Slashdot Mirror
E-Voting Expert Testifies
Christopher Soghoian writes "Johns Hopkins University professor Dr. Avi Rubin (of previous e-voting fame) yesterday testified before the Maryland House Ways and Means Committee.
An article in the Baltimore Sun describes his testimony, as well as that of the director of the state elections board, Linda Lamone. Mrs. Lamone was highly critical of Dr Rubin's testimony, stating that he was doing 'a great disservice to democracy. They're telling the public: Don't trust them, don't trust the voting equipment.'
This begs the question: Is it better for security researchers to avoid publicly criticizing e-voting flaws? Is public faith in the system more important than overall system security?"
I don't think that I am stepping outside of the "group think" of Slashdot when I say "Secure systems are more secure with open and accessable standards and code which will verify that they are indeed secure". Furthermore, "Security is not inhanced by elimating the freedom of discussion"
The grass is only greener, if you don't take care of your own lawn.
They're telling the public: Don't trust them, don't trust the voting equipment.
Is public faith in the system more important than overall system security?
The trouble is with that 5-letter word: faith. Anything that handles data in an obscure way (read closed-source) relies on user's faith.
Anytime you start a closed-source program, faith in the coders/packagers is what makes you believe that nothing will go wrong. You can't double-check anything; if source is available, you don't need faith: just read the code. I guess for the majority it's the same: they don't understand so they must have faith in those who do.
But I feel it's just like a car: most people don't understand the inner workings - but they wouldn't buy one on which the hood is sealed.
Which is the argument against security researchers publicizing problems in any voting system. This is especially true if the new voting system is at least as fair and secure as the system to be replaced.
However, the standards for 'fairness' are increasingly strict. Many in the US now want to count every single person, no matter how poor, dark, or uneducated that person is. Such inclusive counting keeps people content while not changing the political landscape all that much, as the elite have other ways to control the landscape. Furthermore, as more people become educated they want access to the public process. Since the educated have the power to disrupt, their concerns matter and should be addressed to protect the peace which is so critical for economic well being.
Additionally, technology allows increased trust in our system. One good example is fingerprinting. Genetic matching brought up issues of the trust and reliability in the technology used to identify suspects. The courts ruled that any technology used in the courts must be reliable. This brought up the question of whether fingerprints are reliable. Though they have been used for a long time, and though a full fingerprint is reliable, the partial prints may not be. Even though they satisfies the standards of the past, they may not satisfy current standards.
Voting may be a smilier case. A higher level of reliability is possible, so it mandated that the possibility be realized.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
It is not because you understand something that it's trustworthy.
It's not because you understand how it can be rigged, that it wil not be rigged.
Understanding does not exclude fraud.
Understanding how fraud can be committed does not give the system credibility or trust.
One does not trust the system, but rather those who implement it. Regardless of the system in use.
"I think they're doing a great disservice to democracy," she said. "They're telling the public: Don't trust them, don't trust the voting equipment."
Sounds like the sort of thing dictators say when making an example out of someone eg. "he's an enemy of the people, he would kill your baby in the blink of an eye, would you actually trust a man like this that kills babys?" Then again there was the whole communist thing "hes a commie burn him" and the un-american thing "you are an un-american and im gonna call the FBI on you"
Linda Lamone either has no-idea about electronic voting, or has another agenda.
Actually i just realised shes right but shes using the redifined term for democracy which means "the most money wins" in which case its bad that the machines cant be controlled buy the most affluent people
This comment does not represent the views or opinions of the user.
Election commissioners are usually appointed, not elected (funny when you think about it), so I suspect that's going to be one of the last things Lamone says. Rubin's message was well-received, and at least one politician (a republican at that) publically expressed disappointment at the non-response of the election commission.
Summary: Short Diebold, they're going to lose a lot of contracts.
I've finally had it: until slashdot gets article moderation, I am not coming back.
I think, one of the most important safeguards in voting is the possibility to audit and correct the results many times over by many "auditors" (e.g. people and processes who re-count). Paper and pencil in connection with proper processes represent technology/methodology with these characteristics. Good electoral processes include a certain amount of re-counting already in the original count. More than one person looks at each ballot and agreement on the intent of the vote has to be there. If an entire electoral station's vote-counters are corrupt, then ballot boxes can be shipped off to a new group of examiners.
For example, I think e-voting needs to emulate the capability of having several independent examinations of a vote (like several people looking at a ballot, and interpreting which way the vote was intended). This would at least require the capability of having software from more than one provider, each piece of software essentially interpreting the intent of the vote.
Each step of the data gathering and interpretation process should be multi-sourced. And yes, that would mean, that even a log of x/y co-ordinates, which have been touched, should be generated by more than one independent source.
If the independently created and managed processes(hardware/software) in the voting machine all agree on the result, there is a good chance that neither fraud nor error has been present - but if the results amongst the independent processes vary, one needs to investigate.
