 |
Originally posted at my corporate blog at http://blog.avanadeadvisor.com/blogs/waynea In case you have been living under a rock for the last few months, it is yet again another election season in the United States. The political insults are flying, you cant turn a channel without seeing another politicians face, and the debate over the security of Electronic Voting is once again in full swing. It seems like every news website you go to there appears to be yet another vulnerability discovered with Electronic Voting, from SecurityFocus, to the mainstream sites like CNN.com and Yahoo.com, each news space has at least once story somewhere in the last few days about how this system or that system was compromised by security experts, or was voted on by dead people, or the source code was carelessly left about. In particular example... Maryland: Diebold Took 3 years to Patch a Screen Freeze Please note that these are but a TINY example of the headlines on the subject recently from all over the nation... The Impetus... In 2002, the United States passed the Help America Vote Act of 2002 (commonly referred to as "HAVA" ha'-vuh) which was intended to provide a 4 year period over which federal funds would be made availible to assist states with updating election systems with electronic devices as well as requiring states to update the means by which they construct and store electronic voter lists, and also assisted with modifying various small bits and pieces of how Absentee voting is conducted and counted. States accepting the funding then became subject to specific deadlines for when they had to be using particular systems for storing election information electronically, as well as later deadlines for implementing electronic accessibility in voting. This leads us to the present. Failed Voting Projects Working for two separate employers, I have been on the fringes of two different HAVA-related consulting engagements for two different state-level clients. While I cannot really go into the details of the involvement or the projects themselves due to ongoing NDA obligations, i will simply say that at this point in time, I am still In Search Of the Big Red Flags that I would expect many more people to be waving just 2 weeks against our first HAVA-enabled federal election. It is estimated that this year, about 40% of those who go to the polls to vote this November will be doing so on electronic machines. Very few voting juristictions have chosen to pay for (and implement) the paper record option on the machines that will generate essentially a voting "reciept" to be counted in case of an electronic glitch. Of those, even fewer juristictions would recognize that paper as an official ballot were the election to be reverted to a paper-based count. The end result of all these problems has been a swath of system tests by election boards, county clerks, and security experts in which the groups in question have expressed a no-confidence votes in these systems, including the outright cancelling or complete retooling of several states' projects. These days, it seems the only people with confidence in the integrity of election results on these machines are the manufacturers! The Election "Glitch" of 2006 That "electronic glitch" is not so difficult to imagine as one might hope. There are great swaths of many different states that are fairly well set apart from the urban areas in the state. Is it so hard to imagine unstable internet connections for voting updates and information downloads from state systems? How many times can you recall some downtime at work because some database or other was corrupted, neccessitating restore? We are talking about 50 different systems, each using 2, 3, 4 or more software and hardware vendors with different architectures, each managed by separate system administration teams. Can you really tell me that each of these systems, any of which could individually possibly be asked to support millions of transactions in a compressed time environment, is going to have 100% uptime on election day/night? And this is just looking at systemic architectural risk! Then we start to look at some of the reports of system based vulnerabilities in the various system stages... The Voting Machine Princeton: Security Analysis of a Diebold AccuVote-TS [Video demonstration] The Tabulation and Jurisdictional Accounting Systems MIT: Computerized Voter Registration Databases Need a Major Overhaul Where are the Red Flags? At some point, the system will have to move forward, I recognize that this is inevitable. For this election, however, I am not seeing nearly the scale of scrutiny, backup procedures, nor even at the least are State Secretary of States offices making public the steps they are undertaking to ensure the integrity of this first "Electronic Election". I, too, will be going to the polls this November, and watching eagerly with gimlet eye the many fingers of the press as they pick through the results of this election accross the country.
|
|
