Man-In-the-Middle Remote Attack On Diebold Voting Machines 251
An anonymous reader tips news of a vulnerability discovered in the Diebold Accuvote voting system, which could be used to alter voting results without leaving evidence of tampering. Quoting Salon:
"[T]he Argonne team's attack required no modification, reprogramming, or even knowledge, of the voting machine's proprietary source code. ... The team's video demonstrates how inserting the inexpensive electronic device into the voting machine can offer a "bad guy" virtually complete control over the machine. A cheap remote control unit can enable access to the voting machine from up to half a mile away. ... The video shows three different types of attack, each demonstrating how the intrusion developed by the team allows them to take complete control of the Diebold touch-screen voting machine. They were able to demonstrate a similar attack on a DRE system made by Sequoia Voting Systems as well."
Well, good thing I didn't research this area. (Score:2)
Re: (Score:2, Insightful)
Re:Well, good thing I didn't research this area. (Score:5, Insightful)
inserting the inexpensive electronic device (Score:2)
With a pencil-and-paper-based system, you need to distract a great number of people *on election day*
Hmmm, wrong! Your rose-tinted-glasses view of paper votes clashes with reality [google.com].
As long as you can raise doubt about the accuracy of votes you can request a recount. Good luck with keeping supervision on all ballot boxes for all time after the election until the last recount is done.
I can' t understand how slashdotters keep raising the same theoretical objections to electronic voting while they disregard the observed facts. Guys, this is religion! Slashdot dogma says electronic voting is bad, paper voting is
Re: (Score:3)
I have to correct you, but actually it's possible to supervise all voting boxes until the last recount is done. If you understand any german (or the english your favourite online translator generates from german), you might have a look at Voting Fraud of Dachau [wikipedia.org] to see it in action.
Re: (Score:2)
my favorite translator wont' accept a webpage with an umlaut over a letter.
Re:inserting the inexpensive electronic device (Score:5, Insightful)
This is true for all nerdy arguments - if something isn't 100% perfect then it's obviously completely useless.
Usually we ignore the real world practicalities (I believe there's an XKCD cartoon about breaking 4096 bit encryption with a $5 wrench which illustrates this point nicely).
OTOH the Diebold contract should have been cancelled a long time ago and the people forbidden from ever working in security. They're seriously incompetent.
Me? I think electronic voting is basically flawed because information can be tampered with and leave no trace. I want something physical that can be audited later.
My plan:
I'd have the machines print out little cards with a plain text version of the votes on one side and QR codes printed on the other. You can check your vote is correct, fold it in half (it's pre-scored and has glue dots) so that only the QR codes are visible then drop it in the ballot box. The votes can be counted electronically and you have something physical which can be randomly sampled and/or audited later. Best of both worlds!
Re: (Score:2)
This is true for all nerdy arguments - if something isn't 100% perfect then it's obviously completely useless.
Of course, but then we do tend to think in binary.
Re: (Score:2)
No. The printed computer readable code used for counting also needs to be human readable. Why? A compromised machine could print codes that do not match the human readable verification.
Print the results in a large simple font and OCR will work for any undamaged ballot.
Re: (Score:2)
That would be found out in the random sampling of the ballot papers that takes place later.
Ballot papers are supposed to be secret, not something that people can read from ten yards away.
Re: (Score:2)
They have this incredible new invention, it is called paper. It has two sides and is capable of a revolutionary process called folding so that marks made on the inside are invisible from the outside!
The electronic ballot prints the paper and the user can verify his vote before casting it.
The user folds the ballot and takes it to the ballot box.
The paper is fed through an optical scanner and into the ballot box.
The scanner provides the initial count, that is later confirmed by hand counts.
This addiction we h
Re: (Score:2)
At the end of the day the machine will have a count on it A: 120, B: 83. You then randomly select a small fraction of the machines and count the ballots in them. If there are discrepancies, you can project their size accurately and see if the margin of error is close to a win/loss changer.
If there are individual machine with seriously questionable results, you can again open them up and do a hand count.
The idea of the non-humanly readable format is so the vote is private. Where I used to vote, you punch hol
Re: (Score:3)
Random sampling is not sufficient. All votes must be equal. All votes must be counted.
Re: (Score:3)
A random sample is not sufficient to eliminate the possibility of the vote counting machine having been tampered with. Particularly if it is randomly selected by a pseudo random number generator. The most that electronic counting can provide is a rapid estimation of the real vote count. All votes must be verified to prevent fraud. Democracy is far too important to take chances with.
