I was asked yesterday in a CNN interview how I felt about the fact that voting equipment was available for purchase on EBay. My response (which didn't make it into the 15 second soundbyte) may have surprised the interviewer. I think it's great that the equipment is available on EBay - right now, this is just about the only way this equipment ever gets any truly independent review.
The question was prompted by news of the purchase of a Diebold touchscreen voting machine by Open Voting Foundation (OVC) last month. Their access to the equipment allowed them to discover yet another egregious security vulnerability in this system (reported in the article "Worst Ever Security Flaw Found In Diebold Touchscreen Voting Machine"). The Diebold TS has successfully gone through what passes for a federal testing and certification process and used in elections - yet the appalling security flaws in this system have been well documented. Similar flaws may very well exist in equipment produced by other vendors. However, because of the secrecy that shrouds the testing certification process, which is funded by the vendors and operates without public oversight, the voters who are forced to trust these systems aren't allowed to know.
Voting system software should be publicly disclosed and independently reviewed and the hardware should available for examination by computer experts with no financial ties to the vendors. There is a general consensus among computer security experts that 'security through obscurity', the notion that security depends on secrecy, should never be used as a primary security measure. Computer scientist Justin Moore has observed "The best systems have the fewest secrets." Anything that needs to be kept secret - such as a password, an encryption key, a physical building key -- in order for the system to work securely is a potential point of attack. The more things that need to be kept secret or secure, the more points of attack. The best systems are the ones where you can hand over the entire source code to the attacker, and they still can't get anywhere. In other words, the source code reveals no points of attack, and no longer needs to be secret.
If electronic voting machines are going to be used (and in the short term it certainly appears that they will be used) the public disclosure of voting system software is crucial. Most people's first reaction to a call for such disclosure is like that of my interviewer - 'wouldn't that give the hackers a blueprint to rig the machines?'. But as we all know hackers will figure out how to hack - and with Diebold's 'features' it seems the machines were specifically designed to make rigging elections as easy as possible.
In the end, even if we ever get stringent voing system standards and rigorous testing it will not eliminate the need for an independent voter verified means of verification, i.e. paper, and its use in audits to verify the accuracy of machine tabulations.
(For a much more thorough and authoritative discussion of this subject, I recommend Rebecca Mercuri and Peter Neumann's essay "Security by Obscurity".)
Comment on This Article
You must login to leave comments...
Other Visitors Comments
You must login to see comments...