RE: Electronic voting

From: Harvey Newstrom (mail@HarveyNewstrom.com)
Date: Fri May 16 2003 - 07:06:55 MDT

  • Next message: Harvey Newstrom: "RE: [Liberal Bias] Leftist Spin on Twisters"

    Lee Daniel Crocker wrote,
    > <http://verify.stanford.edu/evote.html>
    >
    > a Stanford professor states the obvious: some electronic voting
    > machines are not auditable and easily hacked.

    This is well known and has been widely discussed in the security industry.
    Standard security requirements for double-checks, auditing, logging,
    testing, external verification, etc., have been excluded by these machines
    and the companies that produce them. They cannot be evaluated as secure
    using standard techniques the way they are implemented. Many security
    organizations have discussed publishing official statements against these
    machines. There also have been some discussions that security professionals
    cannot ethically be involved in supporting these elections as accurate given
    the current situation with these machines.

    > So, is there an attack here I don't see? If so, can you plug the
    > hole, or come up with a system with the same safeguards?

    The problem is more political than technological. I see no problems with
    your solution, but I don't think it addresses the root problems that are
    preventing these machines from being auditable. If the state legislatures
    would allow security to be part of the voting process, we already have
    proven methods for this.

    The problem is that these machines are proprietary and the manufacturer's
    contracts forbid third-party audits of the machines. They also don't want
    anybody looking at their software code, so it can't be verified. There also
    is political resistance to having any kind of audit trail, even like the one
    you suggest. The idea is to avoid recount fiascos by eliminating the
    possibility of a recount. This is quite a hot topic here in Florida, where
    Jeb Bush and the republicans in the state legislature want to destroy all
    the ballots from the 2000 presidential election to avoid any possibility of
    future counts. They also would like to pre-emptively do this for all future
    elections. By eliminating all audit trails, there is no way someone can
    demand a recount.

    Also, be aware that the system is much larger than the piece you are
    addressing. Your system proves is that the newspaper correctly reported
    back an encrypted version of each person's vote. How do we know this list
    matches what was counted? How do we know the counts add up to what totals
    were reported? How do we know a bunch of extra votes weren't added? How do
    we know if all the voters were eligible to vote? How do we know that each
    person only voted once? There are a lot of audit areas beyond the single
    one you excellently solved. But the political problems are bigger than the
    technological ones.

    --
    Harvey Newstrom, CISSP, IAM, GSEC, IBMCP
    <www.HarveyNewstrom.com> <www.Newstaff.com>
    


    This archive was generated by hypermail 2.1.5 : Fri May 16 2003 - 07:21:17 MDT