Re: (Score:2)
The size of the conspiracy needed to have a serious amount of vote selling is so large that we are completely sunk from the get go if that is a concern.
The ballot never leaves the voting area, only the vote counter gets close to it, video and other imaging technology would be needed and can be monitored.
Re:inserting the inexpensive electronic device (Score:4, Insightful)
No. The extreme vulnerability in electronic voting is not the equivalent of hanging chads. It's the equivalent of powerful people having access to a simple method of rigging elections, as the Supreme Court and Citizens United wasn't enough.
Re: (Score:3)
Citizens' United is a real SCOTUS ruling which effectively removes any and all campaign finance reform rules and leaves US elections a massive, no-rules free for all. What part of that sold, indisputable fact do you fucking think is "tinfoil hat" worthy?
Re: (Score:2)
The part where you totally misrepresent what the Citizens United ruling does. (It allows corporations to spend money on campaign ads, rather than requiring them to create a PAC to spend the money. It does not allow them to donate to election campaigns, it does not allow any new kinds of coordination between corporations and election campaigns, it does not change any donation limits, and it does not reduce any disclosure requirements.)
Of course, you are in good company -- the President of the United States
Re: (Score:2)
Campaign Ads are where >90% of all campaign spending goes. Donating Campaign Ads is the same as donating money if the politician has the minimal base required to cover the other few percent of campaign expenses.
Re: (Score:2)
What is your point? That corporations that make things will now have the same flexibility to endorse candidates that unions have always had? That individuals who pool their money to advocate certain causes (which is what Citizens United was) can publish their common point of view? The rules that limit coordination between an election campaign and outside parties are still in effect, as I mentioned in my earlier post; for a corporation to pay for a campaign ad would be an illegal donation of goods and/or
Re: (Score:3)
How many more can you think of off the top of your head.
Think of the last 30 years. Now realize that you can only think of 2 criminal corporations that were actually punished.
Maybe you can come up with 3 or 4 or 5. In a quarter-century. Now are you starting to see my point? If corporations are "persons" then they are persons who are allowed to break the law with impunity. And do you want someone who breaks the law wit
Re: (Score:3)
The Supreme Court did prevent a recount from occurring and thus changed the results of the Presidential Election in 2000. You may want to spend some time considering how the world might be different if instead of playing politics they had simply ruled that all ballots in Florida must be recounted as an equal protection measure. Would the war in Iraq have happened? Would the financial crash in 2008? We will never know, but the Supreme court bears partial responsibility both disasters now since they clear
Re: (Score:2)
There isn't a problem with corporations donating to the campaign of a politician.
There is a problem with corporations being allowed UNLIMITED and ANONYMOUS donations to the campaign of a politicization.
Citizens United eliminates the transparency required in the electoral system and actively encourages bribes and votes for pay.
Re: (Score:2, Informative)
I've been a voting official; I attended the mandatory training and staffed a booth all day long for the last US presidential election.
I'm also one of the people who has totally unrestricted, totally unsupervised access to dozens of voting machines.
This has nothing to do with my status as a trained voting official; basically, I do volunteer maintenance work at local schools and Unitarian Universalist churches. Somebody has to show up at 2AM to fix busted pipes, you know - that somebody is usually me. And i
Re: (Score:2)
So, is there a way to insert an "inexpensive electronic device" into a ballot? Simple solution, remove all unused connectors from the circuit boards. For every vulnerability there's a solution.
From the abstract of the video, the man in the middle is between the UI and the machine. No way to remove that vulnerability.
Here is an unremovable attacks to a purely electronic system: system programed to not count votes correctly if the date and time are right for voting based on an unsettable clock not revealed to the administrator's UI--when the battery on the clock fails, the machine reports a hardware failure that requires service form the manufacturer.
You could get around this with an open hardware
Re: (Score:2)
I've always wondered why there isn't a hybrid system - make your electronic vote print out a receipt, validate the receipt and drop the receipt in the box. If someone manages to compromise the electronic system, you've got a paper trail backup. If someone manages to compromise the paper system, you've got the electronic one.
Isn't defense in depth the order of the day here?
Re:Well, good thing I didn't research this area. (Score:4, Informative)
Why "representatives from each of the parties"? Why not "who wants to attend can attend"?
That's how it works for most elections anyway. If you want to watch the election, go to the voting hall and sit there. Watch the empty voting boxes being sealed. Watch the breaking fo the seal for the count. Watch the count. Watch the signing of the count sheet and the resealing of the voting boxes. Put your own seal on the boxes too, if you want. Accompagne the car transporting the voting boxes to the central voting office. etc.pp.
