October 26, 2006
-- by Dave Johnson
Ars Technica is an online magazine for techies. They're covering the voting machines fiasco.
What if I told you that it would take only one person—one highly motivated, but only moderately skilled bad apple, with either authorized or unauthorized access to the right company's internal computer network—to steal a statewide election?The article goes into technical detail on how to accomplish the theft of an election. But then,
[. . .] Thanks the recent and rapid adoption of direct-recording electronic (DRE) voting machines in states and counties across America, the two scenarios that I just outlined have now become siblings (perhaps even fraternal twins) in the same large, unhappy family of information security (infosec) challenges. Our national election infrastructure is now largely an information technology infrastructure, so the problem of keeping our elections free of vote fraud is now an information security problem. If you've been keeping track of the news in the past few years, with its weekly litany of high-profile breeches in public- and private-sector networks, then you know how well we're (not) doing on the infosec front.
Finally, it's extremely important to note that, in the absence of a meaningful audit trail, like that provided by voter-verified paper receipts, it is virtually impossible to tell machine malfunction from deliberate vandalism. Pioneering election security researcher Rebecca Mercuri has told me that she's actually much more concerned about "disenfranchisement of voters due to the strategic denial-of-service that currently masquerades as malfunctions," than she is about "manipulation of election equipment and data files in order to alter election outcomes, although both remain problematic."And, toward the end,
When you have a rash of voting machines that have their memories wiped, their votes erased, or their number of votes mysteriously inflated; when you have reports of machines that crash or refuse to respond; when many machines record a vote for the wrong candidate—all of this could just as plausibly be construed as evidence of fraud as it could be of spontaneous malfunction, because there's simply no way to tell the difference in most cases.
In conclusion, let me summarize what I hope you'll take home with you after reading this article and thinking about its contents:
* Bits and bytes are made to be manipulated; by turning votes into bits and bytes, we've made them orders of magnitude easier to manipulate during and after an election.
* By rushing to merge our nation's election infrastructure with our computing infrastructure, we have prematurely brought the fairly old and well-understood field of election security under the rubric of the new, rapidly evolving field of information security.
* In order to have confidence in the results of a paperless DRE-based election, you must first have confidence in the personnel and security practices at these institutions: the board of elections, the DRE vendor, and third-party software vendor whose product is used on the DRE.
* In the absence of the ability to conduct a meaningful audit, there is no discernable difference between DRE malfunction and deliberate tampering (either for the purpose of disenfranchisement or altering the vote record).
TrackBack URL for this entry:
How come Diebold ATM machines don't suffer these problems? They seem capable of making a pretty reliable ATM machine, I wonder why election machines are so much more difficult?
The basic reason is that customers of Diebold ATMs have a major interest in reliable machines. Also, ATMs produce paper receipts. My small experience in talking with voting officials about the unreliability of the voting machines is that they don't even hear what I say.
Posted by: John M 307 at October 27, 2006 1:46 AM
Post a comment
Thanks for signing in, . Now you can comment. (sign out)(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)