Home
News
E-mail Newsletters
Blogs
Tech Dispenser
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Print Subscriptions

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 

Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

Can you hack the vote?

A $10,000 challenge is at stake
Tom Spring   Today’s Top Stories    or  Other Government Stories  
 

Sign up to receive Security Resource Alerts

August 06, 2004 (PC World) -- Electronic voting systems have drawn fire from courts, lawmakers and citizens groups -- and now they're under attack by hackers.
It's an organized assault, too. E-voting technology expert Rebecca Mercuri, a Harvard research fellow who has been outspoken in her opposition to such systems, has issued a "Hack the Vote" challenge, trying to illustrate what she calls the systems' unreliability and vulnerability.
She unveiled the so-called Mercuri Challenge at the recent Black Hat Briefings and Defcon 12 security conferences.
Mercuri suggested that electronic voting machines be hacked during their pre-election testing so officials will abandon them before an actual election. "People in the election community say this technology is bulletproof," Mercuri says. "It's not."
She especially opposes use of electronic voting technology in its current state, which doesn't allow for a verifiable backup. "I'm not asking anyone to break any laws. We just want the opportunity to hack e-voting systems to prove that it can or cannot be done," she says.
Mercuri says the likeliest e-voting fraud would involve unauthorized remote access to voting machines, when a hacker manipulates results; or backdoor access to voting systems by workers with approved access but their own agenda. She described her concerns at a Defcon keynote address, "Hack the Vote."
As part of her challenge, Mercuri is calling on e-voting system vendors VoteHere Inc. and Advanced Voting Solutions to provide any challengers with "full specifications" of their voting systems for review. The first person to change vote tallies without being detected can claim $10,000 from a separate challenge.
The $10,000 is being offered by noted e-voting proponent and Carnegie Mellon University computer scientist Michael Shamos. His $10,000 bet, the Direct-Recording Electronic Hacking Challenge, contends that no one can hack into a DRE voting machine undetected.
"It is impossible to tamper with e-voting systems without being detected," he said in a telephone interview countering Mercuri's claims. Shamos says no one has ever taken him up on the challenge because, as he puts it, "the fundamental system is unhackable."
Shamos recently added another twist to his challenge. Takers must fork over $5,000 to be held in escrow for Shamos. If the contestant fails to tamper with the e-voting results undetected, Shamos keeps the $5,000.
Both Shamos and Mercuri acknowledge that they are using the same vehicle while on opposite sides of the e-vote debate. Mercuri says her public challenge is meant to draw attention to Shamos's DRE Hacking Challenge.
However, a growing number of e-voting naysayers agree with much of what Mercuri claims. For example, in April, California banned the use of touch-screen voting machines in a handful of counties until it could be proven that the systems are secure and bug-free.
Tom Mereckis, head of marketing at VoteHere, said he is "puzzled" by Mercuri's challenge because VoteHere makes full specifications of its voting systems available to anyone. "Our full source code and cryptography specs have already been published," Mereckis says. "We did answer Mercuri's challenge last month on our Web site."
Conversely, the president of Advanced Voting Solutions said he has no intention of ever releasing the proprietary workings of the company's voting systems. "We aren't interested in participating in a hacking carnival sideshow," Howard Van Pelt said. For the same reasons that American Airlines and Bank of America don't make the full specifications of their systems available to the public, Advanced Voting Solutions doesn't either, he said.
Mercuri said VoteHere forces anyone who wants to test its system to sign a restrictive licensing agreement that makes it a felony to examine its systems and share that data with the public. "That's not what we consider open and available," she said.
"There is nothing in the licensing agreement that you can't find bugs and talk about them," Mereckis said.
Prospective contestants seemed ambivalent about the e-voting hacking challenge. "Sounds like a good way to land in prison," said one Defcon attendee who declined to give his name. Other attendees said hackers are always interested in a challenge -- with $10,000 riding on it or not.


Reprinted with permission from

For more PC news, visit PCWorld.com.
Story copyright 2006 PC World Communications. All rights reserved.


Print this Story Send Us Feedback E-mail this Story Digg! Digg this Story Slashdot this Story

Blogs

"Skyrocketing diesel prices have operators focused on technologies that can improve overall fleet efficiency...." Read more...
"It's Tuesday's IT Blogwatch in which Google wants to help you help yourself to your own medical history. Not to..." Read more...
Read more Government & Regulation posts or See all Blogs

Tired of waiting on Apple, researchers disclose iCal bugs
Size matters: Yahoo claims 2-petabyte database is world's biggest, busiest
Rising energy costs may usher in workplace changes
More top stories...
Mozilla targets Firefox 3.1 release for later this year
With rootkit talk coming, Cisco patches router flaws
'PatentGate,' one year later: Microsoft against the open-source world

Shuttle Columbia's hard drive data recovered from crash site
Specialists have retrieved about 99% of the data on a disk drive on board the crashed space shuttle Columbia. Don't miss the photographs of the recovered drive.
The top 15 vaporware products of all time
These big ideas were supposed to revolutionize technology, but they never actually appeared. In a few cases, you'll be glad they didn't.
Opinion: Malware vs. anti-malware, 20 years into the fray
Nearly 20 years after the first Internet worm, Steven J. Vaughan-Nichols takes stock of the malware/anti-malware landscape and spotlights how the two sides are approaching the battle.
Leopard at six months: Does it live up to the early hype?
Though some thought it was released too soon, Mac OS X 10.5 has matured into a solid operating system, says reviewer Michael DeAgonia.

FROM THE BLOGOSPHERE

Windows Vista A to Z
Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS.
IT Careers 2010
Four years from now, the IT field will be a vastly different place. Will you be ready?
All Zones
Application Performance Zone
Enterprise-Class Security Zone
The File Data Management Zone
Grid Computing on Windows Zone
Security Management Zone
ITIL Best Practices Zone
The SAS Zone
Storage Virtualization Zone


Ads by TechWords

See your link here
Computerworld Report: Storage Gets Strategic
Download this Computerworld Report, free, compliments of HP.
(Source: Computerworld) Data Storage has emerged from the back room to become a key part of regulatory compliance, disaster recovery and strategic tecnhology plans. Learn more in this new this Computerworld report, a $49.95 value, available free for a limited time, compliments of HP.
Download this executive briefing download
Web Security SaaS: The Next Generation of Web Security
Download this whitepaper, free for a limited time, compliments of Webroot Software.
(Source: Webroot Software) The Web is the new threat vector of choice for hackers and cybercriminals to distribute malware and perpetrate identity theft, financial fraud, and corporate espionage. This paper outlines the challenges facing many SMBs and provides solutions for overall security effectiveness and reducing the burden on IT departments.
Download this white paper go
Why SaaS is Vital to Email and Web Security
Why SaaS is Vital to Email and Web Security
Download this webcast, free, compilments of Webroot Software
Go to the webcast 
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Outlasting the Competition: Why High Availability is Critical to Midsize Businesses
Oracle Real Application Clusters 11g
Oracle Database 11g Architecture on Windows
View more whitepapers 

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDG Connect IDG World Expo Infoworld
The Industry Standard ITworld JavaWorld LinuxWorld MacUser Macworld Network World PC World Playlist
Copyright © 2008 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.