If enough people do this in enough voting districts, large scale fraud is nearly impossible. That's how the people of the former communist East Germany were able to prove in court the voting fraud at least in the last "election"s in 1989 - enough people were at the voting halls, watched the procedure, and took notes of the results, compared them with the official results as announced the next day and found discrepancies.
Re: (Score:2)
No. The key point is accountability. Over in Germany, we've had reports of machines that were stored overnight at the home of a candidate. And the seals being used are the cheapest kind of paper seal, which can easily be forged and probably even re-attached.
Over in the Netherlands, there was a case were eye witnesses suspected tempering. The suspect has not been found guilty because of lack of proof.
It's hard to prove tampering without a paper trail.
Re:Well, good thing I didn't research this area. (Score:5, Insightful)
what part of 'remote control from half a mile away' does supervision deter?
The part where you have to break the seals on the machine, take it completely apart, hook up circuitry to it, close it back up, and re-seal the now broken tamper-proof tape, let the election run, break back in, break the seals on the machine again, pull your electronics back out of the machine to eliminate evidence and then reseal the machine and fix the tamper-proof seals again.
Re: (Score:2)
A serious effort can simply produce tape and seals, even hologram and barcode style. Election stealing is big money.
Don't have too much faith in "tape and tags".
Re: (Score:2)
Re:Well, good thing I didn't research this area. (Score:4, Insightful)
There is, infact, a simple, straightforward way of getting all the advantages of electronic voting, while preserving the advantages of paper-voting.
Have the voting-machine print your vote as the last step, then deposit this printed vote in a ballot-box the old-fashioned way.
To verify the vote, simply count the paper-ballots the old-fashioned way, and compare the result with the results from the electronic voting.
It isn't really needed to count all the votes: picking a small fraction of voting-places randomly and checking those, has a high probability of detecting systematic attempts at cheating nationwide.
Re: (Score:2)
I agreed up until the last sentence... All votes should be manually counted regardless of how "close" or "non-suspicious" the results are. It's not particularly hard, we usually manage to count 100% of the votes in the precints by early morning after, and 99.9% by late night. The votes are then counted again centrally in each county to officially certify the count and the election.
Re: (Score:2)
So why not reduce the very expensive middleman and eliminate electronic voting altogether?
e-voting was supposed to replace manual counting. If you can't do that then there's no point in spending millions on e-voting machines.
Re:Well, good thing I didn't research this area. (Score:4, Insightful)
If you go in to e-voting expecting it to make elections cheaper, you're coming at it from the wrong perspective. If the goal of e-voting is not to make it more secure and accessible, then there's no point in doing it. Elections are a minimal cost in the scheme of things, and endangering their validity in order to save a few measly thousands-of-percent of the budget is insane.
Re: (Score:2)
Re: (Score:2)
Voting machines can never be trusted... unless the manufacturer and everyone who works for them, and everyone at the polling station is unbiased ... which they cannot be
A voting machine that prints out, you check and then but in a box in the old fashioned way, stops spoilt papers and unclear intentions, and is easily verified ...?
No purely electronic voting machine can be as open and verifiable as this
Re: (Score:2)
The _hypothesis_ that electronic voting is somehow less open to interpretation has been thoroughly disproven by reality in the last decade. It can also be shown to be theoretically false very easily: The integrity of the manual hand count stems from the fact that any idiot^W^W the average voter can monitor the process and be reasonably sure that no tampering occurred. An electronic voting machine^W^W^W general purpose computer is completely opaque in that regard. Ken Thompson showed 25 years ago that even a
Re: (Score:2)
Re: (Score:2)
So....what we need is e-counting?
See my plan a bit further up ^^
Re: (Score:2)
E-voting with a print out as the last option stops spoilt papers (well unless you are using old hanging chad machines) and can speed up counting as there are no longer any unclear choices
E-voting where everything is kept electronically is always suspect, and always open to fraud/hacking etc ...
Re: (Score:2)
Well, e-voting allows for accessibility (paper ballots are hard to use by the blind, but it's trivial for an e-voting machine to speak the choice). Sure you're allowed to bring in an assistant to help, but that can lead to vote coercion.
