carnegie Mellon, Yale, Princeton, and the University of Iowa.

YOU CAN HELP: Tell your lawmakers to stop House Bill 85. Use the message below or edit it as you see fit. Thank you for taking action!


Senate President John Cullerton, as well as lead HB 85 Senate-side sponsors Senator Michael Bond and Senator Don Harmon are the specific targets. CALL AND OR FAX THESE FOLKS, TELL THEM TO OPPOSE HB 85

HERE ARE KEY SENATORS' PHONE NUMBERS IF YOU WOULD LIKE TO CALL THEM

Senate President John J. Cullerton (D) 6th District
President of the Senate
Springfield Office: PHONE (217) 782-2728
District Office: PHONE (773) 883-0770
(773) 296-0993 FAX

Senator Michael Bond (D) 31st District Springfield Office: PHONE (217) 782-7353
District Office: PHONE (847) 752-7004 (866) 512-4931 FAX

Senator Don Harmon (D) 39th District Assistant Majority Leader
Springfield Office: PHONE (217) 782-8176
District Office: PHONE (708) 848-2002 (708) 848-2022 FAX *House Sponsors


INTERNET VOTING IS DANGEROUS!

The US Govt tried to set up a pilot to have overseas/military voters cast ballots over the internet.Computer scientists fought it and defeated it.

An Analysis of Internet Voting Security in the SERVE (Secure ...Jan 20, 2004 ...
This report is a review and critique of computer and communication security issues in the SERVE voting system (Secure Electronic ...

The National organization Verified Voting has this statement on internet voting:
Internet voting systems have all the fundamental weaknesses..


Refresh | +1 Recommendations Printer Friendly | Permalink | Reply | Top
customerserviceguy Donating Member (1000+ posts) Send PM | Profile | Ignore Wed May-27-09 07:12 PM
Response to Original message
1. Oddly enough
I'm not threatened by Internet voting. My bank and my credit card companies have ways of verifying who I am, and making sure I am not someone else. Why shouldn't my government be able to have the same assurance, with proper safeguards?

I keep reading here that it's wrong to insist on photo IDs for voters, why is ID-less voting in person so very much safer than verified Internet voting?
Printer Friendly | Permalink | Reply | Top
 
WillYourVoteBCounted Donating Member (1000+ posts) Send PM | Profile | Ignore Wed May-27-09 07:43 PM
Response to Reply #1
2. Internet voting vulnerable to: insider attacks, denial of service..spoofing,...vote buying, viral...
Internet banking has been hacked. Also, with voting, voters have a secret ballot that cannot be traced back to them. There's no voters' "account" to reconcile against.

From the SERVE report I cited in my OP:

...
But in addition, because SERVE is an Internet- and PC-based system, it has numerous other fundamental security problems that leave it vulnerable to a variety of well-known cyber attacks (insider attacks, denial of service attacks, spoofing, automated vote buying, viral attacks on voter PCs, etc.), any one of which could be catastrophic.

Such attacks could occur on a large scale, and could be launched by anyone from a disaffected lone individual to a well-financed enemy agency outside the reach of U.S. law. These attacks could result in large-scale, selective voter disenfranchisement, and/or privacy violation, and/or vote buying and selling, and/or vote switching even to the extent of reversing the outcome of many elections at once, including the presidential election. With care in the design, some of the attacks could succeed and yet go completely undetected. Even if detected and neutralized, such attacks could have a devastating effect on public confidence in elections.

It is impossible to estimate the probability of a successful cyber-attack (or multiple successful attacks) on any one election. But we show that the attacks we are most concerned about are quite easy to perpetrate. In some cases there are kits readily available on the Internet that could be modified or used directly for attacking an election. And we must consider the obvious fact that a U.S. general election offers one of the most tempting targets for cyber-attack in the history of the Internet, whether the attacker's motive is overtly political or simply self-aggrandizement.

The vulnerabilities we describe cannot be fixed by design changes or bug fixes to SERVE. These vulnerabilities are fundamental in the architecture of the Internet and of the PC hardware and software that is ubiquitous today. They cannot all be eliminated for the foreseeable future without some unforeseen radical breakthrough. It is quite possible that they will not be eliminated without a wholesale redesign and replacement of much of the hardware and software security systems that are part of, or connected to, today's Internet.

We have examined numerous variations on SERVE in an attempt to recommend an alternative Internet-based voting system that might deliver somewhat less voter convenience in exchange for fewer or milder security vulnerabilities. However, all such variations suffer from the same kinds of fundamental vulnerabilities that SERVE does; regrettably, we cannot recommend any of them. We do suggest a kiosk architecture as a starting point for designing an alternative voting system with similar aims to SERVE, but which does not rely on the Internet or on unsecured PC software (Appendix C).

