Defense in Depth Subscribe to Defense in Depth
May 15, 2008 10:49 AM PDT

The good (and bad) news about electronic voting

Posted by Robert Vamosi

Following the February 5 presidential primary, several county clerks in New Jersey asked an independent researcher to study the vote results on the state's electronic voting machines. The vendor, Sequoia, has threatened legal action, but so far hasn't taken any. Initial results suggest that there were some inconsistencies in vote tallies, although none were enough to reverse the election results themselves.

Since last year, several states have requested audits of electronic voting systems. In California, the audits resulted in some systems being scrapped for the 2008 presidential primaries. As we turn our attention to the fall 2008 presidential election, several security researchers have come forth with their own studies and suggestions. One of them is Brian Chess, chief scientist at Fortify.

Below is a transcript of part of my interview. The entire podcast can be heard here.

To start, I asked Brian what his take is on the whole electronic voting issue.

Chess: It might actually start off sounding bad, but the news really is good on the electronic voting part. So here's what's happening. In California last year, and they've since been followed by states like Ohio, and Florida, and Colorado, have been taking a hard look at the electronic voting system that they've purchased. Usually the way this happens is the secretary of state will go to the state university and say, "Give me some electronic voting experts and I want them to examine the systems that we purchase." Those experts go and examine the systems and they say, "You know, these don't provide a level of security that we're comfortable with," and then the state begins to restrict the use of that electronic voting technology based on the vulnerabilities or the concerns that the experts have identified.

That's a really good thing and I would have thought that the business world would have caught on before the politicians would have caught on, but here we've got the politicians at least in this electronic voting realm really listening to the experts about where the risks lie in a system that's critical to the functioning of our democracy. The way we vote. They're saying, "Hey, you know, maybe we want to really consider how to deploy this technology" and that's really, really good news. It's not good news that we're finding new systems that are not adequately secured. But it's good news that we're starting to think about some of the risks that these systems pose. Some of the work that I've been proudest of coming out of Fortify now is that we've been contributing to the analysis of these voting system and allowing the people conducting the reviews to use our source code analysis technology.

Me:Are you a part of any standards group that's looking into these systems?

Chess: Well, on the one side, you've got the companies who are making the voting machine; and on the other side, you've got people who are trying to legislate what threshold for security might be. So far, we've tried to stay out of that political arena.

Me: I'm thinking of something that I heard at RSA about software dependent and software independent models that are being discussed for electronic voting machines?

Chess:: The problem we have with the electronic voting machine is that there is, at some point or another in all of these systems, there is this very complicated black box, and in order for the election to do what you want, you have to trust that black box works correctly. So there are university researchers who are talking about systems that do not depend these sort of black box with a complicated mechanism in it, functioning correctly in order for you to know that you got the right result out of the election. I think that there is some really cool research going on there. But I don't think any of that is going to help us. Well, certainly not with this next presidential election. I would be pretty amazed if it helps with the one after that. But the frontier there is full of absolutely stellar work.

Me: Most of the researchers I've talked to about electronic voting have said, "We're stuck with it, and we just have to make it work the way it exists." Do you agree with something like that?

Chess: Look at what happened in California where they checked the voting machine, the electronic voting machine, but they said, "We're going to use these machines for a much more narrow purpose than they were originally designed for. We're going to keep them around, so people with disabilities can be independent voters," and that is now this sole function of the voting machines in California. I think that is a significant reduction in risk from saying, "These are the machines that we're going to turn our elections over to." I expect we'll see more compromises along those, along those lines, and I think that's a big step up from where we were just a few years ago.

Me:Any thoughts on the use of paper trails to verify the data?

Chess: There are a lot of machines that have been retrofitted to have paper trail included as part of them, but if you look at what the system of record is, the system of record is still not the paper trail or even when the system of record is the paper trail, paper trail is created in such a way that it makes it almost impossible to perform and audit using that paper trail. So I think that paper trail is a good idea, but it's very difficult to bolt onto a system and retrofit an insecure system to be secure because you added this paper trail.

