[EL] The $45M Hiest (sic) from NYC ATMs

[David Jefferson]

I feel compelled to differ with Mr. Kelleher again, after his latest posting on May 14. After this, I plan to drop the subject, since in my experience Mr. Kelleher is unpersuadable on the subject of online voting security.

In his last message he begins by protesting that “I did not say, or in any way suggest … that ‘some email-related attack may have been the means of penetration’ in the heist'”. But actually he did suggest it in his first message in this thread when he wrote “Did an official in the victim company click on a link in a spoofing email …?” and also later when he followed up with a major concluding point that “Internet voting servers are not connected to email systems”.

Even though he denies suggesting it was an issue, he nonetheless continues to argue vociferously that Internet voting systems are “not connected to email systems” and uses as a major example “Email activity in the office of the WV SOS had no connection with the secure voting website; hence, penetration via trick emails was not possible”. I can only say that Mr. Kelleher shows a complete lack of understanding of the security issues with email. A hacker who wanted to attack an Internet voting system via an email spear phishing ploy ("trick email") would not send it to the SoS office, of all places. He would target someone who works in the data center where the ballots are collected or counted and hope that an enclosed attachment or link would be opened from there.

Mr. Kelleher then argues with me about the term “‘Internet voting’, as commonly used”, claiming it does not include email voting. However, in security discussions the term “Internet voting” means, and has always meant, the transmission of voted ballots over the public Internet, regardless of the protocol or service used, the type of encryption used (if any), the types of computers or devices at either end of the voting transaction, or the software they are running. It includes systems in which votes are transmitted by web, by email, or by any other combination of standard protocols or new ones invented just for voting. “Internet voting” has had that meaning since the earliest literature on the subject, dating at least back to 1999 before any of the current vendors or systems even existed. 

From a security point of view we classify all of today’s forms of Internet voting together because they all share a wide range of profound security problems for which we have no good solutions available, including (1) remote voter authentication weaknesses, (2) susceptibility to client side malware attacks, server side penetration attacks, distributed denial of service attacks, various other network attacks, and insider attacks by officials or by programmers, and (3) the lack of support for any meaningful end-to-end auditing of the election. Again, I apologize for this jargon, but all security experts who have studied voting agree on these points.

Mr. Kelleher is also wrong about why 30+ states have instituted email voting. It is not because of a “nation-wide irrational Moral Panic“ and “scary stories” around web-based voting. The actual reasons for the popularity of email (and fax) voting are more prosaic. In most cases it was because legislators and election officials were familiar with email and were led (falsely) to believe that email voting would be essentially similar to paper mail-in voting, which is already legal. Also, email voting can be supported cheaply (but poorly) without much infrastructure, and even without any third party vendor, which is why New Jersey hastily attempted to institute it (with little preparation or success) in the aftermath of Hurricane Sandy. 

Finally, Mr. Kelleher attempts to argue that the famous Okaloosa County Internet voting experiment was not really “Internet voting”, and thus the fact that its servers were in Barcelona does not refute his false claim that Internet voting systems “are not connected to far away or foreign servers”. His bizarre reason for exclusion is that in that experiment voters cast their votes at specially-prepared laptops set up and manned by election officials instead of voting from home from their own private PCs. However, that important restriction offered an extremely valuable security protection because it essentially eliminated one entire category of security threat, namely malware on the machines that people actually voted from. By Mr. Kelleher’s idiosyncratic definition, only when people are permitted to send ballots from their personally-owned, possibly virus- or Trojan-infected devices can the system be properly called Internet voting!

David
David Jefferson
d_jefferson at yahoo.com



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://webshare.law.ucla.edu/Listservs/law-election/attachments/20130515/24d40428/attachment.html>