Page 10 of 18
Can anyone make heads or tails of this story? (More links.)
Remember that Ohio was not the deciding state in the election. Neither was Florida or Virginia. It was Colorado. So even if there was this magic election-stealing software running in Ohio, it wouldn’t have made any difference.
For my part, I’d like a little—you know—evidence.
I’m not filled with confidence, but this seems like the best of a bunch of bad alternatives.
EDITED TO ADD (11/6): Matt Blaze, Ed Felten, and Andrew Appel have a lot more to say about this.
Interesting article on using risk-limiting auditing in determining if an election’s results are likely to be valid. The risk, in this case, is in the chance of a false negative, and the election being deemed valid. The risk level determines the extent of the audit.
The Verified Voting Foundation has released a comprehensive state-by-state report on electronic voting machines (report, executive summary, and news coverage). Let’s hope it does some good.
The error rate for hand-counted ballots is about two percent.
All voting systems have nonzero error rates. This doesn’t surprise technologists, but does surprise the general public. There’s a myth out there that elections are perfectly accurate, down to the single vote. They’re not. If the vote is within a few percentage points, they’re likely a statistical tie. (The problem, of course, is that elections must produce a single winner.)
Related to this blog post from Wednesday, here’s a paper that looks at security seals on voting machines.
Andrew W. Appel, “Security Seals on Voting Machines: A Case Study,” ACM Transactions on Information and System Security, 14 (2011): 1–29.
Abstract: Tamper-evident seals are used by many states’ election officials on voting machines and ballot boxes, either to protect the computer and software from fraudulent modification or to protect paper ballots from fraudulent substitution or stuffing. Physical tamper-indicating seals can usually be easily defeated, given they way they are typically made and used; and the effectiveness of seals depends on the protocol for their application and inspection. The legitimacy of our elections may therefore depend on whether a particular state’s use of seals is effective to prevent, deter, or detect election fraud. This paper is a case study of the use of seals on voting machines by the State of New Jersey. I conclude that New Jersey;s protocols for the use of tamper-evident seals have been not at all effective. I conclude with a discussion of the more general problem of seals in democratic elections.
This is both news and not news:
Indeed, the Argonne team’s attack required no modification, reprogramming, or even knowledge, of the voting machine’s proprietary source code. It was carried out by inserting a piece of inexpensive “alien electronics” into the machine.
It’s not news because we already know that if you have access to the internals of a voting machine, you can make it do whatever you want.
It is news because it’s so easy. The entire hack took two hours, start to finish. The attacker doesn’t have to know how the machine works, he just needs physical access. (And we know that voting machines are routinely left unguarded, and have locks that are easily bypassed.)
I find this all so frustrating because there are a gazillion ways to hack electronic voting machines. Specific attacks get the headlines, and the voting machine companies counter with reasons why those attacks are not “valid.” And in the noise and counter-noise, no one hears the general truth: these systems are insecure, and should not be used in elections.
Some copycat imitated this xkcd cartoon in Sweden, hand writing an SQL injection attack onto a paper ballot. Even though the ballot was manually entered into the vote database, the attack (and the various other hijinks) failed. This time.
Sounds like it was easy:
Last week, the D.C. Board of Elections and Ethics opened a new Internet-based voting system for a weeklong test period, inviting computer experts from all corners to prod its vulnerabilities in the spirit of “give it your best shot.” Well, the hackers gave it their best shot—and midday Friday, the trial period was suspended, with the board citing “usability issues brought to our attention.”
[…]
Stenbjorn said a Michigan professor whom the board has been working with on the project had “unleashed his students” during the test period, and one succeeded in infiltrating the system.
My primary worry about contests like this is that people will think a positive result means something. If a bunch of students can break into a system after a couple of weeks of attempts, we know it’s insecure. But just because a system withstands a test like this doesn’t mean it’s secure. We don’t know who tried. We don’t know what they tried. We don’t know how long they tried. And we don’t know if someone who tries smarter, harder, and longer could break the system.
Sidebar photo of Bruce Schneier by Joe MacInnis.