 |
Convened by the American Association for the
Advancement of Science
Main | Program | Participants
| Synopses
Electronic voting can be the most accurate of any previous voting technology.
However, electronic voting can also enable tampering a scale much larger than
previous voting methods. If attention is paid to the security and reliability
of the system from the beginning, then the former lofty goal can be achieved.
If security is viewed as a nuisance and extra cost (as it is now by current
voting vendors and many states), then the latter will eventually occur.
Security is something that is easy to claim, difficult to implement, and impossible
to prove. Vendors and governments are claiming their system is "secure"
even when formal and informal studies indicate significant security problems.
Unfortunately, the current federal standards to "weigh" the security
of a voting system are vague, and meaning less. As a result, vendors and governments
can claim anything since there is no requirement to meet standards of any value.
Compounding this problem is the fact that the compliance and certification process
is flawed beyond belief. Currently, an "independent" lab funded by
the vendor performs the federal compliance testing. The actual tests, and results,
conducted are considered proprietary. There is absolutely no public oversight
of this process.
Current regulations call for the use of only certified software (even though
at least one vendor has admitted to violating the law and using uncertified
software in several different jurisdictions). However, there is a major loophole.
Commercial software is exempt from testing and certification. This means the
vast majority of the software of an electronic voting terminal is uncertified,
and likely just like the software you run on your laptop. Except, the voting
terminals are running without, in most cases, software updates and any of the
basic security protections you use on your computer such as a firewall and anti-virus
protection. This significantly reduces the work factor of a potential adversary
wishing to manipulate an election.
Effective security requires risk management throughout the life-cycle of a
system, and requires robust technology as well as polices. Unfortunately, current
electronic voting technology has neither. The technology used is basic and without
concern for security, and the policies either flat out wrong, or non-existent.
As a result, governments have spent millions of dollars on systems where the
soundness can not be determined, and individual voters have no assurances their
vote was counted as intended. Joseph Stalin once said "It's not the people
who vote that count. It's the people who count the votes". Unfortunately,
right now we MUST trust the electronic voting machines that count the votes
to operate correctly even though basic protections are not utilized, and current
policies ignore security. Furthermore, there is no independent capability to
audit that the electronic voting terminals have been tampered, and no means
to perform a recount outside of the potentially corrupt or tampered software
and hardware.
|
|
