Unknown to users, 'massive security vulnerability' in Internet architecture allowed massive 'man-in-the-middle' rerouting...
[This article now cross-published by The Progress...]
We've discussed, many times over the years, the madness of Internet Voting schemes. Today we've got yet another piece of disturbing evidence that underscores why such a scheme for American democracy would be nothing short of insane.
The BRAD BLOG has highlighted how easily Internet elections can be hacked by all sorts of nefarious folks (perhaps most disturbingly, without the knowledge of election officials); how various experiments in Internet Voting have proved disastrous (Hello, Canada! Hello, Honolulu! Hello, Oscars!); and how it is simply impossible to do a true pilot test of any such Internet Voting schemes in advance, since the most dangerous tactics that bad guys might throw at an Internet-based election in order to game it are actually illegal. Because of that, good guy "white hat hackers" wouldn't be able to use those same techniques to test the security of any Internet Voting scheme before it was actually put into use in a live election.
Moreover --- and perhaps the deal-breaker when it comes to the viability of Internet Voting ever being workable in public elections --- even if the Internet Voting scheme remains secure, there is no way that the citizenry can know that was the case. Any such scheme would require faith and trust in others, which is decidedly not what our system of oversight and checks and balances in public elections is supposed to be built on. Thus, even a secured Internet Voting scheme would seriously undermine the basic tenets of, and overall confidence in, American democracy.
Now, Kim Zetter at Wired's "Threat Level" blog offers yet another reason why the Internet, as it currently exists, is simply unfit to serve as a means for secure online voting. Her recently published article, which doesn't focus on voting, is alarmingly headlined "Someone's Been Siphoning Data Through a Huge Security Hole in the Internet".
And no, in this case, it's not the NSA. At least as far as we know.
Zetter details a "huge security hole" indeed, one which, as she documents, was found to have been used earlier this year to re-route "vast amounts" of U.S. Internet data all the way out to Belarus and Iceland, where it was intercepted in a classic "man-in-the-middle" fashion, before being sent on to its intended receiver. During the hijack attack, the senders and receivers of the Internet data were none the wiser, just as would likely be the case if the same gaping security hole in the Internet's existing architecture was used to hijack votes cast over the Internet, change them, and then send them on to the server of the intended election official recipient...
--- Click here for REST OF STORY!... ---