Hackers, Public Differ Greatly On E-voting

cweditor writes "Sorry to be touting one of my own Computerworld stories, but I only covered it because I found it so interesting. The Ponemon Institute surveyed 2,933 members of the general public and then 100 DEFCON and Black Hat attendees to get their views on electronic voting. 'The degree of difference was startling,' said director Larry Ponemon. It was the biggest split between 'experts and the public he'd ever found. For example, 83% of the experts said e-voting is less or much less secure against election tampering than paper ballots, compared with just 19% of the general public."

Imagine that.

[2names]

The experts know more than the general public. Will wonders never cease?

Re:Imagine that.

[TopShelf]

I don't think security is the only concern, but reliability as well. A few more examples like this, and the at-large public will become more skeptical...

Re:Imagine that.

[lazyl]

Yeah, but how much do these 'experts' know about how secure paper ballots really are? They should also interview a third group: those who are experts in the paper system.

Re:Imagine that.

[aardvarkjoe]

What makes it even less informative is that these "experts" are not experts in the field that's being discussed. The numbers would at least be interesting if they had actually used experts knowledgable about voting security.

Re:Imagine that.

[Phisbut]

Maybe people don't hack into the old unpatched NT box because there would be no valuable reason to do so. Or maybe it does get hacked but when the hacker sees there's nothing of interest, he leaves and hunts for another target.

But election tampering, *now* you've got something valuable. Being able to bypass democracy and nominate (in opposition to elect) the guy who has the power to say "Let's bomb Iraq some more", now you've got a good reason to worry about security.

I have a little server at home that basically only runs to gather high-scores from a little amateur online game I made. There's no reason for me to patch it ad-nauseum since I don't really care if the machine crashes or gets hacked or anything. Just as a hacker would care about somebody's high score when he sees my server.

Being paranoid is trying to secure something nobody would want to tamper with. Making sure nobody can hack into the e-voting system that will elect the next president is *not* being paranoid, it's plain ol' common sense.

Re:Imagine that.

[Teancom]

Did you actually read the article? All the way to the end, that is? The only thing that actually went wonky was the machine that projects the totals up on the wall. And it was smart enough to know that it hadn't been reset, so it delibaretly put up huge numbers to attract attention to the fact. As the article said, at no time was the actual voting machine off in any way. In short, there are plenty of reasons to dislike or distrust electronic voting, but this is a particulary bad example to use as one of them.

Re:Imagine that.

[Phisbut]

Sometimes, the old fashioned way is the best way. We had a federal election a couple of months ago in Canada, and it was all paper & pens.

People could come from 9AM to 9PM to take the piece of paper, go behind the curtain over there, mark the paper with the pen (make an X in a cirle next to the one you want to vote for... not all that complicated), and put the little piece of paper in the sealed box.

At the end of the day, human beings opened the sealed boxes, with several witnesses (at least one representative of each party, plus other government officials), and hand-counted each ballot. Take one paper, show it to everybody, add 1 to the score of the guy on that ballot, put the ballot in a pile. Repeat the process about 500 times per box, for each of the thousands and thousands of boxes around the country. The whole process of counting takes about an hour, and there's very very few occurences of a party requiring a recount, because everything has been done in front of at least 10 witnesses.

Where's the need for all that electronic voting stuff? Maybe it goes faster, and maybe the paper-way requires the hiring of more people (thus costing more in salaries), but consider the cost of buying the electronic stuff, then the cost of all the judicial stuff that happens because votes are missing or something got hacked or so.

Go back to plain ol' paper & pens, and let democracy reign.

Re:Imagine that.

[abb3w]

since they only interviewed 100 experts to the 2,933 everyjoes,

Error bars on statistical samples IIR are (N^0.5); thus, percentages have error bars of (N^-0.5). Thus, the 83% expert opinion on 100 experts is +/- 10%; the 19% opinion on 2933 everyjoes has an error of about 1.8%. So, even worst case, the experts are more than three times as likely to distrust the computer voting.

"Anyone who cannot cope with mathematics is not fully human. At best he is a tolerable subhuman who has learned to wear shoes, bathe and not make messes in the house." --Heinlein

Re:Imagine that.

