[ale] hack challenge for electronic [v]oting system

Jeff Hubbs hbbs at comcast.net
Sat Aug 23 16:37:36 EDT 2003


I'm going to set forth here what I think would be meaningful ground
rules and goals for such a "hacking demonstration."

"Starting line:"  The team needs to have no more or less access to the
equipment than anyone else could obtain before, during, or after the
hack.  If this means that a machine could be "stolen" or "borrowed"
surreptitiously, given that the election board takes the usual steps and
protections for safeguarding the equipment, so be it.  

The absolute minimum standard for a successful hack would be to 1)
interfere with the voting process, so as to produce a result that would
differ from what the result would have been had the team taken no action
(the difference must be the direct, causal result of the team's action)
OR 2) obtain actual vote data from the machines via a means other than
the intended mechanism

In my opinion, even a partial denial of service would constitute a
successful hack, because DoSses, thoughtfully and deliberately applied,
could be used to skew voting results in a desired direction through the
choice of, say, timing and location.  I believe that this is very
germane to the issue because it has been alleged that one way in which
the Bush/Gore election was manipulated was by excluding votes with a
discriminating factor involving certain classes of people (i.e.,
absentee ballots and the elderly).

The hack would be judged more successful ("extra credit") if: 1) the
hack could go totally undetected 2) the hack could produce an
arbitrarily chosen result (i.e., make a certain candidate win or, in the
extreme case, "dial in" an arbitrarily chosen numerical result).





-- 
Jeff Hubbs <hbbs at comcast.net>

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list