Reply #8: Ars Technica: They’re on to election fraud! The end is near. [View All]

This is the ‘leet site for the ‘best and brightest’ of the younger generation of computer fanatics. Let them “look” into things. It will be revealing.



http://arstechnica.com/news.ars/post/20030812-2655.html

Spiraling problems for electronic voting

8/12/2003 2:54:05 PM, by Ken "Caesar" Fisher

It's hardly surprising given recent election trends that interest in "more reliable" voting methods is on the rise, and some people are turning to purely electronic (paperless) voting methods. But fears over such computerized systems are on the rise, too. If we're going to transition to an electronic voting system, who should see the source code? There's at least two concerns here: one is the open source argument, which stipulates that the code would be more secure, and hence more trustworthy, if many eyes could look over it. The other is more Machiavellian: if the source stays closed, how can the public be sure that the code isn't riggable by the Powers That Be™? In a fortunate twist of fate, the source code for the system that powers Diebold Election Systems' voting machines was leaked out onto the 'net. In a report issued at the end of July, a number of security analysts judged (PDF) that the code was in fact not secure, and using it was not a wise idea. These systems had already been used in several states, including Georgia's state-wide elections in 2002.

“Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts. We highlight several issues including unauthorized privilege escalation, incorrect use of cryptography, vulnerabilities to network threats, and poor software development processes. For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal. Furthermore, we show that even the most serious of our outsider attacks could have been discovered without the source code. In the face of such attacks, the usual worries about insider threats are not the only concerns; outsiders can do the damage. That said, we demonstrate that the insider threat is also quite considerable. We conclude that, as a society, we must carefully consider the risks inherent in electronic voting, as it places our very democracy at risk.”
http://avirubin.com/vote.pdf

The problem has prompted some states to review their use of such technologies. Maryland had planned to purchase US $55.6 million worth of the machines, but last week the governor ordered a review of the system's reliability. Virginia is now looking into the matter as well. It's a curious conundrum: should the government require that all such voting software be open source, or should the government be in charge of the project itself? Will open sourcing such technologies stifle innovation by removing competitive edge? Is going paperless even a good idea to begin with? This isn't just an American problem, either. Electronic voting machines are used in several countries, and as technology marches on, we can probably expect that number to grow. Thanks to Chief for prodding me enough to finally write this situation up.