March 11, 2003

Pulling Polls

Why, I believe that the Register does not believe that our Senate Majority Leader's staff is truthful!

http://www.theregister.co.uk/content/55/29654.html

Senate Leader scraps website war poll, blaming hackers | By Andrew Orlowski in San Francisco | Posted: 07/03/2003 at 22:55 GMT:

Senate majority leader Bill Frist has yanked a "Bomb Iraq" poll from his website. rist's office told The Register that "tampering" was to blame for the removal of the poll, which asked "Should the United States use force to remove Saddam Hussein from power? Your opinion is important to Senator Frist."

"Clever computer programmers created a program that generated 8,700 votes in a day," a spokesperson told us. Which is where the mystery really begins.

The spokesperson couldn't say whether the software was running inside the firewall, representing a major breach of the Senate IT security, or was a robot-style vote generator run by netizens. The curious thing is that Frist's poll page already banned robots - including the Wayback Machine, archive.org - from the site. Respondents could vote once and then return to the site later to change their vote; only the latest response would be counted. "As you know government computers are constantly being attacked by hackers," he suggested.

Nor could Frist's office explain why the website administrators simply didn't exclude the votes they didn't want to count - Florida-style.

One correspondent has noted the increasing tally of No votes: "At 1:35 pm Washington DC time on March 6, the Frist site reported 31,118 responses to the war poll. Anti-war respondents (55%) had gained a clear majority over pro-war respondents (44.6%). (These figures do not quite add up to 100%, apparently because of the rounding method used by Senator Frist's staff.) "Within the hour, at 2:23 pm, the anti-war fever had risen, with 56.9% anti-war, 42.9% pro-war. By 4:29 pm, according a snapshot of the Frist site, with 37, 742 total responses, the anti-war vote registered 59.5%, with the pro-war vote ebbing at 39.8%."

The Senate site has been defaced before. Whether this represents a new and more serious breach - as Frist's office suggests - we don't know. But our enquiries continue.

Posted by DeLong at March 11, 2003 08:24 PM | TrackBack

Comments

There was a follow-up article:

http://www.theregister.co.uk/content/6/29713.html

Senate leader explains poll "hack"
By Andrew Orlowski in San Francisco
Posted: 11/03/2003 at 23:53 GMT

Senator Frist's office has elaborated on its explanation of why it pulled a website poll about the Iraq war last week. We could find no evidence of a security breach at the Senate, although this was the primary reason suggested by a Frist spokesperson on Friday. In fact, the poll was hosted outside the Senate firewall, his office now confirms.

The poll was discovered by bloggers, including Tom Tomorrow, who linked to the poll while it was showing a majority in favor of the war. By the time the poll was pulled, the vote count had swung to the Noes.

"Our computer guy has identified one individual who voted 8,700 times," the spokesperson told us today. Apparently, the software deleted the cookie and voted again.

So why not simply discard the 8,700 suspect votes?
"We suspended the poll because it had been tampered with," he said. "If those votes came from 8,700 unique users we would not have had to suspend the poll."

Well, quite. Although it doesn't really answer the question of why those 8,700 votes weren't discarded, and the good votes allowed to count.

It's certainly a puzzle. Previous polls on the Frist website explain that the system detected and disallowed multiple voting. To do so effectively it must log a voter's IP address, rather than rely on a cookie.

But what if, as one readers suggested, the "hacker" was using a dial-up connection? Dial-up connections typically allocate different IP numbers each time you connect.

Well, assuming each connection could be completed in 1 minute and 20 seconds, a single dial-up user would need one year and 118 days to vote 8,700 times, assuming the he didn't sleep, that the ISP had 8,700 numbers to allocate, and that it didn't allocate the same number twice from its pool of IP numbers.

So we can rule that one out.

"We will ensure that this kind of tampering doesn't happen again," said the spokesperson.

Online election ballots, anyone?

Posted by: bad Jim on March 12, 2003 12:05 AM

Atrios has a rather good comment about online polls, including the one in question:

http://atrios.blogspot.com/2003_03_09_atrios_archive.html#90522830

Posted by: Kristjan on March 12, 2003 02:14 AM

Atrios has a rather good comment about online polls, including the one in question:

http://atrios.blogspot.com/2003_03_09_atrios_archive.html#90522830

Posted by: Kristjan on March 12, 2003 02:15 AM

It should be clear from the 2000 election that Americans can't properly vote (or monitor) in an election.

Posted by: amused reader on March 12, 2003 04:56 AM

Web site polls are finger food for the users. Web sites
like to have polls because it draws in the users and
gives them something to do. It strengthen's the "relationship."
Most, if not all, web site polls are silly. Brad should
get a poll plug in for his site and then he can ask his
users how they feel about the color of money, or how
often they "bang their head against the wall." Web sites
like silly polls because smiling users come back for more.

It is practically impossible to create a valid poll on
a web site. It is technically impossible to avoid ballot
stuffing if users are allowed to remain even slightly
anonymous. This is another reason web sites tend to
make their polls silly.

There is a huge population of people out there with the
skills to do ballot stuffing on any web site poll. There
is a huge population of people who think it's fun, approprate,
and even part of the fun. The overlap between these two
groups is large enough that any web site poll that takes
it's self too seriously is certain to suffer ballot stuffing.

All the talk of the Senator's web site getting hacked is
disproportionate to the situation. If Brad's comment interface
get's used in a way that seems inapproprate then that's well,
inapproprate. To call what happen to the Senator an attack,
or a break-in, etc. is just exagerated speech and people who
do that should be ashamed.

The Senator's web site people made a dumb mistake trying to
have a poll on the web about something so serious, and his
PR people handled it poorly. Both were a little clueless.
I sense the audience (the press and the blogging community)
are being intentionally a little mean about that.

Posted by: Ben Hyde on March 12, 2003 08:15 AM

Ben, most people, me included, believe that what was wrong with Frist's poll is that it didn't give him the results he wanted, so he needed an excuse ("it was hacked") to trash it publicly. There never was a chance of it's being fair (self-selected polls almost never are), and he should not even have tried it if he was going to be afraid of what it would say.

Posted by: Chuck Nolan on March 12, 2003 08:59 AM
Post a comment