Secure Coding mailing list archives
darkreading: voting machines
From: dwheeler at ida.org (David A. Wheeler)
Date: Wed, 11 Oct 2006 17:20:08 -0400
Jeremy Epstein:
Interesting point. I'm on the Virginia state commission charged with making recommendations around voting systems, and we watched the Princeton video as part of our most recent meeting. The reaction from the election officials was amusing and scary: "if this is so real, why don't you hack a real election instead of this pretend stuff in the lab". Pointing out that it would (most likely) be a felony, and people like Rubin, Felten, and others are trying to help security not go to jail didn't seem to impress them. Also pointing out that the Rubin & Felten examples used out-of-date code because vendors won't share anything up-to-date doesn't seem to impress them. [This in response to Diebold's claim that they were looking at old code, and the problems are all "fixed".]
I'm willing to believe that the ELECTIONS are fixed. Since they lack a voter-verifiable paper trail, _no_ DRE can be trusted. Period. I used to do magic tricks, and they all work the same way - misdirect the viewer, so that what they think they see is not the same as reality. Many magic tricks depend on rigged props, where what you see is NOT the whole story. DREs are the ultimate illusion - the naive THINK they know what's doing, but in fact they have no way to know what's really going on. There's no way to even SEE the trap door under the box, as it were... DREs are a great prop for the illusion. Printing "zero" totals and other stuff looks just like a magic show to me - it has lots of pizazz, and it distracts the viewer from the fact that they have NO idea what's really going on.
I frankly don't think anything is going to impress the election officials (and some of the elected officials) short of incontrovertible evidence of a DRE meltdown - and of course, we know that there could well be a failure (and may have been failures) that are unproveable thanks to the nature of software.
I'm of the opinion that elections using DREs have ALREADY been manipulated. No, I can't prove that an election HAS been manipulated, and I certainly can't point to a specific manufacturer or election. And I sincerely hope that no elections HAVE been manipulated. But there's a LOT of money riding on big elections, and a small fraction of that would be enough to tempt someone to do it. And many people STRONGLY believe in their cause/party, and might manipulate an election on the grounds that it's for the "greater good" - it need not be about money at all. It's crazy to assume that no one's done it, when it's so easy and the systems are KNOWN to be weak. The whole problem is that DRE designs make it essentially impossible to detect massive fraud, almost impossible to find the perpetrator even if you detected it, and allow a SINGLE person to control an entire election (so there's little risk of a "squeeler" as there is with other frauds). And if an unethical person knows they won't be caught, it INCREASES the probability of them doing it. Anyone who thinks that all candidates and parties are too honest to do this need to discover the newspaper and history books. Ballot-stuffing is at least as ancient as ancient Greece, and as modern as Right Now. These voting systems and their surrounding processes would not meet the criteria for an electronic one-armed bandit in Las Vegas. Yet there's more at stake. The state commissions cannot provide any justifiable evidence that votes are protected from compromise if they use DREs. And that is their job. DREs are unfit for use in elections that matter. They should be decommissioned with prejudice, and frankly, I'd like to see laws requiring vendors to take them back and give their purchasers a refund, or add voter-verified paper systems acceptable to the customer at no charge. (The paper needs to meet some standard too, so that you can use counting machines from different manufacturers to prevent collusion.) At no time was this DRE technology appropriate for use in voting, and the companies selling them would have known better had they done any examination of their real requirements. The voters were given a lemon, and they should have the right to get their money back. --- David A. Wheeler
Current thread:
- darkreading: voting machines Gary McGraw (Oct 09)
- darkreading: voting machines Chris Wysopal (Oct 12)
- <Possible follow-ups>
- darkreading: voting machines Jeremy Epstein (Oct 10)
- darkreading: voting machines Chris Wysopal (Oct 12)
- darkreading: voting machines David A. Wheeler (Oct 11)