Posted on 08/07/2004 1:17:57 AM PDT by Amerigomag
(COMPUTERWORLD) - Security experts are substantially more skeptical about e-voting than the public, but their greatest worry is system and programming errors, not malicious hacker attacks, according to a survey released this week by the Ponemon Institute.
The study, conducted in July and early August, aimed to measure public opinion about electronic voting systems and then compare the results with those of security experts -- both IT pros and hackers.
"The degree of difference was just startling," said Larry Ponemon, adjunct professor of ethics and privacy at Carnegie Mellon University and director of the independent institute bearing his name.
The Tucson, Ariz.-based institute collected 2,933 usable responses nationwide from the public, both online and by postal mail, and surveyed 100 attendees at the Black Hat and Defcon hacking/security conferences.
Six out of 10 Black Hat/Defcon attendees had an unfavorable view of e-voting, while only 17% of the public did (22% of experts and 28% of the public were undecided).
Ponemon expected the public to be less concerned about e-voting problems than the hackers. However, in all the studies he has conducted comparing views of experts in various fields with those of the public at large, "I have not really seen differences of this magnitude before," he said.
Twenty percent of the experts cited system and programming errors as their top concern, followed by attempts to influence the outcome of an election (17%). A potential breach of security by hackers and cybercriminals ranked third (15%) as a potential e-voting worry among the Black Hat/Defcon attendees.
Among the public, the top worry was a decline in voter turnout because of fear or distrust of e-voting systems (18%), followed by human errors and privacy violations (15% each).
A number of citizen and political groups as well as security experts have criticized electronic voting systems, charging that they are unreliable and insecure. Many have called for a "paper trail" so that results can be recounted via hard-copy backups. System vendors insist that their machines are reliable and argue that critics are touting unlikely worst-case scenarios as probabilities (see our e-voting special coverage page). The president of the Information Technology Association of America, Harris Miller, told Computerworld that some of the criticism is less about electronic voting machines than "a religious war about open-source software vs. proprietary software" (see story).
In the Ponemon Institute survey, 83% of the experts said e-voting is either less or much less secure against election tampering than traditional paper ballot machines, compared with just 19% of the general public. Almost half (49%) of the experts said electronic voting systems were less likely to record and report their votes accurately, vs. 21% of the public.
"Most people are fairly trusting of this technology," Ponemon said. But among the security experts he spoke with, the feeling was quite different. "They think a lot of this technology is pretty crummy," he said.
I don't trust it at all, and I'm an engineer...
Looks like you've got a LOT of company.
Sounds like something the rats would really love!
Isn't the whole point of electronic voting to eliminate the kinds of human errors that make recounts necessary? The only scenario where a recount would be necessary is catastropic failure of the hardware and even that can be avoided by periodically backing up the data offsite. It's been a while since anyone's lost bank account money due to hardware or software failure.
>>"Most people are fairly trusting of this technology," Ponemon said.<<
Most people are quite ignorant of the problems that could easily spring up......myself included.
Do you use an ATM card? With over 85% of the population using some form of electronic means for their banking, a secure voting system can be devised. It's just a matter of implementation.
I'm surprised no one has mentioned this aspect of secure transactions.
http://www.phil.frb.org/files/br/ele2001.pdf
ATM systems use MAC addresses as a beginning point of their network security and it would be very difficult to obtain that value without access to the interior of the machine. Voting machines simply use the DHCP assigned IP which is much easier to discover.
ATM transacations provide a written receipt or the cash or both to substantiate that the users commands were accepted by the system. The electronic voting systems in use today provide neither. They leave no paper trail.
ATMs are routinley subject to hacking and many attempts are successful. Banks across the US pay thousands to their customers each year for losses when their machines are compromised. You just don't hear about it because it is bad for their business.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.