[IP] New article: E-Voting: It's Security, Stupid
Begin forwarded message:
From: Stu Burton <stuburtonnyc@xxxxxxxxxxx>
Date: August 24, 2004 9:44:11 AM EDT
To: gnu@xxxxxxx, farber@xxxxxxx
Cc: lessig@xxxxxxx, pam@xxxxxxx
Subject: New article: E-Voting: It's Security, Stupid
August 23, 2004
from: http://www.eweek.com/article2/0,1759,1637546,00.asp
E-Voting: It's Security, Stupid
August 23, 2004
By Ben Rothke
Last month, Harris Miller, president of the Information Technology
Association of America, reportedly stated that the open-source movement
is using the issue of e-voting security to wage a "religious war" that
pits open-source software against proprietary software. The only thing
more absurd would be for Miller to blame the woes of e-voting on a vast
right-wing conspiracy. As a citizen and voter, Miller should applaud,
not disparage, the whistle-blowers who have demonstrated the security
flaws of e-voting systems.
Leading security professionals say they are against e-voting because of
its intrinsic security weaknesses. Indeed, if e-voting were a drug, the
FDA would never let it out of the lab.
Miller also stated that a recent ITAA survey showed that 77 percent of
registered voters are unconcerned about the security of e-voting
systems. Such a figure demonstrates how little those polled know about
information security. Could any of that 77 percent find insecure code
in the voting software or explain, for example, how blind signature
voting systems are supposed to work? Democracy is magnificent, but the
optimism of 77 percent of the populace cannot make insecure and buggy
code workable. If the 77 percent truly understood the many security
problems, their enthusiasm for e-voting would be quickly extinguished.
In fact, e-voting creates the largest and most unique set of challenges
to information security today?greater than the security challenges of
e-commerce or electronic tax filing systems. When the ITAA points a
finger at the open-source movement, it is only in a futile attempt to
deflect criticism of the inherent security flaws of e-voting systems.
Paper voting is not without its problems, as the presidential election
in 2000 made clear. What traditional voting systems offer, however, are
audit trails. Although far from perfect, paper audit trails are the
best we have. While fraudulent repeat voting has long been a problem,
the most fraudulent votes a single person could place in a single day
might be 20. Move that election online, and there's theoretically no
limit to the number of hacked votes that could be placed.
Electronic audit trails, if implemented effectively, could provide an
ideal solution. The only problem is that there are no vendors that are
developing auditability levels that would permit secure e-voting.
Secure e-voting is not beyond our reach. It could be developed, but it
might amount to the application equivalent of the Manhattan Project.
Until such a commitment is made, e-voting is one technology that we
would be well-advised to do without.
Ben Rothke, CISSP, is a New York-based security consultant with
ThruPoint Inc. McGraw-Hill has just published his book, "Computer
Security: 20 Things Every Employee Should Know." Rothke can be reached
at brothke@xxxxxxxxxxxxxx
_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee®
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/