Panel: E-voting vulnerable

TalkBack 28 of 35:

Next »

« Previous

• Thread View
• Flat View

Trust, But Verify...

Hi, John.

You ask:

How much do you trust your state's election officials? AFAIC, the source code has to be publicly available. If the security mechanisms are so weak that the code has to be kept secret to protect them, they aren't good enough.

Here's the problem: All complex software has flaws. If your home version of Windows has a security hole, the worst that could happen is your bank account gets looted. (Bad for you, but the country will survive.) If your election machine software gets compromized, your democracy gets looted. I know concealment isn't the best security; having your system attacked and responding to those attacks yields the best security. And I'm all for the election machines getting attacked -- in-house. The risks involved in publishing that information are just too great to allow some sense of bravado to compel the publication of the code to the public at large. Anyone who sees the code has to be thoroughly screened. Again, I would think of this not as an application project, but as a defense project. In effect, the system is defending the very essence of our democracy. No matter how secure it is, you can't let the blueprints fall into the wrong hands.

I don't necessarily give short shrift to secrecy. My argument is that it's important to define what you're keeping secret. The fact that a person has cast a ballot is not important to keep secret. Whom they voted for is important to keep secret. The anonymity of who you pull the lever (to use the old metaphor) or click the mouse (for e/i-voting) is the important part, because that's the part that ne'er-do-wells try to buy. Buying votes breaks down as a strategy if you can't guarantee that your vote stays bought. Voter fraud would also take a serious hit if you could guarantee who a person is before you let them cast a vote (via biometrics). I can't think of a reason why an algorithm would necessarily need to record who voted for what, any more than an online poll by ZDNet would need to record your IP address alongside your vote. Yes, they need your IP address for verification. Yes, they need your vote, but they don't need to connect them in any way. They just need to check the IP to make sure it hasn't logged in before. I-voting would work the same way.

Granted, I haven't fleshed this out, but I don't think it's impossible, and I think it's likely we'll see it in our lifetimes, as the biometrics and computing equipment become ever cheaper.

Posted by: bhartman36   Posted on: 10/10/05 You are currently: a Guest | Members login | Terms of Use

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

SponsoredWhite Papers, Webcasts, and Downloads

• Five Steps to Determine When to Virtualize YourServers VMware Server virtualization isn't just for big companies. Entry-level ... Download Now
• Wireless Lab Delivers Technology and a Better Education Dell Steve Spangler, assistant principal of Middlesboro Middle School in ... Download Now
• Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now