Saturday, August 19, 2006

It's good to see that Forbes Magazine isn't ignoring the issues with e-voting. Here's an opinion piece by Aviel Rubin called Pull the Plug.

Consider one simple mode of attack that has already proved effective on a widely used DRE, the Accuvote made by Diebold (nyse: DBD). It's called overwriting the boot loader, the software that runs first when the machine is booted up. The boot loader controls which operating system loads, so it is the most security-critical piece of the machine. In overwriting it an attacker can, for example, make the machine count every fifth Republican vote as a Democratic vote, swap the vote outcome at the end of the election or produce a completely fabricated result. To stage this attack, a night janitor at the polling place would need only a few seconds' worth of access to the computer's memory card slot.

My ideal system isn't entirely Luddite. It physically separates the candidate selection process from vote casting. Voters make their selections on a touchscreen machine, but the machine does not tabulate votes. It simply prints out paper ballots with the voters' choices marked. The voters review the paper ballots to make sure the votes have been properly recorded. Then the votes are counted; one way is by running them through an optical scanner. After the polls close, some number of precincts are chosen at random, and the ballots are hand counted and compared with the optical scan totals to make sure they are accurate. The beauty of this system is that it leaves a tangible audit trail. Even the designer of the system cannot cheat if the voters check the printed ballots and if the optical scanners are audited.

The type of voting system mentioned in this last paragraph of Dr Rubin's article is what they're doing here at Open Voting Solutions.

Aviel Rubin is a professor of computer science at Johns Hopkins University and author of the soon to be released Brave New Ballot: The Battle To Safeguard Democracy In The Age Of Electronic Voting.


Post a Comment

<< Home