Feeds

Dr. Strangevote saves mankind with Luddite voting recipe

How I Learned to Stop Worrying and Love the Paper Ballot

3 Big data security analytics techniques

Usenix When it comes to elections, California Secretary of State Debra Bowen opts for blander, more traditional technologies, and that preference is helping her sleep better at night.

Speaking Wednesday at the Usenix Security Symposium in San Jose, California, the state's top elections official laid out a decidedly low-tech approach for ensuring that each voter's ballot is recorded as cast. It involves the use of ink pens to record votes on old-fashioned paper. An optical scanner records the information, and to make sure votes are counted correctly, ballots are randomly selected and compared with what's been tallied.

Not only is the method cheaper and less prone to polling-place glitches, she said, it also brings a transparency and auditability to elections that you can't get with today's electronic voting machines.

"Voting and counting paper ballots are things that all citizens can understand and in the case of random hand tallies, something that all citizens can observe and understand," she told about 400 attendees. "Hand tallies mean never having to say 'I trust you' to hundreds of thousands of lines of code no matter how cute and appealing they may be."

Bowen made her remarks during a 75-minute keynote titled "Dr. Strangevote or: How I Learned to Stop Worrying and Love the Paper Ballot."

As someone who understands cryptography and mucks around with Firefox extensions, Bowen is no stranger to computer technology. But last August, after commissioning a top-to-bottom review of all voting machines used in California, she imposed strict limitations on the use of e-voting machines from all four companies doing business in the state.

The move has made her unpopular in some circles, and she directed a few choice words to her critics.

"I sometimes wonder if those who continue to deny the stunning insecurities of the electronic voting systems that are on the market are the soul mates of those who persist in denying the evidence of global warming," she said. In either case, the risk of error is so grave that "the price of prevention is a lot lower than the cost of allowing the unwanted consequences of not taking action."

During Bowen's top-to-bottom review, a team of computer scientists uncovered a bevy of vulnerabilities that could allow someone to rig elections by making wholesale changes to voting results. Vulnerabilities included the ability to overwrite firmware, install malicious applications, forge voter cards and gain access to the inside of voting machines by unfastening screws that were supposed to be inaccessible. Gear made by Sequoia Voting Systems, Hart InterCivic and Premier Election Solutions (formerly Diebold) were all implicated. Products by Election Systems and Software wasn't included because the manufacturer refused to comply with the study.

By contrast, Bowen said, simple optical scanners reading paper ballots are much harder to hack, provided a statistically significant sample are manually checked against the results contained in databases. California law requires 1 per cent of ballots to be hand-checked in every race, except when a race is decided by a 0.5 per cent or less margin, in which case 10 per cent of ballots must be randomly audited.

"Paper ballots can be altered too, but it takes a retail, ballot-by-ballot process to do that," she said.

Lest anyone think e-voting is just another fanboi debate, Bowen reminded attendees that hanging in the balance of the controversy is nothing short of the future of civilization.

"Elections are important because in a democracy, that is how we transfer power in an orderly manner," she said. "That is how we decide what our collective will is and how we have chosen to give up bullets and instead rely on ballots. It is really critical for us to get this right." ®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.