Internet Votinga menace to society?

Jan Meijer

POWER

You exercise your right to vote...

• If you are elligable

• Anonymous

• In private, it’s YOUR vote, leave your

consultant at home

• to elect well defined subject(s)

According to a well defined process

Water boards & RIES

• 2003, Water board Rijnland, Rijnland Internet Election System

• 1.2 million voters

• 300k for Internet voting

Postal + Internet

RIES: The ”Robers” protocol

• Herman Robers. Electronic elections employing DES smartcards. Master's thesis, Delft University of Technology, December 1998. http://www.iscit.surfnet.nl/team/Herman/election.ps.

• http://www.cs.ru.nl/W.Pieters/compsac2005.pdf

• Virtual ballot using DES

3 phase system

• Phase 1: Prepare. – Distribute pseudo Id and voter secret to each

voter

• Phase 2: Voting window

• Phase 3: Tally

Network paradigm

client (voter) server (polling station)network (internet)process stage

vote process

processingverification

vote contact

vote materials

vote result

vote confirmation

unsecured

secured

Security is a mindset

Know your goal: won the battle..

Know your risks

shit will happen

Know when it’s good enough...

System characteristics

• Peak performance 2004: 23 voters/s over SSL• Holistic approach• Compartimentalized security• Layered security• Sustain multiple component failure• BCP, common sense• ”Lazy running”• Dirt cheap

Not in outer space

• You scavenge...

• A network

• Existing services (DNS, RPS, NTP, ...)

• SURFnet-CERT

• ...

Architecture overview

Our dashboard

It worked…Resource usageRijnland elections

No peak?

vote server 1, 2006 vote server 2, 2006

vote server 1, Dommelvote server 1, Rijnland

So, a menace to society?

ONLY IF DONE BADLY

Easiest to monitor

10.000 polling stations

(Nigeria, UK, NL?)

or

1 station

/me?

• Voting by the people, for the people: it’s democracy stupid!

• Internet age opportunity• Publicly owned system, open source• End commercial incompetence• Power to the people!

State of our eVoting systems is a professional disgrace!

Still not convinced?

http://www.theregister.co.uk/2007/05/17/sarasota_county_network_breached/

“Slammer turns Florida election result into worm food”

…The county server was breached on the first day of early voting in the 2006 election, which included a now-disputed race for a seat in the US House of Representatives. The attack code was a variant of the infamous Slammer worm that penetrated the county's server, which unbelievably, was missing five years worth of security patches…