So, while I think open sourcing is a fundamentally more democratic approach to e-voting software (and hardware!), I think that multi-sourcing of software (preferably in each machine) is even more important.
I understand the concern about e-voting, as a US citizen, I do feel that my vote should count. However, it doesn't. Because it isn't a representative vote. If 60 percent of the country votes for 2 candidates that have leftist views, but neither of them get a majority, the remaining 40 percent (the minority) of the country has an administration in power. Interesting, eh?
I find this disturbing. But thats just one way of vote manipulation. Others include: blatant lies during campaigns, smear campaigns, party affiliation (I don't know anything about this candidate, but it's a democrat! I'll pick it, n/m it's warhawk stance and corporate leanings), intimidation, money, and pre-political fame. Not to mention the manipulations of the present administration: free press conferences, interviews, wars (or the stopping of)... etc.
I think these are more pervasive than electronic tampering. Plus, since there are over 2 brands of voting machine being used, I think it could be easy to detect which ones are cheating: lets say diebold only picks republicans and brand x always picks democrats. When votes are tallied I think this manipulation will be obvious.
Everything is flawed. There is no such thing as a perfect voting machine. The question is what is an acceptable level of risk.
Mea navis aericumbens anguillis abundat
Calling Avi Rubin a "smart aleck" after he criticizes e-voting machines is like saying the AMA is a bunch of smart alecks when they decry smoking as cancer-causing. We don't have a 'Security General' like we have a Surgeon General, but if we did, Rubin would be qualified by the job -- and only one of a handful of people I'd want to see in it.
This has really gone from, "Wow, what is that crazy county thinking?" when they selected Diebold e-Tyranny systems to absolute insanity. After so many major vulnerabilities were found and a bevy of absolutely insane catastrophes have occurred (like the number of votes being 10x the number of registered voters?), these systems should be done forever. Fix them? Wrong. Throw them away, and let Diebold make something they're qualified to make, like... bubble gum dispensers.
The shocking thing is that the security experts are raving about how intentional compromises could occur -- but these machines are so pathetic, they can't even function properly due to accidental bugs! If they can't even function when used normally, what happens when we introduce maliciousness?
The ACLU should have lawsuits coming out the wazoo for this. Hanging chad? Hanging chad has nothing on these machines.
I was under the impression that one could practically sue for almost anything in the US. Would it not be possible for someone to start a class action suit against the state election commission for willfully damaging the saftey of the democratic process in that state (MD)?
I like computers and technology - I really do.
However, unless computers will do a job better than previous methods, they shouldn't be used.
Voting systems are what I would have to call mission-critical systems. They should have all the rigor, analysis, and verifiability that can be brought-to-bear towards making systems accurate and robust. They should be very formally designed and tested, and placed under the most rigorous configuration management and control.
Why these sytems aren't being built (or required) to undergo what would have even been considered best-practices in the 1970s or 1980s eludes me. I consider the lure of the technology, coupled with a general apathy towards the genuine intracacies and consequences of failure, to be a big part of the problem.
There should be damned strong requirements on how any system used in any governmental election are designed, proven, built, etc... I would actually want to start with proven security/OS kernels in any such designs. This machine does not even have to be based on a commercially available OS platform - it has to perform a specific type of task very reliably.
Sam Nitzberg
http://www.iamsam.com
If the aim of the system is to provide a proper representative democracy, then it is critical that the system works and is secure. In this scenario, trust is secondary, since the untrusters will be in the minority, and not in a position to rock the boat too much - natural forces will balance out a level of distrust. Even if a paper audit trail is available, Joe Avg is not in a position to personally audit the results, so its all down to faith at the end of the day.
If the aim of the system is to install a fascist autocracy, then it is critical that public trust and perception comes first. The actual workings and security of the system (and indeed the results themselves) are largely irrellevant. Votes are conducted in a dictatorship scenario as a simple mechanism to make people think that they had their say, and therefore are being fairly represented.
Either way, there is going to be a small portion of the population who dont trust the result, and blame it on some conspiracy. Fact is, come the next general election in the USA (2004 ?), we are just not in any position to know which version of reality we are living in.
In another 20 years time anyway, voting will be conducted via SMS, and people will be openly encouraged to post multiple votes - Elections will be a combination of public circus, TV entertainment and money spinner.
They will start with 100 presidential candidates, and each week voters will have to tune in to TV to listen to their addresses, and then vote via SMS to evict a bunch of candidates who failed to perform in the speeches, singing and bathing costume sections of the election.
And tune in next week viewers, as our surviving presidential candidates have to negotiate the crocodile infested obstacle course in their speedos whilst singing 'I Did It My Way'. The real government of the day can then go about their business unmolested, whilst Mr Popular stands out before the TV cameras as the public face of the party.
Is there any way to independently validate the system, in a way that prevents tampering on election day? Please don't forget that Diebold's CEO is the one whose been shmoozing with the Republican aristocracy at $1000 / plate dinners and promised that his company was "committed to helping Ohio deliver its electoral votes to the president next year".