BlogWood: MT Archives

NY Times gives confirmation of voting machine problems

I wrote about this issue on July 9th, and someone commented that I shoulda had some footnotes to go along with my rant. Well, the NY Times is catching up, and researchers at Johns Hopkins have produced a fully footnoted paper.

From the Times:

The software that runs many high-tech voting machines contains serious flaws that would allow voters to cast extra votes and permit poll workers to alter ballots without being detected, computer security researchers said yesterday.

The software was initially obtained by critics of electronic voting, who discovered it on a Diebold Internet site in January. This is the first review of the software by recognized computer security experts.

And from the academics:

Recent election problems have sparked great interest in managing the election process through the use of electronic voting systems. While computer scientists, for the most part, have been warning of the perils of such action, vendors have forged ahead with their products, claiming increased security and reliability. Many municipalities have adopted electronic systems, and the number of deployed systems is rising. For these new computerized voting systems, neither source code nor the results of any third-party certification analyses have been available for the general population to study, because vendors claim that secrecy is a necessary requirement to keep their systems secure. Recently, however, the source code purporting to be the software for a voting system from a major manufacturer appeared on the Internet. This manufacturer’s systems were used in Georgia’s state-wide elections in 2002, and the company just announced that the state of Maryland awarded them an order valued at up to $55.6 million to deliver touch screen voting systems.

This unique opportunity for independent scientific analysis of voting system source code demonstrates the fallacy of the closed-source argument for such a critical system. Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts. We highlight several issues including unauthorized privilege escalation, incorrect use of cryptography, vulnerabilities to network threats, and poor software development processes. For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal. Furthermore, we show that even the most serious of our outsider attacks could have been discovered without the source code. In the face of such attacks, the usual worries about insider threats are not the only concerns; outsiders can do the damage. That said, we demonstrate that the insider threat is also quite considerable. We conclude that, as a society, we must carefully consider the risks inherent in electronic voting, as it places our very democracy at risk.

Now, this is serious. Last time, Jeb and his cronies scrubbed blacks from voter roles in Florida and then giggled as the RNC sent thugs into the state to intimidate local elections officers into stopping a recount that was going Gore’s way.

Rich white wimps whining “We want W”

The Republicans have shown that they will stop at nothing to gain or retain power. Now they have engineered legislation that forces states to “upgrade” to electronic voting systems that leave no paper trail. There is no way for a voter to know that her vote was recorded for the candidate she intended to vote for. In fact, with the revelations that have come out in the last month or so, it is looking very unlikely that votes will be counted as they should be.

Here’s some advice from a computer guy: Vote absentee on an old fashioned piece of paper.

More information.