We Can't Afford Even One E-Voting Morris Worm
from the catastrophic-failure dept
Over at CNet, Declan McCullagh has an interview with probably the most prominent computer scientist who supports paperless e-voting, Michael Shamos. In a wide-ranging discussion, Shamos acknowledges that e-voting isn't perfect but insists that every voting system has its flaws, and that e-voting can be made to work better than either paper ballots or touch-screen machines with paper trails (which he points out tend to jam a lot). Mike already pointed out some problems with Shamos's analysis, and you can check out Dan Wallach's post for a comprehensive rebuttal. But I found one of Shamos's comments particularly striking. He says:
Remember Robert Tappan Morris and the Internet worm? I would get worried if we start to see systematic evidence (of increasingly robust) attacks. But we've never seen any of those.
Shamos is referring to probably the most famous malware attack in the history of the Internet. In 1988, a grad student named Robert Morris created a worm that infected hundreds, if not thousands, of computers across the Internet. It was by far the most damaging Internet worm up until that time, and as a proportion of all hosts on the Internet, probably still ranks among the most successful worms in Internet history. The important point for our purposes is that nobody saw the Morris worm coming. The security vulnerabilities exploited by the Morris worm were known ahead of time, but few people other than the worm's author realized their seriousness.
Of course, once the Morris worm brought the Internet grinding to a halt for several days, everyone became acutely aware of the importance of security, and so they quickly fixed the bugs Morris had exploited. And luckily, at this point the Internet was still a relatively small, academic network, so while it cost millions of dollars of work to clean up the mess, no irreparable damage was done. But there wasn't a series of "increasingly robust" attacks leading up to the Morris worm that could have provided fair warning to Internet users of the day. The Morris Worm was a lot more sophisticated and successful than anything that had come before it. And by the same token, there's no reason to think that the bad guys will give us some advance warning by incompetently trying to steal a few city council seats before they disrupt a presidential election. If we continue to vote on insecure e-voting machines, we run the risk that our first clue that something is wrong will be when the voting machines in a key swing state "malfunction," throwing the presidential election into turmoil. I don't think we can afford to take that risk.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: e-voting, michael shamos
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
EVoting NEEDS a Morris worm!!
Nothing else is going to wake up voters and make them start to think about the security (or lack thereof) of current electronic voting systems.
A few minor 'inconsistencies' in one or two states can easily be brushed off. "Exit polls are inaccurate", etc. It's _already_ happened twice. The voting public is blissfully unaware of this.
"The canary was already sick, it probably died of natural causes"
That won't wash if the problems are widespread and obvious.
[ link to this | view in chronology ]
So. . .
Why? Do we voters have the opportunity to do last minute checks on the candidates for slimy practices, just before we vote?
I know very little about these machines, but it seems to me that they should be stand-alone boxes, that record all the data as it goes in and nothing more. Placing them on any kind of network puts the entire system in jeopardy.
EtG
[ link to this | view in chronology ]
Lessons not learned
Fast-forward to today and it becomes clear that NONE of the vendors or backers of computerized voting systems have absorbed the lesson -- or if they have, their knowledge has been overruled by their profit motive. As Schneier's brilliant economic analysis has shown, the budget available to an attacker going after the US Presidential election should be presumed to be on the order to $100 million. That's easily enough to subvert these systems using a Morris-worm-ish technique albeit with considerably more subtlety so that it's not nearly as easy to detect.
Moreover, the continued refusal by voting system vendors to publish all source code, all hardware design documents, etc. and submit them for public inspection means that the pool of people with access to this information is severely limited. Worse, it's limited to the same people who are known to be designing, building, and deploying buggy, insecure systems, thus the people least likely to detect an issue similar to the Morris worm.
We need to go back to pencil and paper ASAP. (Yes, pencil and paper systems have their issues, too, but they're vastly better-understood and they have the highly desirable property that they're much more difficult to subvert en masse, which largely prevents large-scale fraud.)
[ link to this | view in chronology ]
reality, voting, and machines
--Glenn
[ link to this | view in chronology ]
The real issues
Improving any system or process is like ‘peeling an onion’. Identify and address the most serious flaws and issues first, then continue until the flaws and issues become small enough to be acceptable. Of course this takes a rational, unemotional, systematic approach which is properly funded.
Election activists, critics and conspiracy theorists have a tendency to harp on about their own little concerns and pet peeves, rather than take the time to understand the big picture and target the real issues. And you know what? the incumbent politicians and power brokers the world over are just happy for them to do so, as it takes attention away from how they really influence elections, so they can continue to do just that.
