No mandate for e-voting, computer scientist says

R.A. Hettinga rah at shipwright.com
Tue Nov 9 16:05:36 EST 2004


<http://gcn.com/cgi-bin/udt/im.display.printable?client.id=gcndaily2&story.id=27861>

No mandate for e-voting, computer scientist says
11/09/04
By William Jackson,
GCN Staff

Despite wide use in last week's presidential election, direct-recording
electronic voting still is a faulty method of casting ballots, one computer
scientist says.
"Paperless electronic-voting systems are completely unacceptable," said Dan
Wallach, assistant professor of computer science at Rice University.
Assurances about the machines' accuracy and reliability are not based on
verifiable data, Wallach said today at the Computer Security Institute's
annual conference in Washington.
Wallach was one of a team of computer scientists who in 2003 examined
source code for voting machines from Diebold Election Systems Inc. of North
Canton, Ohio, and reported numerous security flaws.
Cryptography implementation and access controls showed an "astonishingly
naive design," he said. "As far as we know, these flaws are still there
today."
Diebold has defended its technology and said the computer scientists
examined an outdated version of the code.
Wallach countered that without access to current code for any voting
machines, it's impossible to verify manufacturers' claims. The proprietary
nature of the code and a lack of government standards for voting technology
also make certification of the hardware and software meaningless, he said.
The IT Association of America hailed the Nov. 2 election as a validation of
direct-recording technology. But Wallach said sporadic problems with the
systems have been reported, and a thorough analysis of Election Day
procedures and results is under way.
Plus, a paper ballot that can be recounted is essential to a reliable
system, he said.
"Probably the best voting system we have today is the optical scan system,
with a precinct-based scanner," Wallach said. "It is very simple, it is
accurate, and it is auditable."
He suggested that a hybrid voting system that produces a verifiable paper
ballot would be as reliable as optical systems and would offer convenience
and accessibility for disabled voters.
A number of states, including California and Nevada, have laws or
legislation pending to require that voting machines produce paper ballots.
Wallach said technical standards that demand transparent certification
processes would go a long way toward increasing voting reliability.
"I think the Common Criteria would be a good place to start," he said,
referring to the set of internationally recognized standards for evaluating
security technology, either against vendor claims or against a set of needs
specified by a user.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list