[ISN] Firm invites experts to punch holes in ballot software

From: InfoSec News (isn@private)
Date: Wed Apr 07 2004 - 07:23:12 PDT

  • Next message: InfoSec News: "Re: [ISN] Secret hackers to aid war on internet fraud"

    http://zdnet.com.com/2100-1105_2-5186016.html
    
    By Robert Lemos 
    CNET News.com
    April 6, 2004
    
    VoteHere, a maker of security software for voting machines, published 
    the source code for its product online in hopes of garnering 
    additional analysis of its method for verifying the integrity of 
    electronic votes. 
    
    The company, which has patented its VHTi technology, wants comments, 
    not competition, so it released the code and several documents to its 
    Web site under a license that restricts use of the code to analysis 
    for a period of 60 days. 
    
    "We pride ourselves on being good students of cryptography," said Jim 
    Adler, founder and CEO of the Bellevue, Wash.-based company. "We know 
    there is no security through obscurity, so we want to be open." 
    
    Revealing encryption algorithms for peer review is a standard practice 
    in encryption circles and allows experts to poke holes in other 
    people's technology. VoteHere hopes the additional scrutiny will prove 
    that its technology is sound, Adler said. 
    
    The company's software is designed to let voters verify that their 
    ballots were properly handled. It assigns random identification 
    numbers to ballots and candidates. After people vote, they get a 
    receipt that shows which candidates they chose--listed as numbers, not 
    names. Voters can then use the Internet and their ballot 
    identification number to check that their votes were correctly 
    counted. 
    
    "It doesn't protect the system from compromise, but it detects when 
    compromises happen," Adler said. "We are the barking dogs: If anything 
    touches the ballots, it can be detected." 
    
    The move comes as questions arise about the security of electronic and 
    Internet voting. 
    
    Though few problems with electronic voting machines arose on March 1, 
    Super Tuesday, many problems have cropped up during other elections. 
    
    Some states, Michigan among them, are going full bore to ballots cast 
    on the Internet, despite some computer scientists' concerns that the 
    Net is not secure enough to prevent election tampering. About 28 
    percent of Michigan voters cast their ballot online in February during 
    that state's Democratic caucus. In the same month, the Department of 
    Defense backed away from plans to conduct a trial that could have let 
    the 6 million Americans abroad cast their vote online. 
    
    VoteHere has had its own security issues to deal with as well. In 
    December, the company called in the FBI to investigate a breach in the 
    company's network. Adler said the investigation was ongoing and 
    stressed that VoteHere's plans to release source code had been in the 
    works since last summer. 
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Wed Apr 07 2004 - 10:21:36 PDT