diff -r 76f9457b8f51 -r ddf7315450c9 handouts/ho02.tex --- a/handouts/ho02.tex Tue Oct 04 13:44:05 2016 +0100 +++ b/handouts/ho02.tex Tue Oct 04 17:10:01 2016 +0100 @@ -3,18 +3,8 @@ \usepackage{../langs} \begin{document} -\fnote{\copyright{} Christian Urban, 2014, 2015} +\fnote{\copyright{} Christian Urban, 2014, 2015, 2016} -%https://www.usenix.org/sites/default/files/conference/protected-files/jets15_slides_epstein.pdf -% -%Jeremy Epstein, SRI International -% -%In April 2015, the US Commonwealth of Virginia decertified the Advanced Voting -%Solutions (AVS) WinVote voting machine, after concluding that it was insecure. -%This talk presents the results of Virginia's analysis of the WinVote, and -%explores how we got to the point where a voting machine using an unpatched -%version of Windows XP from 2004, using hardwired WEP keys and administrator -%passwords, could be used for over a decade in most of Virginia. %% second angle of the problem %Jonathan Zittrain is interested in algorithmic accountability, @@ -103,7 +93,7 @@ scan voting machines are not as secure as they should be. Some states experimented with Internet voting, but all experiments have been security failures. One - exceptional election happened just after hurrican Sandy + exceptional election happened just after hurricane Sandy in 2012 when some states allowed emergency electronic voting. Voters downloaded paper ballots and emailed them back to election officials. @@ -155,14 +145,14 @@ \noindent The abstract says: \begin{quote}\it -In April 2015, the US Commonwealth of Virginia decertified the +``In April 2015, the US Commonwealth of Virginia decertified the Advanced Voting Solutions (AVS) WinVote voting machine, after concluding that it was insecure. This talk presents the results of Virginia's analysis of the WinVote, and explores how we got to the point where a voting machine using an unpatched version of Windows XP from 2004, using hardwired WEP keys and administrator passwords, could be used for over a -decade in most of Virginia. +decade in most of Virginia.'' \end{quote} The reason that e-voting is such a hard problem is that we @@ -372,7 +362,7 @@ for independent review. They also kept their source code secret. This meant Halderman and his group could not obtain a machine through the official channels, but whoever could hope -that revented them from obtaining a machine? Ok, they got one. +that prevented them from obtaining a machine? Ok, they got one. They then had to reverse engineer the source code in order to design an attack. What all this showed is that a shady security design is no match for a determined hacker. @@ -542,7 +532,7 @@ can be made reasonably secure and fraud-safe. That does not mean there are no problems with online banking. But with enough thought, they can usually be overcome with technology -we have currently avialable. This is different with e-voting: +we have currently available. This is different with e-voting: even the best have not come up with something workable yet.