Recent posts from Defense in Depth
Researcher faults Apple iPhone on security updates
Google RatProxy looks for cross-site flaws
Hundreds of Lithuanian Web sites defaced
Mozilla and Opera fix security flaws
Four security bulletins expected on Patch Tuesday
Add a Comment (Log in or register) 3 comments (Page 1 of 1)
by Steve Charles May 15, 2008 1:20 PM PDT
In addition to Software Independence (SI) work is being done with Independent Verification (IV). NIST formally used the description Dual Independent Verification, but have recently dropped the Dual realizing vendors may use multiple technologies to tabulate an election. The use of multiple Independent Verification technologies combined with Software Independence is very close at hand. We at PenVote.com are combining Digital Pen and dot enabled paper with IV to provide the voter with a rich and secure voting experience. Our PenPoll product was used in last Novembers? election and was totally transparent to almost all 442 voters that used the digital pen with dot enabled paper. Only a few people noticed and commented that the pen appeared to be a little bit bigger than a standard pen. We think that there is a place for Pen and Paper in the voting booth. Steve
Reply to this comment
by Dalkorian May 15, 2008 4:28 PM PDT
Did I miss something, is there more to this than I realize? Quoted from the article ... . "Chess:: The problem we have with the electronic voting machine is that there is, at some point or another in all of these systems, there is this very complicated black box, and in order for the election to do what you want, you have to trust that black box works correctly." . Very complicated black box? What's so complicated about simple addition? - voter1 voted for A: A=1, B=0 - voter2 voted for B: A=1, B=1 - voter3 voted for B: A=1, B=2 - voter4 voted for A: A=2, B=2 I could write this in an afternoon using Perl and I've never written anything in Perl (I'd have to learn the language first, which is why it would take an afternoon and not 5 minutes). This is part of the problem, I fear the machine vendors are INTENTIONALLY making it "complicated" for nefarious purposes. Think about it for a moment, they don't want to make paper trails and when people insist upon them they install crummy unreliable printers that can't help in an audit. Why? Would this have anything to do with Diebold's insistence a few years back that they would "deliver the vote for bush"it?
Reply to this comment
by Brentbb0 May 15, 2008 4:35 PM PDT
The only way to really verify any voting machine's tabulation, is to count the paper trail by hand. And this needs to be done for every voting machine that's used in every district. Otherwise, local results and even elections can be stolen. So why waste money on these machines in the first place? Its much easier, cheaper, and safer to develop the proper paper ballots and their methodology. So why hasn't this been done? Because, as usual, human beings are involved in the process, and as we all know, they are run by greed and stupidity, and rarely can ever be trusted to do the right thing. Check out, "Hacking Democracy" for an excellent film on the topic.
Reply to this comment
Powered by Jive Software
advertisement

  • About Defense in Depth

  • With over eight years at CNET covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews with the top security researchers making the news as well as offering the hands-on, non-technical advice you'll need to stay safe online.

Add this feed to your online news reader
Google
Yahoo
MSN

Defense in Depth topics

Most popular stories

  1. 'Netflix box' to carry more than just Netflix

  2. Jobs, Apple directors face new backdating suit

  3. IE 8 to have antimalware protection

  4. China's military tries out Segways

  5. Stolen: Google employees' personal data

Latest tech news headlines

All News.com headlines »

Featured blogs

Beyond Binary by Ina Fried

Coop's Corner by Charles Cooper

Geek Gestalt by Daniel Terdiman

Green Tech

One More Thing by Tom Krazit

Outside the Lines by Dan Farber

The Iconoclast by Declan McCullagh

The Social by Caroline McCarthy

Underexposed by Stephen Shankland

advertisement
Welcome (log out) |View profile
Log in | Sign up Why join?
On MovieTome: SEX AND THE CITY clips are here!
Advanced
search
Advanced
search
Visit other CBS Interactive sites