Debugging Election Codes By Paul Spinrad
Are electronic voting machines secure?
No, says EECS professor David Wagner.
Before Congress passed the Help America Vote Act (HAVA) in 2002, voting machines were a low-profit niche product. But HAVA allocated more than $3.8 billion in federal funds to upgrade voting systems nationwide and to be spent within three years. It was a bonanza for voting machine vendors, who convinced most counties to replace their old, low-status paper-based systems with shiny new touchscreens. But they are not secure, and thanks to a report co-authored by Wagner, California now leads a growing multi-state movement to eliminate their potential threat to democracy and ensure accurate elections in the future.
EECS professor David Wagner considers the security issues for voting machines. Photo credit: Peg Skorpinski The machines were questioned almost immediately by grassroots activists like Bev Harris, whose Black Box Voting blog gathered news and focused concern about the machines’ trustworthiness. Soon, researchers and hackers discovered that, among other vulnerabilities, voting machines could be opened with ordinary keys from hotel mini-bars, and their vote counts could then be changed undetectably by simply swapping out their memory cards. In other words, any poll worker, driver, night watchman or other individual with unsupervised access to the machines could throw the results of a close election.
Wagner, a computer security expert, explains that the main problem with current voting machines is that they are built on top of standard, non-secure computer hardware and operating systems. To ensure proper security for something as important as a voting machine, the security must be designed into the system from the ground up. Superficially, voting machines seem like ATMs, which are a solved problem; ATMs handle huge numbers of interactions, dispense paper receipts and can be audited. But what makes voting machines much more difficult, Wagner explains, is the secret ballot. A trustworthy electronic voting system must break the link between the voter and votes in a way that cannot be reversed.
http://innovations.coe.berkeley.edu/vol2-issue3-mar08/electioncodes