Tag Archives: Elections

Citizen Monitors

I like the idea of this: Using ordinary folk to monitor elections, via SMS from their cellphone. And it seems to have worked.

Nigeria used a system called FrontlineSMS, developed by UK-based kiwanja.net to keep track of all of the texts. Some 54 trained associates recruited volunteers to invite as many people as possible via text message to participate in monitoring the elections.

Why might this work? Well, usually election monitors are highly visible, because they’re foreign, or they’re wearing clothes that mark them clearly as monitors, all of which may reduce fraud in front of them, but doesn’t help to actually identify fraud. As the report (no link available yet) from the Network of Mobile Election Monitors concludes:

Our monitoring is peculiar because people knew that if they try to rig the election there could be someone behind them that may send a text message reporting the incident.

In total over 10,000 messages were received covering reports of harassment, orderliness, stuffing of ballot boxes and poor voter turnout. The team concluded that there was extensive fraud and rigging in the election.

What I like about the system is that it’s not a typical election monitoring exercise, where monitors go in and view the process according to foreign templates and established norms. The free-form nature of the text messages received, and the ability of the monitoring team to ask follow up questions of participants revealed something more important than merely gauging whether the election was free and fair. It (apparently) revealed the underlying mood of the populace for peace and compromise. Asked for their reaction to the result

While about a fifth of our respondents wanted the results cancelled, the majority (about 80%) reacted that Nigeria could not afford cancellation and re-run.

 

Why Is The Bush Campaign Website Blocked?

I know it’s not particularly new, but why is George W Bush’s website inaccessible outside the U.S.?

Netcraft reported last week that the site could not be reached except by users in North America. Even entering the numbered IP address appears to have been blocked. (GeorgeWBush.co.uk works fine, as does GeorgeWBush.org, but then they’re not exactly under Bush’s control.)

Netcraft’s Prettejohn is quoted by the BBC as speculating it could be an effort to ensure the website stays online during the last few days of the election campaign. But what about all the overseas voters? A Bush campaign spokesman is quoted as saying that it was done for security reasons.

To me what is lacking in coverage of this issue is the notion that the blocking may actually have an impact on the election. In 2000 Bush’s victory was certified only after overseas ballots were counted. Of course, many overseas Americans have already voted, but both parties are urging last-minute voters to fill in absentee ballots and fax them home.

AP reports that “The complicated issue of counting absentee ballots also added to the confusing array of new machines and new state voting regulations prompted by the debacle of the last race for the White House.” States, AP says, have “differing and confusing rules about deadlines for such ballots. Some states, for example, allow absentee votes to be counted days after the election, provided they are postmarked by Nov. 2. Others mandate that mailed ballots received after Election Day do not count.” On top of that, election officials in more than a dozen states missed the recommended deadline for mailing absentee ballots overseas, meaning soldiers in Iraq and Afghanistan might not get them in time to vote.

In light of this looming absentee ballot issue, why would Bush’s campaign risk losing votes by closing down the site? One argument is they’re short of money, but I can’t believe that. Another is fear of too much traffic — but then add more servers. Fear of being brought down by a Denial Of Service (DDoS) attack? Makes sense — and it may have been sparked by any earlier outage blamed by some on such an attack. But with both candidates chasing every vote they can it just does not make sense to me.

If it was just blocking the DNS name (georgewbush.com) that would make sense. But why block the IP number too (not originally blocked; it seems to have happened later)? How many users are going to access the website that way? It seems to be a deliberate attempt to block every single overseas user. Which to me means they fear a DDoS attack. Another weird episode.

Internet Voting: A Minority Report?

A reader kindly pointed out this New York Times piece on the Internet voting story I posted yesterday, which highlights some other aspects of the case.

While four members of a panel asked to review the SERVE program — designed to allow Americans overseas to vote over the Net — said it was insecure and should be abandoned, the NYT quoted Accenture, the main contractor, as saying the researchers drew unwarranted conclusions about future plans for the voting project. “We are doing a small, controlled experiment,” Meg McLauglin, president of Accenture eDemocracy Services, was quoted as saying.