Take elections in the US, which are the most complex in the world. Here are some facts of which most Americans, including the activists, appear to be blissfully unaware:
The democratic process is an illusion. When voting for President, Americans are actually voting for a representative on the electoral collage for their State, NOT for the President. Your vote does not count for President. It is that Electoral College that decides how to allocate that States votes for President (each state has a different number of electoral collage votes based on size, population, history etc). There is an assumption that the Electoral College will follow the popular vote for that State, but it has no constitutional obligation to do so, and in the past there have been documented occasions when it has not. So much for democracy.
It is a Federal offence to interfere with the election process in order to influence the result. Influencing the election for senior positions (State and Federal rather than local) in such a manner would require such a wide spread corruption and law breaking that the risk of it being detected is just too great for any of the major parties to even consider, whether it be interfering with electronic machines, paper ballots, polling places or the tally process. Why should they bother when they have a much wider range of legal and borderline legal ways to achieve the same goal? Incumbents use legislation and policy to affect voter registration, voter eligibility, accessibility to polling sites etc. The number of cases of legal but immoral practices to achieve this is widespread, however many activists tend to try to blame the election technology used rather than identify the true issues. Take Ohio in 2004 as an example – activists blame the use of electronic machines rather than the distribution of those machines and the policies to reduce access to the poling places in certain areas, both of which were legal and highly effective.
The easiest point in the electoral process to influence an election is voter registration, not the polling place (or voting machines). If people are registered to vote who should not be (non-existent, dead, out of state) or certain legitimate groups are not registered (discouraged, removed from electoral roll), then the election can be influenced at source. This happened in Florida in 2000, when a State law was passed requiring registrars to remove anyone from the electoral roll who was ‘suspected of being a felon’ (felons are not allowed to vote in Florida). The State (read Governors office) provided a list of people who were suspected of being felons to some (but not all) registrars. These lists were concentrated in areas of particular geo-political nature and included people who shared the surname and initials of a known felon! These voters were not notified that they had been removed. Hence, many voters turned up to vote only to be told they were not eligible to do so. Coupled with same highly dubious decisions concerning provisional and absentee voting, this policy was both legal and highly effective.
The amount of effort required for a jurisdiction to implement an election in the US is huge due to the complexity and frequency of elections. It is just a simple fact that even if those tasked with running the election wanted to ‘rig’ it (and really they do not) they do not have the time or manpower to do so. All they really want to do is to successfully implement it, with a minimum of issues and hope they survive with their sanity intact for the next one!
Paper based elections are only slightly more secure than a show of hands. There is a growing misconception, that the use of paper ballots ensures a secure election because it leaves a permanent record of the ballots cast which can be audited. Paper based election have been used for centuries and a myriad of ways to rig them have been invented and successfully used in that time. How can you tell if ballot boxes have been stuffed or ballots removed? – when you audit the election the records include the ‘extra ones’ and does not include those removed - it is 'self auditing'. This has been common place in the past. Another easy way, which has been used in the US, is the artificial creation of over-votes for certain contests during the counting or auditing process. Choices in over-voted contests (where more choices have been made than are allowed) do not count, so if an election worker adds a mark to a ballot or punches out an extra hole, on some ballots then those votes will not count either in the main counting process or the re-count process, and there is no evidence of it as the very ‘auditable ballot’ is the thing that has been manipulated.
Very little money is actually spent on the election process for the complexity an frequency of the elections. Election departments are funded at County (or City) level and with budget restrictions are usually under funded and struggling. Even the $5 Billion that the Federal government made available from Federal funds for HAVA sounds a lot but only represents about $12 per eligible voter and a large proportion of that went to voter education and infrastructure.
Now, that’s not to say that the election activists do not have good points. They certainly come up with a myriad of ways to improve the election process and make it more secure. However, they are concentrating on minor issues compared with the glaring issues that exist and do not recognize the level of funding needed to really guarantee a fair and secure election. I just hope that community gets smart and starts to concentrate on the biggest issues, so that America can once again gain the respect of the rest of the world as the beacon of democracy it once was.
[ link to this | view in chronology ]
The Perfect worm
I'm not a Luddite. Computers are indispensable. The problem arises when the users are divided as to what the output is supposed to mean. Programmers from one party or the other can not be relied upon to be honest, especially when the code is never inspected.
We need worms, spread around every county in the country, that either crash the machines totally or automatically give the Democrat 80% of the vote. Otherwise, look forward to eternal war and eventual economic ruin.
[ link to this | view in chronology ]
Carmi’s Auckland Recommendations
[ link to this | view in chronology ]
newest jordan shoes
[ link to this | view in chronology ]