Download
vote hacking kenny denmark n.
Skip this Video
Loading SlideShow in 5 Seconds..
Vote Hacking Kenny Denmark PowerPoint Presentation
Download Presentation
Vote Hacking Kenny Denmark

Vote Hacking Kenny Denmark

97 Vues Download Presentation
Télécharger la présentation

Vote Hacking Kenny Denmark

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. - October 2010 - For an upcoming election, Washington D.C. was preparing a system to allow some voters to send in their ballots over the Internet. - However, two days after this was released for public use, it was hacked by a group from the University of Michigan to prove that it was unsafe. - They had managed to take complete control of the system, and was also able to extract the names of everybody who had registered of this service. Article: http://www.stateline.org/live/details/story?contentId=522635 Vote HackingKenny Denmark

  2. - If it had been a real election, they could have changed what people had voted and/or posted that information online. • - As a reaction, the elections board deemed this plan to be dangerous, and decided to shelve the system rather than try to improve it. This was partially due to other attacks coming in originating from China and Iran. • - This incident also spurred a large debate over what type of software should be used for the security in a system such as this: proprietary or open-source (since open source was used for this)

  3. 8-step decision process • Step 1: Issues: releasing software that contains important information or something that is used to decide needs to have adequate security and be adequately tested. However, people living over seas and soldiers also need to be able to vote easily, so it is important that this not be shelved. • Step 2: Stakeholders: Voters: would like it to be easy to vote The people who hacked it: want it to be properly secure and have it still be in existence The election board: want it to be secure at any costs, even scrapping the project • Step 3: Potential solutions: a: The project being permanently shelved b: The project being constantly monitored and improved c: An attempt is made to completely replace the system with something new

  4. 8-Step Decision Process(cotd.) • Step 3(cotd.): Outcomes: a: best: nobody's records are stolen, worst: people outside the country have a hard time voting b: best: the new system works like it should, worst: it is attacked again, but improves with each one c: best: the new system works, worst: it is attacked again, and the cycle continues unless it is shelved or improved I personally think that the best of these is b, although it does involve some risk, if the system is improved enough, it should not matter as much. • Step 4: Ethically speaking, this decision might not be the best, as it is slightly risky for those who want to use this service until it has been sufficiently improved. However, at a later point, the system will have been broken and repaired enough for it to be extremely difficult to impossible to break in to. • Step 5: I believe that this solution is balanced because it provides a solution to the problem instead of simply ignoring it and shelving the project.

  5. 8-Step Process(cotd.) • Step 6: I think that this would be the most efficient process, as it would produce a good result for a majority of people, especially after it has been around awhile and sufficiently been tested, even though it may not be the best for a while, the finished product will have been worth it. • Step 7: Yes, nobody influenced me, and I don't believe that this would influence would influence me. A system such as this would have to tell the users of a potential risk, and to use at their own risk, but it is the same for any such system, they have to be constantly monitored and improved. • Step 8: I would say that the most influential philosophy in this decision was pragmatism, because I feel that the end result of this project would be worth having to constantly tweak a security system for a long amount of time. However, it does put users at some degree of risk, so they would have to be fully aware of this before they could use it.

  6. Applying the ACM Code I personally believe that what actually happened decision-wise adhered fairly well to the ACM code, except for the lack of complete testing by the people who developed the system. In any system such as this, especially in something like this, where people's personal information is stored. By not testing properly or enough, they would go against quite a few rules in the code, mainly the ones dealing with harm to a person, as this sort of information could be used for identity theft.