The key is that as long as physical security is maintained, the paper ballots can always be recounted, manually if needed, and the process can be manually validated by observers.

Thus any weaknesses with paper ballots is entirely a process issue (how physical security is maintained, and how one counts the votes and the requirements to request a recount), while with electronic voting there are significant technical issues to come across.

The only safe electronic voting system is one where the system prints out a paper ballot, asks the voter to confirm that the paper ballot matches their selections, and where the paper ballots are collected as usual. Further, the electronic vote and the paper ballot should both be tagged by an id. If that is done, then random validations (in the form of manual recounts of a small percentage of paper ballots and comparison with their electronic equivalents) could safeguard against fraud.

Note that it's vital that voters aren't allowed to take the paper ballot home, as that would make vote selling and forced voting trivially easy.

It's simply so extremely hard to make a tamper proof pure electronic voting system that maintains secrecy and prevent vote selling that it won't be worth it.

Re:Imagine that.

[xTown]

Amen to that. I've always been of the opinion that the requirement for speed of counting has been a detriment to the entire process. For something as important as voting...we can wait. And with paper and pen, there's almost no chance to misinterpret a vote.

Re:Imagine that.

[aardvarkjoe]

I'm saying that having a general knowledge of computer security is not the same as being an expert in the field of e-voting security. An in-depth knowledge of the specifics of voting systems and voting fraud, both electronic and traditional, are required to offer an informed opinion as an expert on the relative security between the two. Many of these "experts" probably gained most of their knowledge of the subject from slashdot stories.

Ya Think?

[darth_MALL]

What data or insider knowledge does Joe Public have about how this wouldn't be secure? I think they assume its simplified and therefore more secure.

I have said it before, and I will say it again

[YankeeInExile]

Electronic Voting is a solution in search of a problem.

Why this fetish for applying complicating technology to simple problems?

Re:I have said it before, and I will say it again

[bubba_the_mermaid]

I guess the idea is that these "technological wonders" will prevent the chaos that surrounded the Floria polls in 2000 from re-occuring.

However, we need to ask: Is the re-count the problem itself, or a symptom?

Re:I have said it before, and I will say it again

[xenocide2]

Electronic voting does offer certain advantages:

*Ballots in multiple languages can be done easily
*Ballots that if cast must be voided (marking more candidates than allowed) can be inspected and brought to the voters attention via computer
*Ballots for the visually impaired can be computed and presented effortlessly

Of course, the biggest and most mouthwatering sales pitch for people who run elections and other votes:
* Never count by hand again!

Now you see why they're pissed about this whole "paper trail" fiasco. The gravity of the situation is that anonymity and accountability are two forces in a great struggle with eachother. Anyone who can solve this problem stands to earn a vast fortune. This is why we see so many pretenders to the throne, discussing how secure and infalliable their systems are.

The Department of Defense has rigorous testing and inspection requirements for software they use. I don't see why we shouldn't apply the same philosophy to another aspect of protecting democracy, the voting machines.

Re:I have said it before, and I will say it again

[bigpat]

Or, if you're a conspiracy theorist, one can argue that the politicians, especially the incumbents, want to be able to tamper with ballet result.

Who needs a conspiracy, just one guy with an agenda and a connected system can tamper with elecotronic ballots, that is why there is all the fuss. At least with physical ballots you really do need a conspiracy to tamper with them successfully. And then there is usually more physical evidence of the tampering.

Computers are useful for the same reason they are dangerous for voting, computers substantially seperate the content from the physical medium, making deleting, copying, and modification much easier. Sure you can recontruct some deleted files on a hard disk, but try figuring out what the votes should have been if they are deleted, especially by someone with knowledge of the system.

Once these machines are around for a few years, then you can be assured that even that sweet little grandmother volunteering down at the polling place, whom you don't realize has been strong armed by the local party boss, will be plugging in her ipod to the back of one of these machines and revoting 70% of the votes the correct way using a simple program she downloaded off the web. Even she will not really feel too guilty just plugging in a wire into the back of a terminal... or maybe just about as guilty as a seventeen year old hacker

Some things are just meant to be physical.

The point is...

