Monday, August 06, 2007


California's voting system audit

I've written before (here, here, and here, for example) about computer voting machines. Executive summary of my opinion, spelled out at much greater length in the first link:

First, we always have to start with a system that we believe is well designed, well implemented, and thoroughly reviewed.


Now, that's "if it's done properly". It must not be rushed, and the validation of the system must not be shortcut — that is where the danger lies. A computer voting system can and should be better than anything we have now, but it could also be full of holes if we roll it out without taking the same sorts of precautions we'd take in rolling out mechanical voting machines, or even a paper voting-and-counting system.

The key point, of course, is that none of the existing systems are remotely close to being properly reviewed, and all are likely to have glaring security flaws in the design and implementation.

Well, California has decided to do something about that, and my Internet Architecture Board colleague Eric Rescorla has recently finished working on a team, under the auspices of California's Secretary of State, that reviewed three manufacturers' machines. Separate review teams looked at the source code and hacked at the hardware... and broke the security of all three systems, resulting in the withdrawal of certification for all four machines used in California.

The review team reports, along with explanations of the methodology of the study, can be found on the official web page. Read articles about it in the New York Times, the San Francisco Chronicle, and Wired.

California's review was overseen by the University of California, and collected some of the top computer security experts, including Eric. It's a real credit to the state that they undertook and funded this, and that they did get an independent team of true experts in the field to do the work. And I'll note that these are the same machines that are in use in other states. It's not necessary for every state to do such an audit, but it is necessary for every state to pay attention to this one, and to benefit from it.

Now it's time for every state to decertify their computer voting systems, and demand that any system pass such a review before attaining certification. We have to know that we have trustworthy voting tools, and we now have proof that we don't.

No comments: