Posted on 11/04/2006 2:21:06 PM PST by calcowgirl
No system is totally foolproof.
Current systems do not even use code signing for the executables (allowing the software to be changed without notice to anyone, compare that to installing a driver on Windows) nor do they encrypt and protect the data that is transferred as well as the browser you are using right now when you pay for a pizza on the web.
Oh, why don't we implement code signing that you have mentioned, and here's other ways to protect the integrity of these systems from being compromised:
- You can treat them like nuclear weapon systems by having 'No Lone Zones' when not in use, and locked them in secure storage with 'Intrusion Detection Equipment' as safeguards.
- When in use or moving them out of storage, implement procedures and documentation for a chain-of-custody and provide security.
- Have coding and voting machine experts from all parties, impartial parties, go over ALL the software code line-by-line, to include hardwired code, before each elections so to be certified. Repeat this procedure before every election.
- After the code and machine is certified, use a MD-5 Hashed Message Authentication Code (HMAC) to ensure software tamper detection.
- Setup federal or state agencies to oversee computer voting machines.
- make new laws to punish machine voting fraud.
I doubt systematic safeguards are going to happen because it would take big buck to implement. And we don't need more bloated bureaucracies. So lets complain some more because it's not totally fool proof.
I have programmed computers professionally for 30 years. I have no faith in these machines. You will find that the faith in these machines is inversely proportional to the amount someone knows about computers, computer security and the validation of software.
And how many programming experts are there that have time and access to these machines that are willing hack them to swing elections? I think not so many.
Yes, lets go back to punching and marking illegal ballots to be stuffed in election boxes - why that's easy to do...
This is a case where "The enemy of my enemy is my friend." does not apply. Just because Dems suspect it should not make you reflexively support it.
I do not. What I do see from the otherside is that they make wild-eyed accusations without 1 iota of proof - ie Bev Harris and the DU'ers.
I'll read that article. do you have a link? :-)
I started programming on Zylog Z-80's. If humans have access to a "reset" button, and the only notification is a "beep"; it will be compromised. Period. Until there is a standardized platform, "features" and fraud will be rampant. I do not claim that older balloting was any more secure or fraud proof. Only that private companies will get to make the rules.
In the early 1980's I compromised the TACC-II cash controller where I worked simply by sequencing keystrokes. It opened the main depository. I notified the employer of the feature and received a $50.00 reward. 3 years later, the software was changed.
Unless it IS THE POLL WORKER DOING THE BEEPING!
or if a democrat you know votes, then BEEP BEEP!
Is this button a "hanging button" in any way, as in, "hanging chad"?
It is easy to postulate vast and expensive bureaucracies and dismiss criticism. That is a paper tiger argument. These are not nuclear weapons and the security model and attacks possible are entirely different.
The real issue is why even the most basic electronic safeguards have not been implemented.
Everyone knows that 'security by obscurity' is a recipe for failure. In a system where the hardware and software must be distributed to thousands of insecure locations, a closed system is only effective in preventing the discovery of vulnerabilities by the good guys.
The bad guys will just buy or steal the box and find the vulnerabilities that the company will deny exist until elections are swung by fraud.
For those that are not familiar with 'security by obscurity' that is why:
1) You can easily copy 'protected' DVDs.
2) Clipper failed.
3) The original WiFi encryption scheme (WEP) is completely broken.
Personally, I am not all that unhappy about the first two, but my data security and the security of our elections are different matters.
The difference between retail punch card fraud and electronic fraud should be obvious, but I will explain:
Punch card fraud is retail. One card, ten cards, maybe a hundred cards.
Electronic fraud can be wholesale, swinging hundreds or thousands of votes at a time and in fractions of a second (depending on the point of attack.)
Electronic voting fraud does not require expertise the point of attack, so only one programmer is needed.
Once one qualified programmer has created the hack, it is as easy to compromise a voting machine as it is for an amateur to copy a DVD with the software available today. With a hand-held card writer (similar to the hand held mag-stripe readers used in credit card fraud), even grandma can do it, if she has the inclination.