[Decameron81]

The point is that the general public doesn't know what happens behind the scene when they click on a button with their mouse. Maybe the reason those experts don't trust e-voting is because they know it takes only so much to be able to read and modify data going through the net.

Just my 2 cents.

That's why they call it the 31337...

[CharAznable]

It's disturbing when technical issues become central to a wider political issue that involves everybody, yet very few people have the background to understand it or have an informed opinion about it. Software patents is such an issue. This one is too, and much more important. It's quite easy to lie and mislead the general public with it, since few people have the knowledge to see through the bullshit.

I have a feeling...

[odano]

That e-voting isn't the only topic which hackers and the general public disagree.

This just in

[NeoSkandranon]

News flash: General public clueless about an issue. More at 11...

I wonder...

How many of those that thought e-voting was secure are also Bush supporters?

A Survey at DEFCON about HACKING???

[Lord+Grey]

The Ponemon Institute surveyed 2,933 members of the general public and then 100 DEFCON and Black Hat attendees to get their views on electronic voting.

DEFCON is hardly the right place to be conducting a survey about the "hackability" of an electronic voting system. 50% of this year's attendees could probably figure out how to hack the vote before their third Mountain Dew.

Re:A Survey at DEFCON about HACKING???

On the contrary, it's the perfect place to conduct such a survey. If 50% of this year's attendees could, as you say, figure out how to hack the vote, then the system is most certainly hackable, and their expert opinions would be validated.

Re:A Survey at DEFCON about HACKING???

Just remember: if there are enough people who can hack the election to fill up half a convention, chances are good that there's at least one person who might actually do it somewhere in the country.

Re:A Survey at DEFCON about HACKING???

[upsidedown_duck]

50% of this year's attendees could probably figure out how to hack the vote before their third Mountain Dew.

This shows that there are clearly people out there who have the skills and, given the right circumstances, the will to be hired by a political campaign, incumbant, lobbyist organization, or criminal organization to aid their respective agendas. When big power plays and money are involved, hiring a computer cracker is probably just part of doing business.

The thing I don't get

[dg41]

Is why elections officials are so adamantly opposed to a paper trail? Sure, it creates extra expense in the short term, but it simplifies matters (by using electronic voting, hands down then the chad-bearing cards) and provides an auditable trail.

Sorry

[MarsDefenseMinister]

Sorry to be touting my own 14th post, but I'm only covering it because it's so damn interesting!

Actually, it is a good article, and it should be widely distributed. Obviously computer experts can see the flaws in e-voting, but it's the non-computer experts that we need to reach. Most people out there have no clue at all that something is wrong. An article like this, simplified a bit, could change a lot of uninformed opinions.

P2P voting

[revery]

To quote a popular saying, He who counts the votes, elects.
The only way to ensure the safety of ballots is to distribute the counting of ballots among a larger number of people.

The more centralized the ballot counting, the easier it is to corrupt, the more distributed it is, the more difficult it is to corrupt and the greater the likelihood of exposure.

And by distributed, I'm not talking about computers networks, I'm talking about people.

--

Was it the sheep climbing onto the altar, or the cattle lowing to be slain,
or the Son of God hanging dead and bloodied on a cross that told me this was a world condemned, but loved and bought with blood.

BSOD?

[larley]

I wonder, though, whether the situation would arise where an e-voting machine crashes? I mean, so many people trust BANK machines, and yet I've encountered several situations where I insert my card, nothing happens, it spits the card out, and I see OS/2 rebooting... I just hope the same doesn't occur in the polling booths. It might scare the old Floridians to see an OS booting up - these ARE the same people who couldn't figure out where to punch a card with 4 or 5 big circles on it.

Scientific Literacy

[mdemeny]

I read somewhere that only 5% of the general public has a basic understanding of the concepts behind major everyday items such as a television or a refrigerator. Unfortunately I can't find the source of that figure (but paraphrasing Homer Simpson - "87% of all figures are made up anyways")

However, this underscores an important weakness in our society. When a TV or fridge was simply a consumer item, it was less important to know how it works. Now that large parts of our economy (finance, software, inventory, logistics), society (arts and culture) and democracy itself is largely controlled by computers this knowledge gap become increasingly important. People looking to control these sectors can increasingly rely on the general populace to not understand the issues involved. Just look at the bills passed regarding the use of technology (DMCA, HAVA, etc.) and you'll see that basic weakness exploited.

