Feeds

Dr. Strangevote saves mankind with Luddite voting recipe

How I Learned to Stop Worrying and Love the Paper Ballot

Protecting against web application threats using SSL

Usenix When it comes to elections, California Secretary of State Debra Bowen opts for blander, more traditional technologies, and that preference is helping her sleep better at night.

Speaking Wednesday at the Usenix Security Symposium in San Jose, California, the state's top elections official laid out a decidedly low-tech approach for ensuring that each voter's ballot is recorded as cast. It involves the use of ink pens to record votes on old-fashioned paper. An optical scanner records the information, and to make sure votes are counted correctly, ballots are randomly selected and compared with what's been tallied.

Not only is the method cheaper and less prone to polling-place glitches, she said, it also brings a transparency and auditability to elections that you can't get with today's electronic voting machines.

"Voting and counting paper ballots are things that all citizens can understand and in the case of random hand tallies, something that all citizens can observe and understand," she told about 400 attendees. "Hand tallies mean never having to say 'I trust you' to hundreds of thousands of lines of code no matter how cute and appealing they may be."

Bowen made her remarks during a 75-minute keynote titled "Dr. Strangevote or: How I Learned to Stop Worrying and Love the Paper Ballot."

As someone who understands cryptography and mucks around with Firefox extensions, Bowen is no stranger to computer technology. But last August, after commissioning a top-to-bottom review of all voting machines used in California, she imposed strict limitations on the use of e-voting machines from all four companies doing business in the state.

The move has made her unpopular in some circles, and she directed a few choice words to her critics.

"I sometimes wonder if those who continue to deny the stunning insecurities of the electronic voting systems that are on the market are the soul mates of those who persist in denying the evidence of global warming," she said. In either case, the risk of error is so grave that "the price of prevention is a lot lower than the cost of allowing the unwanted consequences of not taking action."

During Bowen's top-to-bottom review, a team of computer scientists uncovered a bevy of vulnerabilities that could allow someone to rig elections by making wholesale changes to voting results. Vulnerabilities included the ability to overwrite firmware, install malicious applications, forge voter cards and gain access to the inside of voting machines by unfastening screws that were supposed to be inaccessible. Gear made by Sequoia Voting Systems, Hart InterCivic and Premier Election Solutions (formerly Diebold) were all implicated. Products by Election Systems and Software wasn't included because the manufacturer refused to comply with the study.

By contrast, Bowen said, simple optical scanners reading paper ballots are much harder to hack, provided a statistically significant sample are manually checked against the results contained in databases. California law requires 1 per cent of ballots to be hand-checked in every race, except when a race is decided by a 0.5 per cent or less margin, in which case 10 per cent of ballots must be randomly audited.

"Paper ballots can be altered too, but it takes a retail, ballot-by-ballot process to do that," she said.

Lest anyone think e-voting is just another fanboi debate, Bowen reminded attendees that hanging in the balance of the controversy is nothing short of the future of civilization.

"Elections are important because in a democracy, that is how we transfer power in an orderly manner," she said. "That is how we decide what our collective will is and how we have chosen to give up bullets and instead rely on ballots. It is really critical for us to get this right." ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.