Another side to this pointed out by the loose wire reader: Accenture says that the four researchers were a minority voice, and that five of the six others ‘would not recommend shutting down the program’. One of the other outside reviewers, Ted Selker, a professor at the Massachusetts Institute of Technology, disagreed with the report, and was quoted by the NYT as saying it reflected the professional paranoia of security researchers. “That’s their job,” he said. In response one of the four naysayers noted that they were the only members of the group who attended both of the three-day briefings about the system.

The reader also makes this observation: “One of their complaints is that the Internet is inherently unsafe, which may be true. I don’t believe that the US Postal Service (which is the current method for transmitting absentee ballots) is inherently safe either. Ever seen a bag of mail sitting in a building lobby waiting for pickup? I have.” Fair enough, but unless the bag contained ballots (something I have seen in, er, less security conscious democracies), I don’t think it’s a fair comparison, since a few tampered or misdirected ballots would not undermine the integrity of the election.

The security compromises in SERVE are likely to be at the server level, where hackers could either alter delivered votes, mimic voter activity, or disrupt legitimate voters from placing their ballot. This could be done on a scale that would undermine the integrity, or at least could be believed to do so. Remember: In an electronic election (where no parallel paper ballot is collected), a claim of largescale tampering is enough to undermine confidence in the result.

My tupennies’ worth? Although the E stands for experiment, I don’t see SERVE as a ‘controlled experiment’. The NYT says the program will be introduced “in the next few weeks” and covers seven states, and a possible 100,000 people this year. That doesn’t sound like an experiment to me. Maybe I’m missing something here, but I don’t really see how you can conduct an experiment in a live voting environment. What happens if there’s a suggestion the system has been compromised, either during or after the vote? I always thought that voting systems were either approved, credible and acceptable or not in public use. Of course it’s fine to have an ‘experiment’ where the only experimental part is, say, the user-aspects of the voting process. But security can surely never be part of an experiment in a live voting situation.

Security experts are paid to be skeptical. If they raise a warning flag as big as this, I think they should be listened to.

“Internet Voting Isn’t Safe”

The e-voting saga continues.

Four computer scientists say in a new report that a federally funded online absentee voting system scheduled to debut in less than two weeks “has security vulnerabilities that could jeopardize voter privacy and allow votes to be altered”. They say the risks associated with Internet voting cannot be eliminated and urge that the system be shut down.

The report’s authors are computer scientists David Wagner, Avi Rubin and David Jefferson from the University of California, Berkeley; The Johns Hopkins University and the Lawrence Livermore National Laboratory, respectively, and Barbara Simons, a computer scientist and leading technology policy consultant. They are members of the Security Peer Review Group, an advisory group formed by the Federal Voting Assistance Program to evaluate a system called SERVE, set up to allow overseas Americans to vote in their home districts. The first tryout is scheduled Feb. 3 for South Carolina’s presidential primary.

The four say that “Internet voting presents far too many opportunities for hackers or even terrorists to interfere with fair and accurate voting, potentially in ways impossible to detect. Such tampering could alter election results, particularly in close contests.” They “recommend shutting down the development of SERVE and not attempting anything like it in the future until both the Internet and the world’s home computer infrastructure have been fundamentally redesigned, or some other unforeseen security breakthroughs appear.”

The authors of the report state that there is no way to plug the security vulnerabilities inherent in the SERVE online voting design. “The flaws are unsolvable because they are fundamental to the architecture of the Internet,” says Wagner, assistant professor of computer science at UC Berkeley. “Using a voting system based upon the Internet poses a serious and unacceptable risk for election fraud. It is simply not secure enough for something as serious as the election of a government official.”

In short, the guys are saying the Internet is just not up to handling something like voting. But they also see the way the SERVE program carries the same flaws as the Diebold and other commercial electronic voting systems that have gotten such bad press in recent weeks (some of the four authors have been in the forefront of exposing those weaknesses). “The SERVE system has all of the problems that electronic touchscreen voting systems have: secret software, no protection against insider fraud and lack of voter verifiability,” says Jefferson. “But it also has a host of additional security vulnerabilities associated with the PC and the Internet, including denial-of-service attacks, automated vote buying and selling, spoofing attacks and virus attacks.”