A printed paper ballot can also be printed in such a way that the vote is unambiguous. No "hanging chads" or such - the paper shows the vote clearly. Even if the printer runs out midway
Re:Well, good thing I didn't research this area. (Score:4, Insightful)
The costs for simply counting the votes would be pretty small compared to setting up the rest of the election I'd imagine. Also, the costs (in more ways than just money) of letting crooked people get into power are massive.
Re: (Score:2)
Re: (Score:2)
Have the voting-machine print your vote as the last step, then deposit this printed vote in a ballot-box the old-fashioned way.
They showed that it is possible to control the printer as well, so then it would depend on what is printed by the printer, and whether voters would notice.
Re: (Score:3)
Re: (Score:2)
Put a sign up - "Check your card!"
Not everybody would check but it only takes a couple of observant voters to bring the whole election down. If that's your plan for winning the election then it's not a very good one...
Re: (Score:2)
To verify the vote, simply count the paper-ballots the old-fashioned way, and compare the result with the results from the electronic voting.
Let's assume they don't match... What happens then? That's the problem with having two controls: you prefer one over the other, so you'll pay twice for the same information.
Re: (Score:2)
Then you work out if its just a minor error in one, or if there's a systemic issue and you need to redo the entire election.
You also find and execute the people who tried to rig the election if it was intentional.
You don't have two controls so that you can choose one over the other. You have two controls so that if they are different you know something has screwed up. Once you know something is broken you can work out how to fix it. If you don't know in the first place it's a tad more difficult to fix.
Re: (Score:2)
Really? The printed paper would be the one that counts, because a) the voter read the ballot before they deposited it. It's also the only record anyone has of the election. The electronic tally is u
Re: (Score:2)
There does not need to be nationwide systematic fraud in order to change the outcome of an election. Fraud in a few well selected states, and even a few well selected counties of those states could turn the tide.
Every vote must be counted.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
That gets rid of the anonymity of voting. Some people care about that kind of thing.
(I'm indifferent - I wouldn't mind my vote being traceable back to me, but then I don't live under an especially oppressive regime, and even if I were to vote I wouldn't be voting for the BNP or anything like that)
Re: (Score:2)
What anonymity of voting? ISTR the ballot being handed to me by someone who knew who I was.
Re: (Score:2)
Did he get to see who you voted for?
Re: (Score:2)
Around here, yes. The poll workers try to "help" you before you drop it in the box to make sure you didn't fill it out incorrectly. If you decline to show your ballot to them, they get angry, loud, and get the sheriff's deputy (there to "maintain order") involved.
Then again, the corruption goes much deeper than just the poll workers; lockboxes go "missing" on a fairly regular basis, usually "forgotten" in the trunk of someone's car; the city and county refuse to enforce state laws concerning campaigning a
Re: (Score:3)
Really dumb idea.
Not everyone has an email address. And, I'm sure that the people without email address are predominately from the lower economic stratus. So, that's one source for bias in your exit polling idea.
Also, the vast majority of people wouldn't bother registering for this exit poll, so it would take a relatively small effort to get the supporters of one side to disproportionally register, leading to an inaccurate exit poll.
Finally, anyone in a position to capture these email messages with the sp
Re: (Score:3)
Every voter registers his email address with the election council.
There's your first problem. Not all voters have access to a computer, and many don't have an email address.
At the last step, instead of paper print, you send out an email with a secret code associated with that email.
Which, since email is plaintext, can be intercepted.
Now all news channels/NGOs/Etc conduct exit polls as before and your voter can go and enter the secret code/email address to each one of those exit polls
If a voter can demonstrate their individual vote at any location other than the polling place, then their vote can be bought or coerced. Imagine, say, an employer saying "Vote against this business tax increase if you want to keep your job."
Re: (Score:2)
Questions: How would you ensure all the emails arrive without being tampered with during transit? What about people who haven't got email? How do you know the software inside the machines is OK? Why bother with electronic exit polls, why not just ask them?
Bottom line: You can *never* do it 100% electronically. Information and software are just too easy to manipulate (and it leaves no trace).
Re: (Score:2)
Re: (Score:2)
I'm partial to the system used in Canada: fill-in-the-bubble paper ballots (like multiple choice exams). This gives a clear paper trail, and can be counted by machines if you want to go faster.
fill in? you draw an X in the appropriate bubble.
though our ballots would require something interesting to work with the US system of voting for president/vice-president/house/senate/state governor/state house/state senate/mayor/city counsel/district attorney/judges/police chief/dogcatcher/etc. all on the same day.
You'd need a booklet of ballots or a large sheet with multiple ballots on it or something.
