I've been wondering for a long time about the security of computer-based voting machines. Very few systems today are hacker-proof and one could argue that it's only a matter of time before they are compromised. Considering that the hacker community is a like a ginormous distributed processing system, the sheer numbers attacking any given system will eventually expose a vulnerability. The point is that I think it sounds very good conceptually to automate the voting process. However, not a day goes by without news of somebody somewhere accessing secured information and these reports aren't on a small scale either. Millions of records are involved in most cases.
So why does it seem so important to automate voting when we know voting machines will be high-profile hacker targets, the voting system is already under constant manipulation (see the latest ACORN antics), and people continually question traditional voting methods? Voting machines have been a conspiracy theorist's dream since they were first introduced, probably because nobody can really say for sure that input equals output. It's taken on faith that companies like Diebold have good coders and security methods.
However, the more they are used, the more voting machines will be questioned. For instance: Diebold Voting Machines Vulnerable to Virus Attack.
The report, titled "Source Code Review of the Diebold Voting System," was apparently released Thursday, just one day before California Secretary of State Debra Bowen is to decide which machines are certified for use in California's 2008 presidential primary elections.
The source-code review identified four main weaknesses in Diebold's software, including: vulnerabilities that allow an attacker to install malware on the machines, a failure to guarantee the secrecy of ballots, a lack of controls to prevent election workers from tampering with ballots and results, and susceptibility to viruses that could allow attackers to an influence an election.
"A virus could allow an attacker who only had access to a few machines or memory cards, or possibly to only one, to spread malicious software to most, if not all, of a county's voting machines," the report said. "Thus, large-scale election fraud in the Diebold system does not necessarily require physical access to a large number of voting machines."
The report warned that a paper trail of votes cast is not sufficient to guarantee the integrity of an election using the machines. "Malicious code might be able to subtly influence close elections, and it could disrupt elections by causing widespread equipment failure on election day," it said.
The source-code review went on to warn that commercial antivirus scanners do not offer adequate protection for the voting machines. "They are not designed to detect virally propagating malicious code that targets voting equipment and voting software," it said.
In conclusion, the report said Diebold's voting machines had not been designed with security as a priority. "For this reason, the safest way to repair the Diebold system is to reengineer it so that it is secure by design," it said.
I noticed they are using commercial, off-the-shelf (COTS) virus software. This is an indication that these machines are running Windows or another standard operating system. A custom operating system should have been created from scratch and kept as secret as missile launch codes. Another surprise was the lack of controls over ballot management.
Overall, we are looking at incompetence on a grand scale. The government is reposnsible for creating standards for vendors to follow (see How the Government Handles Information Security). Diebold is responsible for providing a product that is so high-profile and so politically volatile that it should withstand the toughest scrutiny.
To me, this proves that we are not ready to rely on computer-based voting machines. Security is a cultural afterthought and our government has proven itself incapable of protecting national interests much less secure information. Until such a time that leaks stop hitting the New York Times, China stops getting defense secrets, current immigration laws are enforced, and politicians show they have some grasp on technology, I would rather trust my fellow citizens to manually count the votes.
Popularity: unranked [?]
Wretched Human Mirror by Bloodbath