Thursday, June 29, 2006

.

More on computer voting

Five or six weeks ago, I posted a long entry about computer voting. In it, I said that a properly designed, secured, reviewed, and audited computer-based voting system could be far better than the voting systems we've had until now, but that the computer-based systems that are available today — and are being deployed — do not qualify. Yesterday's Washington Post underscores the failure to qualify with this article:

To determine what it would take to hack a U.S. election, a team of cybersecurity experts turned to a fictional battleground state called Pennasota and a fictional gubernatorial race between Tom Jefferson and Johnny Adams. It's the year 2007, and the state uses electronic voting machines. Jefferson was forecast to win the race by about 80,000 votes, or 2.3 percent of the vote. Adams's conspirators thought, "How easily can we manipulate the election results?"

The experts thought about all the ways to do it. And they concluded in a report issued yesterday that it would take only one person, with a sophisticated technical knowledge and timely access to the software that runs the voting machines, to change the outcome.

Voting-machine vendors, such as Diebold, of course, downplay the report and deny the problems:

"It just isn't the piece of equipment," said David Bear, a spokesman for Diebold Election Systems, one of the country's largest vendors. "It's all the elements of an election environment that make for a secure election."

"This report is based on speculation rather than an examination of the record. To date, voting systems have not been successfully attacked in a live election," said Bob Cohen, a spokesman for the Election Technology Council, a voting machine vendors' trade group. "The purported vulnerabilities presented in this study, while interesting in theory, would be extremely difficult to exploit."
What we have to remember, though, is that even if it's true that the vulnerabilities "would be extremely difficult to exploit," the rewards for success are sufficiently great that I get no comfort from considering the difficulty, nor from the (unsubstantiated) claim that it hasn't happened yet.

And as to the difficulty, well, the report says that "it would take only one person, with a sophisticated technical knowledge and timely access to the software that runs the voting machines, to change the outcome." An insider, perhaps, from the Election Technology Council? Diebold's CEO was quoted in 2004 as saying that he would do whatever it took to deliver Ohio to George Bush in the election. Given that sort of statement, can anyone be confident that there's useful protection against the sort of attack the report describes?

As always, I'd like to see the full report — these brief blurbs in the newspaper are never adequate. (Wouldn't it be nice if the online articles had links to the original material they reference, when that material is availble? I don't know whether it's available in this case, but it often is, and it's never linked from the online newspaper articles.)

2 comments:

scouter573 said...

There is yet another report in the news about a yet another stolen computer containing private information on yet more thousands and millions of consumers. The statements coming from heads of corporations and leaders in government? "There's no evidence that any of the information has been misused." Right. Reassuring.

Similarly, there are statements coming from heads of corporations and leaders in government that no elections have been compromised or corrupted. Right. Reassuring.

I can now sleep better knowing that my votes and my personal data are perfectly safe. Right.

scouter573 said...

I found a link -->
http://today.reuters.com/news/newsArticle.aspx?type=domesticNews&storyID=2006-06-07T024423Z_01_N06435124_RTRUKOC_0_US-CRIME-USA-VETERANS.xml

The records of 2.2 million soldiers stolen (reported 6 June).

Late, of course. ;-)