Monday, January 08, 2007

"Secure e-voting" is not an oxymoron.

A Computerworld article by Ben Rothke argues that we could make e-voting machines as trustworthy as Boeing 777s, if only we went about it in the right way.

The pro-e-voting camp focuses on the need to get away from feeble mechanical voting machines. The other side focuses on how insecure e-voting systems are and says they could threaten fair and accurate elections. The truth is that both camps are right....

Going digital for digital’s sake without ensuring that proper precautions have been taken is shortsighted and, when it comes to e-voting, a significant threat to democracy...

To ensure a robust and secure e-voting system, the U.S. government should establish an open standardization process and solicit input on requirements and other criteria from product manufacturers, standards organizations, citizens, information security and privacy experts, federal, state and local governments, and others.

Given that a single attacker can taint an entire election, the process of securing an e-voting system must be open for public analysis. The more eyes that analyze e-voting source code, the better we will be able to find and eliminate flaws. As it stands now, the e‑voting vendors guard their proprietary software and refuse to allow the public to analyze it. This cavalier, “trust me” attitude is intolerable.

Don’t think for a minute that opening up the software is an invitation for attack. Making source code available for analysis is a proven practice for finding flaws and weaknesses. Such peer review has historically been one of the best ways to determine the underlying security of a system. A perfect example of this is the Advanced Encryption Standard algorithm, which governments and financial institutions around the world use to secure data. AES was chosen to be a standard only after years of public examination and analysis.

“Secure e-voting” is not an oxymoron. Getting to that point simply takes a rigorous open-engineering approach. It is up to the voting public to demand it, the government to administer it and the vendors to deliver it.

Labels: , ,


Comment by Anonymous Anonymous:

All very good points.

We don't need proprietary solutions to our voting!

Tom Carsen

10:24 AM  

Post a Comment