# # #

Printer Friendly | Permalink | Reply | Top
 
customerserviceguy Donating Member (1000+ posts) Send PM | Profile | Ignore Wed May-27-09 10:35 PM
Response to Reply #2
4. I'll admit
that computers have flaws, and that Internet banking has been hacked. But I disagree that it will take a massive breakthrough to overcome the problems.

There's no harm in merely studying the situation. I can see having a situation where people are allowed the choice of submitting to enhanced identification procedures to enable them to conveniently vote on the Internet. It would be at least as secure as mail-in voting.
Printer Friendly | Permalink | Reply | Top
 
WillYourVoteBCounted Donating Member (1000+ posts) Send PM | Profile | Ignore Thu May-28-09 11:45 AM
Response to Reply #4
5. when you can show the computer science community how the internet can be secured
you may be richer than Bill Gates.

But for experimenting with elections - we've seen what happens when coups are executed.

No, internet voting will never be "as secure" as mail-in voting.

A single person can alter the entire outcome of an internet election, perhaps undetected.

With Mail In Voting,
you can have a secret ballot as long as you don't voluntarily share its contents with another,
there is a distinct chain of custody that is human viewable
there is a paper ballot that is counted
there can be meaningful audits and meaningful recounts

None of the above is true for internet voting.
Printer Friendly | Permalink | Reply | Top
 
WillYourVoteBCounted Donating Member (1000+ posts) Send PM | Profile | Ignore Thu May-28-09 12:00 PM
Response to Reply #4
6. "enhanced identification procedures"? you mean give up the secret ballot voluntarily
but the ballot won't be secret anyway with internet voting.

Whoever is running the internet election can find out who cast which vote.
They can also change that vote, undetected.

Internet voting is the most insecure method of voting there is.

What next, iris scans?

Elections are not the place for experiments.

Printer Friendly | Permalink | Reply | Top
 
WillYourVoteBCounted Donating Member (1000+ posts) Send PM | Profile | Ignore Thu May-28-09 12:58 PM
Response to Reply #4
7. 5/28/09 Aetna warns 65,000 about Web site data breach
Printer Friendly | Permalink | Reply | Top
 
customerserviceguy Donating Member (1000+ posts) Send PM | Profile | Ignore Thu May-28-09 06:25 PM
Response to Reply #7
8. Computer security is about where automobiles were a century ago
You pretty much had to be a mechanic to own and operate one. I'm confident that we will have secure Internet voting within my lifetime, at least voluntarily for people who are assured of its security. It's crazy to think that mail-in voting is more secure than the Internet banking transactions that happen billions of times a day on this planet.
Printer Friendly | Permalink | Reply | Top
 
WillYourVoteBCounted Donating Member (1000+ posts) Send PM | Profile | Ignore Thu May-28-09 07:24 PM
Response to Reply #8
9. voting is secret, banking transactions are NOT
and even those are hackable.

Whats the worth of hacking an election? A billion $ in bailouts maybe?

Printer Friendly | Permalink | Reply | Top
 
WillYourVoteBCounted Donating Member (1000+ posts) Send PM | Profile | Ignore Wed May-27-09 10:02 PM
Response to Reply #1
3. Teen-agers and 20 somethings breaking into government computer systems:
Internet voting makes elections accessible to anyone with a computer. That is not a good idea.
Maybe ciber crime isn't publicized enough. Anyway, there would be a huge payoff to someone
who could rig a statewide or national election. Or even a local one. Elections are high stakes, big money.

Hacker High: 10 Stories of Teenage Hackers Getting into the System


Student at Downingtown High School West — Downingtown, Pa.
A 15-year-old student was arrested and charged with felonies in May 2008 for stealing personal data from the Downingtown School District's computer system and downloading files that contained the names and Social Security numbers of more than 41,000 of district residents (including 15,000 students). The unnamed student allegedly accessed the files, which were located on the district’s server, through a school computer during a study period, and officials believe that he copied the files to his home computer. This is the second time in the 2007-2008 academic year that a student has broken into the Downingtown School District’s computer system; another student was arrested for hacking into the system in December 2007.

...

Jeanson James Ancheta — Los Angeles
In 2005, the FBI nabbed 20-year-old Jeanson James Ancheta, a reported member of the "Botmaster Underground," a group of script kiddies known for their bot attacks and spam inundation. His sinister cyberscheme infected computers at the United States Naval Air Warfare Center Weapons Divistion in China Lake, Calf. and the Defense Information Systems Agency, a component of the United States Department of Defense. In the first prosecution of its kind in the U.S., Ancheta was arrested and indicted on 17 federal charges for profiting from the use of "botnets."