Trust me...

[abb3w]

Black hats are not known for subtlety when trying to send a political message. If they had been tampering, the poll would have shown that of 100 experts sampled, 293027571% thought it was insecure.

Re:Electronic Voting Needs a Paper Trail

[VidEdit]

A piece of paper by itself does nothing. The paper has to show the voter how they voted in a human readable way and a way that can be verified against the machine. However, if no audit is conducted, the paper does absolutely nothing but give voters a false sense of security.

Re:have you

[downbad]

I agree. Most Defcon attendees aren't even close to being experts, but the Black Hat convention is a completely different story. The kiddies at Defcon would be bored out of their minds. It's more for "grown ups" - for example, speakers wouldn't throw raw meat at the audience.

Huh?

Since when are the attendees of DefCon (the majority of whom are wannabe hackers who try to look the part rather than learn it), a group of experts?

What "Paper ballots" did John Q think was meant?

[Ungrounded+Lightning]

Yeah, but how much do these 'experts' know about how secure paper ballots really are? They should also interview a third group: those who are experts in the paper system.

I think a more telling question is: What "Paper Balots" did John Q Public think he was comparing to the e-voting systems?

And as usual we have a "game of telephone" going on here:

- We don't KNOW what the actual question on the survey was.
- The Computerworld article said "traditional paper ballot machines". (Maybe that was what was actually in the question. Let's assume it for the moment.)
- But when the Computerworld article's own author posted it to slashdot, he warped it to "Paper Ballots". And this thread is following his lead.

Now you and I know that paper ballots - the ones with the square boxes with hand-drawn Xes - are subject to some tampering, but it's hard to do it without leaving tracks, while a purely electronic systems is subject to all sorts of invisible breakdowns, from mechanical problems, software bugs, and malicious tampering.

But if you're talking "traditional paper ballot machines" you just completely dropped that system. Now you're talking about either punchcards, or optical mark sense systems.

What experience does John Q. have with either?

With punched cards, his sole reference point on reliability is the media storm over the presidential election in Florida. You know - the one where the democrats are STILL claiming the Republicans stole the election. Optical sense cards are subject to mis-scanning. Both can be hit by operational irregularities (such as not running one stack through while running another through twice.) Both are subject to cheating by replacement of physical ballots (as are all the other systems except e-voting without printed audit trail). Both are subject to exactly the same opportunities for accidental or malicious corruption of the vote counting hardware and software.

(And don't even get me STARTED on mechanical voting machines...)

So why SHOULD John Q. think that the e systems AREN'T better than the "traditional paper ballot MACHINES" - whose software has had more time for malicious bug injection and whose hardware and operational systems have been the subject of a recent major scandal?

IMHO John Q. may be right: All the objections except lack of an audit trail apply to the other paper ballot MACHINE systems, and they also have a better opportunity for misreading through mechanical failure or "user error" than the e systems. And since the audit trail is rarely checked, who's to say that the elections haven't been corrupted for decades.

IMHO the important thing about this flap is that it could lead to a less corruptable counting system than we've had since I became eligible to vote back in the '60s. The extra opportunity for unchecked vote corruption has lead to a move to eliminate the problem with the new machines by adding an audit trail, and to regular random surveilance of that audit trail. This, combined with the lower MECHANICAL error rate of the systems and the redundant counting mechanism will set a new, higher standard for the OLDER systems, and should lead to a much more accurate count.

Then, if we move on to eliminating the OTHER sources of election corruption (ineligible voters, multiple registrations, etc.), we might actually come up with fair and accurate elections within what remains of my lifetime. B-)

AAK! or, Electoral College and "democracy"

[mrchaotica]

Have you never heard of the "tyranny of the majority"? The United States is a Republic, not a Democracy, and the Electoral College exists specifically for this reason. Its job is explicitly to prevent the direct election of the President, because it's too important to entrust to the largely ignorant general populace. In high school, they teach about separation of powers and checks and balances; well, this is a check against the power of the people! The electoral college system was broken when the responsibility for choosing the electors transferred from the state legislature to the people; please don't break it any further!