11 , 2003
e-Voting is one of those things Iíve been dreading for several
years. Since it first became a technological possibility, the thought
of all of the security risks involved has been swarming in my head
like a hornetís nest. On the surface, it sounds like a beautifully
democratic thing Ė each person anywhere in the world just needs
to get him or herself to a computer in order to vote. But when one
puts together the current legal ramifications and the technological
flaws, itís actually rather scary.
Here we are, placing our most cherished right as Americans Ė the
right to vote Ė in the hands of a bucket of overheated electrons,
with an operating system likley filled with security holes, buggy
voting software built on top of that, and restrictions on the voting
systems themselves with logical flaws. This is a system just waiting
to be hacked.
But it's technological innovation so therefore itís good according
to the government. Of course, the companies who developed the systems
market them as quite efficient in comparison to our current systems.
That may be true, but these systems are dangerous for the same reason
that biometrics in IDs are dangerous: weíre creating a medium where
technology assumes authenticity when the contrary is actually the
Thereís another reason to worry. The Secure Electronic Registration
and Voting Experiment (SERVE), a small, Pentagon-run program, may
become the standard for Internet voting by Americans who are abroad.
Of course, the system uses Microsoft Windows, which makes me cringe.
And they say security is of utmost concern to them. Even the supposedly
secure electronic voting machines in use here in the U.S. that backup
their results on CD-ROM are built on closed systems. Security by
obscurity is never a smart option.
One part of the problem stems from government-mandated research.
The government appropriates, as in this case, $1 billion to put
toward electronic voting systems, without first considering security
implications. Then they decide which technology to use. Not scientists.
So policy makers lobbied by companies who make these systems do
not generally have the technical know-how or information available
to show vulnerabilities and problems.
As much as we would like to think the policy makers would hear
about this issue, itís rather unlikely. Congress critters have aides
to read news and filter their e-mail not because theyíre insensitive
but because they truly do not have the time to wade through it all
and may or may not have actually touched a computer themselves in
the past twenty years. There are groups who talk to the policy makers
and represent the groups of concerned technology professionals who
understand the risks associated with this type of system. In fact,
there are quite a few activists out there who are saddling up to
take their concerns to the sheriff. The USACM
(U.S. Association for Computing Machinery public policy committee)
is quite concerned with this issue, as is the Center
for Public Integrity. A bunch of these people recently gathered
in Denver to discuss verified voting and how to make it a reality.
In my neck of the woods, Santa Clara county was working on approving
some electronic voting machines that are not technically secure
and the votes are not counted until required by law Ė at the end
of the election. As we all know, the loser(s) generally concede
well before that time, so any voter fraud would either not be discovered
at all or be discovered too late to fix the problem. David Dill,
a Stanford computer science professor, started an online petition
and a website, VerifiedVoting.org,
in order to raise awareness on the e-voting issue.
Still, organizations like the League
of Women Voters, Iím ashamed to say, donít get it. They think
that just because e-voting in theory leads to a more pure democracy,
itís a good thing in any form. Itís not. The problems of the 2000
election are minuscule compared to what could happen without verifiable
electronic voting systems Ė especially if voting law changes donít
occur to where we have a run-off between the two leading vote-getters.
We could be stuck with elections like 2000 for a long time given
the current state of politics in the U.S.. Sure there have been
touch-screen systems in place for ten years but theyíre not all
the same and each one could have its own problems. There are ways
around technical problems, but letís face it Ė nobody ever changes
these things until after major errors occur. The issue now is to
get these concerns heard before such systems are adopted. We still
have a long way to go.
Granger is currently a Project Director for the Computer Professionals
for Social Responsibility, based in Palo Alto, California. She
writes articles for Security Focus and is a member of the USACM
Public Policy Committee.