After studying the prototype system the four researchers said it would be too easy for a hacker, located anywhere in the world, to disrupt an election or influence its outcome by employing any of several common types of attacks familiar to regular readers:

  • A denial-of-service attack, which would delay or prevent a voter from casting a ballot through the SERVE Web site.
  • A “Man in the Middle” or “spoofing” attack, in which a hacker would insert a phony Web page between the voter and the authentic server to prevent the vote from being counted or to alter the voter’s choice. What is particularly problematic, the authors say, is that victims of “spoofing” may never know that their votes were not counted.
  • Use of a virus or other malicious software on the voter’s computer to allow an outside party to monitor or modify a voter’s choices. The malicious software might then erase itself and never be detected.

Loose Wire: The State We

Loose Wire: The State We Could Be in

By Jeremy Wagstaff
from the 28 March 2002 edition of the Far Eastern Economic Review, (c) 2003, Dow Jones & Company, Inc.

Voting in your underwear? Sounds an appealing proposition: the chance to exercise your constitutionally protected right without actually having to leave your home. You could be watching Frasier while working out which candidate you want to mess things up for you for the next three/four/25 years, based on criteria such as which one most closely resembles a Teletubby/Frasier’s brother Niles/your Aunt Maudlin.

Yes, the lure of Internet voting is coming around again. In May, soccer enthusiasts will be able to vote for their favourite players in the World Cup via a joint South Korean and Japanese project (mvp.worldcup2002.or.kr; the site is not fully functioning yet). This is just an on-line poll, of course, and doesn’t add much to the mix except to try to introduce a new social group (soccer fans) to the concept of on-line voting. Elsewhere, however, on-line voting is already kicking in: Some towns in Britain are undertaking pilot projects allowing voters to choose their local councillors via the Internet, or even via SMS, in borough elections in May.

I don’t want to be a killjoy, but this kind of thing gives me the heebie-jeebies. The arguments in favour of on-line voting make sense — faster counting, less human error, attracting younger, hipper voters with handphones and Internet connections in their hatbands, higher turnouts, you can vote in your underpants, etc., etc. — until you actually think about it. Computers, we’ve learned since we plugged one PC into another, are notoriously insecure. Viruses are now so sophisticated and prevalent that many security consultants advise their clients to update their anti-virus software every day. What are the chances of a voting system not being a juicy target for people writing these nasty little vermin programs?

Another argument wheeled out in favour of Internet voting is this: The Web is now managing billions of dollars of transactions successfully, so why can’t it handle voting? There’s a simple answer to this, as security consultant Bruce Schneier of Counterpane Internet Security (www.counterpane.com) explains: The whole point of voting is that it’s supposed to be anonymous, whereas any financial transaction has attached to it details of payee, recipient and other important data. This makes it much, much harder to protect any voting system from fraud, much harder to detect any fraud and much harder to identify the guy conducting the fraud. What’s more, if there was evidence of fraud, what exactly do you do in an on-line vote? Revote? Reconduct part of the vote? Chances are that faith in the overall ballot has been seriously, if not fatally, undermined.

Some of these problems could be done away with via ATM-style machines that print out a record of the vote. That could then be used in any recount. But it’s still not enough: As on-line voting expert Rebecca Mercuri points out, there is no fully electronic system that can allow the voter to verify that the ballot cast exactly matches the vote he just made. Some nasty person could write code that makes the vote on the screen of a computer or ATM-machine printout different from that recorded. This may all sound slightly wacky to people living in fully functioning democracies. But (political point coming up, cover your eyes if you prefer) democracies can be bent to politicians’ wills, and one country’s voting system may be more robust than another’s.

Scary stuff. Florida may seem a long way away now, but the lesson from that particular episode must be that any kind of voting system that isn’t simple and confidence-inspiring gives everyone stomach ulcers. The charming notion that the more automation you allow into a system, the more error-free and tamper-proof it becomes, is deeply misguided. The more electronics and automation you allow into the system, the less of a role election monitors can play.

Internet voting, or something like it, may well be the future. I’d like to see it wheeled out for less mission-critical issues, like polling for whether to introduce traffic-calming measures in the town centre, or compulsory kneecapping for spitters, say. But so long as computers remain fragile, untamed beasts that we don’t quite understand, I’d counsel against subjecting democracy to their whim. Even if I am in my underpants.