Hacking Internet Voting via Ballot Tampering

Рет қаралды 6,099

Күн бұрын

Election Day was this week. If you took advantage of early voting, or you live overseas, you probably used a paper ballot you received in the mail a few weeks ago. A digital alternative, being considered across the USA, is voting-by-email.
In this video, we summarize the dangers associated with voting over e-mail with PDF forms. We have demonstrated that an off-the-shelf home router can easily be modified to silently alter election ballots.
Several states, including Alaska and Maryland are now allowing voting over the internet, sometimes with PDF forms. With Alaska's governor race so tight, a hack like this could make the difference, even though it looks like only a few thousand votes were submitted electronically.
Our resident researcher/entrepreneur in this space, Joe Kiniry, was recently interviewed on Alaska's new electronic ballot and mentioned our demonstration in The//Intercept (firstlook.org/theintercept/20....

Пікірлер: 5

@reeeeeeeeemmmmmmmmmm 9 жыл бұрын

So the only thing you've done is validated that things like end-to-end encryption and digital signatures have a reason for existing. Bravo! I sincerely hope using unsigned PDFs over plain-text channels, such as are assumed in this video, aren't even considered to be used for voting? I feel like this video is purposefully biasing people against digital voting by omitting the fact that methods and systems to prevent exactly this kind of tampering have already existed for a long time and are in use for countless other applications where privacy and authentication matter. There are other complications with digital voting such as guaranteeing anonymity while preventing individuals from voting multiple times, but this hack is based on a retarded way of digital voting. Who even sends e-mails with funny cat pictures to their uncle over unsecured SMTP anymore?

@josephkiniry526 9 жыл бұрын

Hi there. We are not attempting to bias viewers against digital, *verifiable* voting. We think that there may be a future in that, if done right. We hope instead to educate the public, election officials, and policymakers about the dangers inherent in adopting opaque non-verifiable voting schemes, like voting by email, which is indeed being promoted around the USA and abroad. Doing electronic voting in any form, be it supervised kiosk-based voting, or, especially, remote voting (whether over the internet or by telephone) is extremely difficult to do right, where by "right" we mean preserving the core correctness and security properties of democratic elections while also supporting trustworthy auditing *and* having an excellent user experience for disabled and abled voters. We, and others, have been working hard on this topic for the last twenty years or so. If you'd like to read about work at the cutting-edge, have a look at peer-reviewed systems like STAR-Vote, Remotegrity, Scantegrity, Pretty Good Democracy, etc. If you'd like see how it shouldn't be done, have a look at what current and past vendors have been selling around the globe. Thanks for your comments! Joe

@fss1704 7 жыл бұрын

Were you talking about 99% of the population?