We Can't Afford Even One E-Voting Morris Worm

from the catastrophic-failure dept

Over at CNet, Declan McCullagh has an interview with probably the most prominent computer scientist who supports paperless e-voting, Michael Shamos. In a wide-ranging discussion, Shamos acknowledges that e-voting isn't perfect but insists that every voting system has its flaws, and that e-voting can be made to work better than either paper ballots or touch-screen machines with paper trails (which he points out tend to jam a lot). Mike already pointed out some problems with Shamos's analysis, and you can check out Dan Wallach's post for a comprehensive rebuttal. But I found one of Shamos's comments particularly striking. He says:

Remember Robert Tappan Morris and the Internet worm? I would get worried if we start to see systematic evidence (of increasingly robust) attacks. But we've never seen any of those.

Shamos is referring to probably the most famous malware attack in the history of the Internet. In 1988, a grad student named Robert Morris created a worm that infected hundreds, if not thousands, of computers across the Internet. It was by far the most damaging Internet worm up until that time, and as a proportion of all hosts on the Internet, probably still ranks among the most successful worms in Internet history. The important point for our purposes is that nobody saw the Morris worm coming. The security vulnerabilities exploited by the Morris worm were known ahead of time, but few people other than the worm's author realized their seriousness.

Of course, once the Morris worm brought the Internet grinding to a halt for several days, everyone became acutely aware of the importance of security, and so they quickly fixed the bugs Morris had exploited. And luckily, at this point the Internet was still a relatively small, academic network, so while it cost millions of dollars of work to clean up the mess, no irreparable damage was done. But there wasn't a series of "increasingly robust" attacks leading up to the Morris worm that could have provided fair warning to Internet users of the day. The Morris Worm was a lot more sophisticated and successful than anything that had come before it. And by the same token, there's no reason to think that the bad guys will give us some advance warning by incompetently trying to steal a few city council seats before they disrupt a presidential election. If we continue to vote on insecure e-voting machines, we run the risk that our first clue that something is wrong will be when the voting machines in a key swing state "malfunction," throwing the presidential election into turmoil. I don't think we can afford to take that risk.

Filed Under: e-voting, michael shamos

Are E-Voting Paper Trails A Bad Idea?

from the depends-on-your-point-of-view dept

News.com is running an interview with Carnegie Mellon CS professor Michael Shamos, who is rather opinionated about everyone who keeps pushing for a voter-verified paper trail in e-voting machines. He thinks that a paper trail is a bad idea, but his reasoning is a bit problematic. Most of his complaints are around the fact that paper ballots aren't particularly reliable either (which no one denies). But that, alone, isn't a reason to get rid of a paper trail. After all, the idea is that the paper trail is a backup -- a way to check and verify that the electronic votes are counted correctly.

From there, Shamos complains that various voting laws say that if the e-voting totals and the paper totals don't match up, you have to use the paper totals. To him, that's a problem because (as he pointed out) the paper totals are not particularly reliable. But, again, the problem here isn't actually with the paper trail, but the laws that automatically ditch the e-voting result, rather than specify a way to verify what the real vote total is.

Towards the end, Shamos does make some good points about how the real focus should be on building a system that does end-to-end verification for reliability, so that people can feel confident that their vote was counted correctly. However, he falsely accuses supporters of paper trails of not being interested in this. That's simply inaccurate for the most part. Almost every expert on the subject that you talk to wants a better overall e-voting system that is more secure, accurate and reliable. Having a verified paper trail isn't meant to solve all the problems, but as a temporary solution for an obvious problem with current e-voting machines. Yes, we need a better overall system, and, no, paper isn't perfect -- but Shamos seems to be accusing the paper backup supporters of stuff they're not saying.

Filed Under: e-voting, michael shamos, paper trail