Bruce Schneier

 

Home

Blog

Crypto-Gram Newsletter

Books

Essays and Op Eds

Computer Security Articles

News and Interviews

Audio and Video

Speaking Schedule

Password Safe

Cryptography and Computer Security Resources

Contact Information

 

Schneier on Security

A blog covering security and security technology.

« New Zealand Espionage History | Main | Another No-Fly List Victim »

January 26, 2006

Election Machine Conflict of Interests

From EPIC:

EPIC FOIA Notes #11: No-Bid Contracts Go to Vendors with Close Ties to Election Advisory Group

Documents obtained by EPIC from the Election Assistance Commission describe two no-bid contracts for work on voting system standards given to vendors with ties to the Commission's technical advisory committee.

From a security perspective, this seems like a really bad idea.

Posted on January 26, 2006 at 7:35 AM13 CommentsView Blog Reactions

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

Your gift for understatement is showing...

"a security perspective" > "many perspectives";

"seems like" > "is"...

Good morning.

Posted by: Brian Thomas at January 26, 2006 8:38 AM

It's my understanding that a consortium of voting machine vendors has been defining their own technical standards forever. I don't have references for this on hand though.

Posted by: wwg at January 26, 2006 9:27 AM

This is a very bad idea. Without an impartial, independent technical advisory board, who is watching the watchers?

Posted by: Dan at January 26, 2006 9:31 AM

Quick search of SourceForge didn't show anything up... is there any attempt at building an Open Source Electronic Voting Booth?

What would be the "perfect" requirements spec for this? e.g. receipts versus no reciepts, user interface for "multiple election days", hardware, software hashes to detect tampering, anti-stuffing, etc...

Even if it was rubbish implementation, it might give Election Commissions a stick to beat the current corporations with, in the same way that UK councils threaten to go Open Source to get Microsoft price/contract conditions changed.

(PS I know I spelt receiepts wrong. Pick whichever spelling you prefer :)

Posted by: Mitch at January 26, 2006 9:33 AM

Is this an example of semantic shift? Are they now called 'voting machines' because they do the voting rather than the electorate?

Posted by: Roy at January 26, 2006 9:35 AM

Ignore my previous comment. I found some examples on Sourceforge.

Posted by: Mitch at January 26, 2006 9:37 AM

@ Roy

Funny. Maybe they should be renamed "voting robots". Wait, is this the first sign of the robot uprising?

Posted by: Davi Ottenheimer at January 26, 2006 11:56 AM

@ Mitch

> is there any attempt at building an Open Source Electronic Voting Booth?

Well, before starting a project, we should first define what the problem is, right?

So, what's the point of EVBs? There's multiple threads on this blog discussing EVBs, and people here haven't decided how they want them to work. We should probably have a standard for that before going any farther.

(P.S. -> if you read those other threads, you'll find that I'm fairly strongly against the idea of EVBs entirely...)

Posted by: Pat Cahalan at January 26, 2006 12:32 PM

@Davi Ottenhaimer,

"Maybe they should be renamed 'voting robots'."

Or, in current lingo, 'vBot'. It would sure give the bot-net operators something to use all those zombified PCs for ;-|

-EdT.

Posted by: Ed T. at January 27, 2006 6:31 AM

BTW,

I don't see any problem with the vendors working on the standards, so long as those standards are subject to an independent peer review. If they are kept secret, however, there would *definitely* be a problem.

-EdT.

Posted by: Ed T. at January 27, 2006 6:32 AM

Open source, open standards, no no-bid contracts. When will they ever learn?

Posted by: Rich at January 30, 2006 1:30 AM

Just a nit: "Conflict of Interests" -> Conflicts of Interest.

Posted by: radiantmatrix at January 31, 2006 12:29 PM

@Rich
Open source, open standards, no no-bid contracts. When will they ever learn?

Here are three things they have learned:

They can't make money if it is open source.

The can't control the product using open standards.

They can cozy up to the decision makers and be selected based on that relationship instead of an evaluation of their product.

madmike

Posted by: madmike at January 31, 2006 12:41 PM

Post a comment



Real names aren't required, but please give us something to call you. Conversations among several people called "Anonymous" get too confusing.



E-mail is optional and will not be displayed on the site.


Remember Me?


Powered by Movable Type. Photo at top by Steve Woit.

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.

 
Bruce Schneier
Blog Menu

Search


blog only
whole site

Blog Home Page
100 Latest Comments

Archives

August 2008
July 2008
Complete Archive
Support Blogger's Rights!
New Book
Schneier on Security

more books by Bruce Schneier

Syndication
RSS 1.0 (full text)
RSS 2.0 (excerpts)
Translations
German
Italian (selected entries)
Crypto-Gram Newsletter
If you prefer to receive Bruce Schneier's comments on security as a monthly e-mail digest, subscribe to Schneier on Security's sister publication, Crypto-Gram.
read more