You might also update your buzz words. MD5 has been compromised in recent years. SHA1, Whirlpool or RIPEMD would be preferred for new designs.
It is true that the worst sorts of Democrats are using the issue to their advantage. It is, however, an issue of equal or greater importance to us as the likely victim.
I suspect they would prefer to complain about it and never have it fixed than see a real solution implemented. That allows them to direct attention away from their failures. I urge action to take that opportunity away from the scum.
From article: " In the 20-plus years that these machines have been used, in many counties all across the country, there has never been a verified case of tampering."
And after two more years, there still has never been a verified case of tampering.
That's a good track record.
It is pretty clear from reading John Lott's article that, while well intentioned, he is not writing of his own knowledge on the computer issues described. He was not particularly well advised (or did not convey the subtleties well.) It sounds like he read a brochure or talked to a company flack.
To be fair, many of the vulnerabilities that are well known now have been discovered since this article was published more than two years ago, but the use of PCMCIA cards with no protection whatever (not CDRs, which would only require slight of hand to substitute) in the Diebold systems was ignored.
Punch card fraud is retail. One card, ten cards, maybe a hundred cards.
Electronic fraud can be wholesale, swinging hundreds or thousands of votes at a time and in fractions of a second (depending on the point of attack.)
Electronic voting fraud does not require expertise the point of attack, so only one programmer is needed.
So death by a thousand cuts is more preferable? Yes, an undetected fraud to swing elections by electronic voting machines can be wholesale, but I'm sure the fraud risk is many magnitudes lower than paper ballot fraud.
So what's your solution to possible electronic voter fraud?
OK, I'll take your suggestion and update my buzzwords, and you may want to update yours too. SHA-1 may have been compromised by the same Chinese cryptographer...
"So what's your solution to possible electronic voter fraud?"
The first step is transparency in both hardware and software.
There is no room for trade secrets in any part of election processing. Patents are another thing, since they require full disclosure, they are not a problem.
This requires that every aspect of the processing must be open to inspection, not just by those approved by some authority, but by anyone.
I am not an open source zealot, but if there is any place for open source software and hardware, it is in the processing of elections where the result must be fair and, just as importantly, seen to be fair.
Once open, you can be assured that it will be attacked for free, but a reasonable bounty for provable attacks would not hurt to stimulate effort.
At some point, a judgment will have to be made that the system is secure enough for the next election. As you mentioned, no system is perfectly secure. It would be nice however, if the the electronic systems were more secure than the paper based ones, not just more incomprehensible to mere mortals.
Just as the manual procedures for handling votes must be established and public before the election and not subject to change the day of or the day after (as Democrats tried to do in Florida), the electronic voting procedures (software) must be established well before the date of the election.
This requires that the software be certified and the installation verifiable. To have more than minimal confidence, at least parts of the system must be implemented with physical security in mind, i.e. as a trusted platform.
It is clear that the existing proprietary systems can be easily gamed at various points in the process. It is not important whether they have actually been exploited or not. It is sufficient that it is known to be possible and practical. From that point, the result cannot be trusted because there is no electronic audit trail at the voting machine level.
Untrustworthy elections are corrosive to our democracy because they permit tampering to be rationalized by real or imagined tampering by opponents.
Although it would fall short of the ideal, if the resulting systems were only as well implemented, tested and reviewed as the software that drives web transactions at Amazon or in the FireFox browser, we would be far ahead of where we are today with the smoke and mirrors security of current voting systems.
After 2000, politicians responded with the quick, be-seen-to-be-doing-something fix. Shiny, expensive and ineffective technology was purchased to appease the uninitiated. We need to keep a blow torch to the behinds of the politicians to keep them moving in the direction of secure voting systems that are trustworthy.
BTW, as you point out, SHA1 has been compromised although the number of iterations is still on the scale that it would not be a threat today, it is one in the longer term and should be replaced with something, perhaps Tiger or Whirlpool or something not yet invented.
Specifically, "quis custodiet custodes?" ("who will guard the guards?" in Latin) What if the pollworkers themselves are the ones interested in performing vote fraud? The machine can make all the noise it wants.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.