Around here, we vote for 5 people (mayor, 2 aldermen, provincial Legislature, federal Parliament), and th
Re: (Score:2)
Encryption and a two-factor authentication system should allow you to do this.
Re: (Score:3)
Encryption and authentication, performed by who? The machine? That can be broken if you have access to the machine, like in this case.
One could give personal certificates (in the form of a smart card, for example) to voters and require each vote to be signed using it, so votes would be impossible to forge, but that eliminates the anonymity of the process.
Re: (Score:2)
Two factor authentication requires a code generated by a second machine (or a card, etc).
This article describes man in the middle attacks, this should never be possible to do even if you know the source code of the whole thing. Public key encryption and signing should be enough to stop any attempt like this.
He said he was trying to research voting protocols. It is possible to create a protocol that will be secure 99.999999% of the time.
PS: If you have enough access to a machine that should be guarded from a
Re: (Score:2)
Have you read the second sentence in my post? The problem with PKI is that it ties each vote to a specific key, and hence voter, destroying anonymity. It's perfectly possible to have a secure system if you're willing to lose that. But is it worth it?
Re: (Score:2)
Encryption and a two-factor authentication system should allow you to do this.
Sure, so long as you can trust the software inside the machines...
Re: (Score:2)
You could know the whole source code of the machines, if it requires someone's password and token, you'd have to have altered everything in order to get those. And the software can be signed and required to pass verification upon boot, so it's not that easy.
Either way, the question was about about protocols, and it is already possible to have 99.99999% secure connections. I'd say 100%, but you have to consider the human element and those can and will most likely fail sometime.
Re: (Score:2)
Re: (Score:2)
The ability of a person to verify their specific vote after it was cast allows vote buying schemes to be confirmed, and violates election laws.
Vote tracking (Score:2, Interesting)
Re: (Score:3, Informative)
Sure, and allow the kind of MASSIVE voter-intimidation of Tammaney Hall in New York City that went on in the 19th Century? Secret ballot was brought in FOR A REASON!
Go back to paper, it takes longer, but is better accountability.
Re: (Score:3)
Well, the main flaw with electronic voting right now is simply that it seems rare from the press I am seeing that there are paper ballots, or receipts mind you, printed out as well. Keep in mind this might be a case of positive news of E-voting focuses on the E-part and the printers are only mentioned in the negative press attacking flaws.
Electronic voting, when the information is not tampered with, is more accurate and faster than the old paper voting. Human error can occur in counting them. See 2000 re
Re: (Score:2)
See 2000 recount efforts.
See : idiotically design ballot and what I can only presume is deliberate incompetence due to the inability to create a machine to reliably punch holes in paper.
Hopefully fixed quickly (Score:2)
Without evidence of tampering? (Score:2)
How is this "without evidence of tampering", when they have an actual circuit board ("alien electronic") inserted into the machine?
Also, to hide the fact that they're changing votes, they blank out the screen. How likely is it that *no one* notices this?
Re: (Score:3, Insightful)
Re: (Score:3)
If you can blank the screen, then it should be feasible to actually *change* the screen's output. This attack doesn't require any knowledge of the actual election software, but if you *did* have that knowledge, you could dummy up a screen that has the "correct" votes on it, and display that instead of the votes that are actually being recorded.
Also, the "without evidence of tampering" is referring to the lack of any evidence that the machine has been tampered with after you remove the alien hardware. Gain a
Re: (Score:2)
How is this "without evidence of tampering", when they have an actual circuit board ("alien electronic") inserted into the machine?
Also, to hide the fact that they're changing votes, they blank out the screen. How likely is it that *no one* notices this?
Both of these refer to the user of the machine who's vote is being tampered with. As the case is not made of acrylic I don't know if it has a surplus circuit board installed in it by the person who was in the booth before me.
Also as someone who has never used an e-voting machine how am I supposed to know the screen isn't supposed to blank?
Re: (Score:2)
How likely is it that *no one* notices this?
If it's your first ever time using the software then *very likely* because you don't know what's 'normal'.
Duh.
Re: (Score:2)
How is this "without evidence of tampering", when they have an actual circuit board ("alien electronic") inserted into the machine?
Also, to hide the fact that they're changing votes, they blank out the screen. How likely is it that *no one* notices this?
They discuss it at 8:35 in the video. Because there's no soldering, you can remove the board when you are done with the vote tampering and nobody would be the wiser.
Re: (Score:3)
And why do they call it a "Man-In-The-Middle Remote Attack"??