Aaron Caffrey — Britain
Aaron Caffrey 19, was accused of almost destroying of North America's biggest ports, the Port of Houston in Texas, by hacking into its computer systems. Computers at the port were hit with a DoS (denial of service) attack on Sept. 20, 2001, which crashed systems at the port that contained data for helping ships navigate the harbor.

The prosecution said that the Brit’s computer contained a list of 11,608 IP addresses of vulnerable servers, along with malicious script. The attack on Houston was apparently tied to a female chat-room user called Bokkie, who had made anti-U.S. comments online. Still, a jury found Caffrey not guilty in October 2003.

Raphael Gray — Wales
Raphael Gray, 19, became the subject of an international investigation after he got his hands on 23,000 Internet shoppers' details and posted some of them to Web sites. The scheme, which Gray claimed was an attempt to expose security weaknesses in Internet shopping, cost users hundreds of thousands of pounds. Gray was been sentenced to psychiatric care and told reporters that he felt no regret for what he’d done

c0mrade — Miami
In 2000, a 16-year-old from Miami known on the Internet as "c0mrade" became the first juvenile to go to jail on federal computer-crime charges for hacking into NASA. The boy admitted to attacking a military computer network used by the DTRA (Defense Threat Reduction Agency) from Aug. 23, 1999 to Oct. 27, 1999. The youth installed a backdoor access on a server that intercepted more than 3,300 electronic messages to and from DTRA staff. The backdoor also accessed at least 19 usernames and passwords of DTRA employees, including at least 10 usernames and passwords on military computers. The unnamed juvenile was sentenced to six months in a detention facility.

Mafiaboy — Canada
Over a five-day period in February 2000, Yahoo! Inc., CNN, eBay Inc. and Amazon.com Inc. became victims of the largest DoS attack ever to hit the Internet. The attacker? A 14-year-old Canadian named Mike Calce, who went by “Mafiaboy” online. He became the most notorious teenage hacker of all time, causing millions of dollars worth of damage on the Internet.

Calce initially denied responsibility for the assault but later pled guilty to most of the nearly 50 charges against him. On Sept. 12, 2001, the Montreal Youth Court sentenced him to eight months of "open custody," one year of probation, restricted use of the Internet and a small fine. Calce later wrote as a columnist on computer-security topics for the French-language newspaper Le Journal de Montréal.

Ehud Tenenbaum — Israel
Computers at the Pentagon were targeted in an attack called "Solar Sunrise" during a tense time in the Persian Gulf in 1998. The attack led to the establishment of round-the-clock, online guards at major military computer sites. At the time, U.S. Deputy Defense Secretary John Hamre called the attack "the most organized and systematic attack" on U.S. military systems.

While officials initially pointed fingers at two American teens, 19-year-old Israeli hacker Ehud Tenenbaum, who was called "The Analyzer," was identified as their leader and arrested. Tenenbaum later became the CTO of a computer-consulting firm.

Richard Pryce and Matthew Bevan — Britain
Two teens touched off one of the biggest ever international computer crime investigations in the U.S. when, for several weeks in 1994, they attacked the Pentagon's computer network and tried to get access to a nuclear facility somewhere in Korea. The cyberculprits were identified as 16-year-old music student Richard Pryce (known as "Datastream Cowboy") and Matthew Bevan (known as "Kuji"), who was arrested two years later at age 21. Conspiracy charges against both Pryce and Bevan were later dropped, though Pryce was ordered to pay a small fine.

414s — Milwaukee
They may sound like a cheesy '80s band, but the 414s were actually a band of youthful hackers who broke into dozens of high-profile computer systems, including ones at Los Alamos National Laboratory and Memorial Sloan-Kettering Cancer Center. Later uncovered as six youths ranging in age from 16 to 22, the group met when they were members of a local Explorer Scout troop. These Scouts-turned-cybercriminals were investigated by the FBI in 1983.

The media took to the story of the youths, who met the somewhat sexy profile of early '80s computer hackers as established by Matthew Broderick's character in "WarGames," which was released the same year that the 414s rose to glory. In fact, 17-year-old Neal Patrick got more than his 15 minutes of fame when he appeared on the Sept. 5, 1983 cover of Newsweek. Most of the members of the 414s were not prosecuted, but their cybershenanigans lead to government hearings on hacking, as well as the introduction of six bills concerning computer crime in the U.S. House of Representatives.

http://www.itsecurity.com/features/hacker-high-061008/


Printer Friendly | Permalink | Reply | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view 
this author's profile Click to add 
this author to your buddy list Click to add 
this author to your Ignore list Sun Dec 22nd 2024, 07:45 PM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Topic Forums » Election Reform Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators


Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC