9/30 Threat of Internet Voting Looms, Siegleman fraud case claims another victim, Twittering

Threat of Internet Voting Looms, Siegleman fraud case claims another victim, Twittering election officials

September 30, 2009

The threat of internet voting looms closer as the Defense Authorization bill (S1390), that allows for military email voting, is on the verge of passing from a conference committee. The dangerous idea of email/internet voting has spread to North Carolina: the popular NC paper, the Greensboro News and Record ran an OpEd that endorses having overseas military cast their ballots by email, over the internet. Insecure voting does not honor our troops one little bit. My blog on that is in this edition of news. Internet/email voting is a problem, not a solution. At this time, we should seek simple, cost-efficient and effective measures, not big expensive ineffective things like internet voting that carries multiple security risks with it. Then we can reassess the situation.

The Siegleman election fraud case claims another victim - whistle blower, Tamarah Grimes fired. The FEC is already making it easier for LLCs to influence elections.
Some less scary news: Bo Lipari is reporting on Day 2 of New York's voting machine exams.
Election issues and services are hitting twitter, Voting News, Verified Voting, Overseas Vote Foundation, even San Mateo County election office are tweeting. Check it out.

The news is short today because of the internet voting issue raised today in North Carolina. I'm in North Carolina and we now have a new issue to fight. Internet voting is also your problem because of the federal DOD bill which would serve as the trojan horse for internet voting nationwide. We'll catch up tomorrow on voting news. Meanwhile, Voting News is happy to publish your articles and blogs about e-voting when possible. Just send them to ncvoter (at) gmail.com. If we can use them we will. Thanks



Voting News by Joyce McCloy.
Archives here at http://votingnews.blogspot.com/
Subscribe to receive the Voting News by email by visiting this link:
http://feedburner.google.com/fb/a/mailverify?uri=VotingNews&loc=en_US
email comments, questions us at ncvoter (at) gmail.com

encrypted with that key. Would that provide enough security?

and on top of the security risk the voters lose the right to a secret ballot.

Computer scientists, internet security specialists say internet voting is not safe,
too much at stake and too tempting to hackers, too easy to spoof etc including creating a denial of service.

security on that end.

Computer Technologists’ Statement on Internet Voting


Election results must be verifiably accurate -- that is, auditable with a permanent, voter-verified record that is independent of hardware or software. Several serious, potentially insurmountable, technical challenges must be met if elections conducted by transmitting votes over the internet are to be verifiable. There are also many less technical questions about internet voting, including whether voters have equal access to internet technology and whether ballot secrecy can be adequately preserved.

Internet voting should only be adopted after these technical challenges have been overcome, and after extensive and fully informed public discussion of the technical and non-technical issues has established that the people of the U.S. are comfortable embracing this radically new form of voting.

A partial list of technical challenges includes:

• The voting system as a whole must be verifiably accurate in spite of the fact that client systems can never be guaranteed to be free of malicious logic. Malicious software, firmware, or hardware could change, fabricate, or delete votes, deceive the user in myriad ways including modifying the ballot presentation, leak information about votes to enable voter coercion, prevent or discourage voting, or perform online electioneering. Existing methods to “lock-down” systems have often been flawed; even if perfect, there is no guaranteed method for preventing or detecting attacks by insiders such as the designers of the system.

• There must be a satisfactory way to prevent large-scale or selective disruption of vote transmission over the internet. Threats include “denial of service” attacks from networks of compromised computers (called “botnets”), causing messages to be mis-routed, and many other kinds of attacks, some of which are still being discovered. Such attacks could disrupt an entire election or selectively disenfranchise a segment of the voting population.

• There must be strong mechanisms to prevent undetected changes to votes, not only by outsiders but also by insiders such as equipment manufacturers, technicians, system administrators, and election officials who have legitimate access to election software and/or data.

• There must be reliable, unforgeable, unchangeable voter-verified records of votes that are at least as effective for auditing as paper ballots, without compromising ballot secrecy. Achieving such auditability with a secret ballot transmitted over the internet but without paper is an unsolved problem.

• The entire system must be reliable and verifiable even though internet-based attacks can be mounted by anyone, anywhere in the world. Potential attackers could include individual hackers, political parties, international criminal organizations, hostile foreign governments, or even terrorists. The current internet architecture makes such attacks difficult or impossible to trace back to their sources.

Given this list of problems, there is ample reason to be skeptical of internet voting proposals. Therefore, the principles of operation of any internet voting scheme should be publicly disclosed in sufficient detail so that anyone with the necessary qualifications and skills can verify that election results from that system can reasonably be trusted. Before these conditions are met, “pilot studies” of internet voting in government elections should be avoided, because the apparent “success” of such a study absolutely cannot show the absence of problems that, by their nature, may go undetected. Furthermore, potential attackers may choose only to attack full-scale elections, not pilot projects.

The internet has the potential to transform democracy in many ways, but permitting it to be used for public elections without assurance that the results are verifiably accurate is an extraordinary and unnecessary risk to democracy.

-END-

Here's Kevin Poulsen's take on internet voting.

Threat Level Privacy, Crime and Security Online Is Internet Voting Safe? Vote Here

...Speaking on the panel here, computer scientist Avi Rubin pointed out that phishing attacks could also lure voters onto a fake election website, where the black hats could have their way with the vote.

These attacks are a built-in risk for any system that proposes to turn home computers into voting booths. But current, offline voting methods aren’t exactly bulletproof either.

http://www.wired.com/threatlevel/2009/06/cfp-evote/

Who is Kevin Poulsen?

Before segueing into journalism, he had a notorious career in the 1980s as a hacker whose handle was Dark Dante. He worked for SRI International by day, and hacked at night. During this time, Poulsen taught himself lock picking, and engaged in a brash spree of high-tech stunts that would ultimately make him one of America's best-known cyber-criminals. Among other things, Poulsen reactivated old Yellow Page escort telephone numbers for an acquaintance that then ran a virtual escort agency.

His best-appreciated hack was a takeover of all of the telephone lines for Los Angeles radio station KIIS-FM, guaranteeing that he would be the 102nd caller, and the potential prize of a Porsche 944 S2.<2><3>

When the FBI started pursuing Poulsen, he went underground as a fugitive. When he was featured on NBC's Unsolved Mysteries, the show's 1-800 telephone lines mysteriously crashed.<2><4> He was finally arrested in April 1991. In June 1994, Poulsen pleaded guilty to seven counts of mail, wire and computer fraud, money laundering, and obstruction of justice, and was sentenced to 51 months in prison and ordered to pay $56,000 in restitution. At the time, it was the longest sentence ever given for cracking. He also pleaded guilty to breaking into computers and obtaining information on undercover businesses run by the FBI.

more here, and remember Kevin is one of many, although he is more famous than most:
http://en.wikipedia.org/wiki/Kevin_Poulsen

While he did get caught for somethings, it was AFTER the fact, which is way too late to correct
election fraud, as we have seen in the US.

Kevin Mitnick was run to ground in my home state of North Carolina.

Mitnick served five years in prison, four and a half years pre-trial and eight months in solitary confinement, because law enforcement officials convinced a judge that he had the ability to "start a nuclear war by whistling into a pay phone"

http://en.wikipedia.org/wiki/Kevin_Mitnick

Whether these guys get caught, and its said he did alot more than what he was charged for,
the damage is done, and with elections, you can't undo a fraudulent election.