"Man in the middle" refers to the fact that the alien hardware is able to intercept and modify the authorized information, between the authorized user (the voter) and the intended recipient (the cast ballot).
The "remote" portion of the descriptor refers to the fact that the "man in the middle" is using a remote control to "attack" the system; that is, the compromised unit is being controlled remotely by someone other than the person standing at the controls/interface.
Man on the inside (Score:2, Insightful)
"[T]he Argonne team's attack required no modification, reprogramming, or even knowledge, of the voting machine's proprietary source code ...
No, all they needed was access to the machine's internals, modification of it's electronics and knowledge of how to "insert a piece of 'alien electronics' into a circuit board."
Once you give someone physical control of your machine, you have given someone control of your machine.
Re: (Score:3)
this is true. I made a replica of a Diebold voting machine and crammed an atari 2600 into it. If anyone wanted to vote for an independent, they had to first solve jungle hunt. Totally hacked the voting process.
Re: (Score:3)
Given how last year we saw articles on how dead easy these things were to get into despite the fancy looking lock, this attack is still falls in the category of "could conceivably happen".
Your Vote Matters! (Score:2)
See? It really does!
Now go vote!
Remotely! Here is your remote!
Whew (Score:2)
"Often the polling places are in elementary schools or a church basement or some place that doesn't really have a great deal of security."
At least they are not in the hands of someone with a political agenda.
Die Bold... (Score:2)
It died boldly just like yesterdays votes.
Tamper Proof? (Score:2)
I saw this discussion on another site and someone asked 'Why can they make rock solid tamper proof slot machines but not voting machines?' I realize they are not the same animal but the concepts of security and tampering must be very similar.
Re: (Score:2)
Because the people making the gambling machines want them secure FROM cheaters, while the people making the voting machines want them secure FOR cheaters (cough cough GWB cough).
Re: (Score:2)
Exactly. Somehow we can make ATMs, electronic slot machines, and all kinds of online transactions secure, but can't secure a vote? Sounds like a lack of will at best, a nefarious plan to make U.S. democracy more of a farce that it already is at worst.
I wonder why I don't care... (Score:2)
See: 2000 election.
Re: (Score:2)
Is it possible to have a national ID and password which would let you vote on issues without the need for public elected officials?
One reason for representative government is that everyone could not vote on every single issue for the state because they could not all fit in one place and have discourse. The Internet could let everyone meet in one place. A whole new government style could be formed that has limited
Re: (Score:2)
*whoosh*
Re: (Score:2)
Agreed. Take the last presidential election: If all electronic votes had come to McCain (or Obama) it would have been obvious for everyone involved that something was wrong. You have no booth where 100% of the votes goes to ONE candidate.
Re:Not very correct (Score:5, Insightful)
What they're saying is that no soldering on the original hardware, nor replacement of any components is necessary. Some previous attacks required the removal of the storage media (compact flash, if I remember right).
The unit they demonstrated simply requires unplugging two things, and putting their unit in between. After the election is complete, they'd simply need to access the units again, remove the component, and all is well.
Most "void if broken" seals can be easily replicated. It's just a matter of getting a replacement seal in time. For the most part, people are dumb. If you do a good job of cleaning off the seal, they'd never notice it is missing.
Re: (Score:2)
I'll go you one further--I seriously doubt that "void if broken" seals would even be honored! If they were, any griefer with an axe to grind could quietly slice a "void if broken" seal and arguably void (nullify) any votes cast on that box up until the point that broken seal is no
Re: (Score:3)
Alternative attack vector: In a constituency wherein a majority statistically favors your opposition, just use a pen or whatever, to damage the "void if broken" seals. Presto; you've now cast doubt on the integrity of the votes in that ballot.
Re: (Score:2)
Physical seals are worthless against well-funded enemies.
Re: (Score:2)
Sure, use electronic voting tallying because we're lazy and don't want to tally paper votes anymore. But keep the paper trail for validation! What is the point of not having a paper trail for validation? You save a few trees? Look at our new government, it is sold to the highest bidder, but we'll save every last one of you a penny in taxes.
You may not be from the USA and therefore may not be aware of situations like the U.S. presidential election issues in 2000 ( http://en.wikipedia.org/wiki/United_States_presidential_election,_2000#Results [wikipedia.org] as an example). There are massive flaws in the paper voting system as well. Electronic voting was one concept being used to try and rectify the situation and security analysis such as the one in TFA are a step in the right direction.
Paper failed miserably, electronic is the new concept; and the bugs ne