Firm invites experts to punch holes in ballot software

R. A. Hettinga rah at shipwright.com
Tue Apr 6 20:19:46 EDT 2004 

Ah, the old hack-me "contest" arrives in the electronic voting business.

I love the smell of burning snake-oil in the morning...

Cheers,
RAH
-------


<http://zdnet.com.com/2102-1105_2-5186016.html?tag=printthis>



Firm invites experts to punch holes in ballot software
 By  Robert Lemos
 CNET News.com
 April 6, 2004, 4:23 PM PT
 URL:  http://zdnet.com.com/2100-1105-5186016.html

 VoteHere, a maker of security software for voting machines, published the
source code for its product online in hopes of garnering additional
analysis of its method for verifying the integrity of electronic votes.

The company, which has patented its VHTi technology, wants comments, not
competition, so it released the code and several documents to its Web site
under a license that restricts use of the code to analysis for a period of
60 days.

 "We pride ourselves on being good students of cryptography," said Jim
Adler, founder and CEO of the Bellevue, Wash., company. "We know there is
no security through obscurity, so we want to be open."

 Revealing encryption algorithms for peer review is a standard practice in
encryption circles and allows experts to poke holes in other people's
technology. VoteHere hopes the additional scrutiny will prove that its
technology is sound, Adler said.

 The company's software is designed to let voters verify that their ballots
were properly handled. It assigns random identification numbers to ballots
and candidates. After people vote, they get a receipt that shows which
candidates they chose--listed as numbers, not names. Voters can then use
the Internet and their ballot identification number to check that their
votes were correctly counted.

 "It doesn't protect the system from compromise, but it detects when
compromises happen," Adler said. "We are the barking dogs: If anything
touches the ballots, it can be detected."

 The move comes as questions arise about the security of electronic and
Internet voting.

 Though few problems with electronic voting machines arose on March 1,
Super Tuesday, many problems have cropped up during other elections.

 Some states, Michigan among them, are going full bore to ballots cast on
the Internet, despite some computer scientists' concerns that the Net is
not secure enough to prevent election tampering. About 28 percent of
Michigan voters cast their ballot online in February during that state's
Democratic caucus. In the same month, the Department of Defense backed away
from plans to conduct a trial that could have let the 6 million Americans
abroad cast their vote online.

 VoteHere has had its own security issues to deal with as well. In
December, the company called in the FBI to investigate a breach in the
company's network. Adler said the investigation was ongoing and stressed
that VoteHere's plans to release source code had been in the works since
last summer.


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list