Feeds

Dr. Strangevote saves mankind with Luddite voting recipe

How I Learned to Stop Worrying and Love the Paper Ballot

Security for virtualized datacentres

Usenix When it comes to elections, California Secretary of State Debra Bowen opts for blander, more traditional technologies, and that preference is helping her sleep better at night.

Speaking Wednesday at the Usenix Security Symposium in San Jose, California, the state's top elections official laid out a decidedly low-tech approach for ensuring that each voter's ballot is recorded as cast. It involves the use of ink pens to record votes on old-fashioned paper. An optical scanner records the information, and to make sure votes are counted correctly, ballots are randomly selected and compared with what's been tallied.

Not only is the method cheaper and less prone to polling-place glitches, she said, it also brings a transparency and auditability to elections that you can't get with today's electronic voting machines.

"Voting and counting paper ballots are things that all citizens can understand and in the case of random hand tallies, something that all citizens can observe and understand," she told about 400 attendees. "Hand tallies mean never having to say 'I trust you' to hundreds of thousands of lines of code no matter how cute and appealing they may be."

Bowen made her remarks during a 75-minute keynote titled "Dr. Strangevote or: How I Learned to Stop Worrying and Love the Paper Ballot."

As someone who understands cryptography and mucks around with Firefox extensions, Bowen is no stranger to computer technology. But last August, after commissioning a top-to-bottom review of all voting machines used in California, she imposed strict limitations on the use of e-voting machines from all four companies doing business in the state.

The move has made her unpopular in some circles, and she directed a few choice words to her critics.

"I sometimes wonder if those who continue to deny the stunning insecurities of the electronic voting systems that are on the market are the soul mates of those who persist in denying the evidence of global warming," she said. In either case, the risk of error is so grave that "the price of prevention is a lot lower than the cost of allowing the unwanted consequences of not taking action."

During Bowen's top-to-bottom review, a team of computer scientists uncovered a bevy of vulnerabilities that could allow someone to rig elections by making wholesale changes to voting results. Vulnerabilities included the ability to overwrite firmware, install malicious applications, forge voter cards and gain access to the inside of voting machines by unfastening screws that were supposed to be inaccessible. Gear made by Sequoia Voting Systems, Hart InterCivic and Premier Election Solutions (formerly Diebold) were all implicated. Products by Election Systems and Software wasn't included because the manufacturer refused to comply with the study.

By contrast, Bowen said, simple optical scanners reading paper ballots are much harder to hack, provided a statistically significant sample are manually checked against the results contained in databases. California law requires 1 per cent of ballots to be hand-checked in every race, except when a race is decided by a 0.5 per cent or less margin, in which case 10 per cent of ballots must be randomly audited.

"Paper ballots can be altered too, but it takes a retail, ballot-by-ballot process to do that," she said.

Lest anyone think e-voting is just another fanboi debate, Bowen reminded attendees that hanging in the balance of the controversy is nothing short of the future of civilization.

"Elections are important because in a democracy, that is how we transfer power in an orderly manner," she said. "That is how we decide what our collective will is and how we have chosen to give up bullets and instead rely on ballots. It is really critical for us to get this right." ®

Beginner's guide to SSL certificates

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
NOT OK GOOGLE: Android images can conceal code
It's been fixed, but hordes won't have applied the upgrade
Apple grapple: Congress kills FBI's Cupertino crypto kybosh plan
Encryption would lead us all into a 'dark place', claim G-Men
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.