"...where the Spirit of the Lord is, there is liberty."
-2 Corinthians 3:17 (NASB)

"Facts are stubborn things; and whatever may be our wishes, our inclinations, or the dictates of our passion, they cannot alter the state of facts and evidence."
~John Adams

11.28.2007

01001000 01100001 01101110 01110011 01100101 01101100 + 01000111 01110010 01100101 01110100 01100101 01101100

According to my sources, the above spells "Hansel + Gretel" in binary (base-2) code. This article is going to take a more technological slant and show how local political climates have welcomed easy-to-hack voting machines that may loose Texas' democracy in the same way Hansel and Gretel lost their bread-crumb path.

In the wake of Florida's recount mess, there has been a great deal of push to move the ballot from paper to electronics so that votes can be counted with ease and speed. The problem with the electronic solution is that it simply leaves a trail of 1s (ons) and 0s (offs) that can be picked up by a malicious hacker and be more readily lost than any paper trail, just as Hansel and Gretel's bread-crumb scheme got them miserably lost. I am not against technology; in fact, I intend to pursue a career in electrical engineering. However, when technology has its limits, we must recognize them and not jeopardize the political future of this great state.

Multiple studies from Princeton University, the IEEE (Institute of Electrical and Electronics Engineers), and independent reports commissioned by states such as Maryland, Ohio, and California have concluded that electronic voting machine, particularly the popular Diebold machines, can be hacked by a determined team. These are high-quality studies that have been performed by experts and, to varying degrees, they show the risk in entrusting any vote solely to a pattern of 1s and 0s.

The Princeton study, probably the most independent yet fairly recent study, specifically focused on one of Diebold's voting machines. It found multiple ways in which determined hackers could install malicious software on the machine that could completely alter the outcome of the election.

The very ironic thing about Diebold’s response to this study is that they nowhere claim that their new systems remove the problems these researchers found with the old ones, only that the machines are new, have the most advanced data encryption techniques, and that the old ones will not be used in another election. As explained by Professor Edward W. Felten, who lead Princeton's research team: "Diebold made the same kinds of claims about this [older] version — claims that turned out to be wrong — that they are now making about their more recent versions."

More than just three crazy computer scientists from Princeton are complaining. I found at least five other quality studies [*] which came to very similar conclusions; an electronic voting machine could be hacked by determined political activists. One such study from an independent corporation commissioned by the State of Maryland stated:

“This Risk Assessment has identified several high-risk vulnerabilities... If these vulnerabilities are exploited, significant impact could occur on the accuracy, integrity, and availability of election results.”

Because of the inherent hack-ability of a trail of 1s and 0s, it is important that Texas elections leave a paper trail; a trail that can be verified. A study from RABA, who was also commissioned by Maryland, concludes:

“Ultimately we feel there will be a need for paper receipts...” (p 3)
This is the solution I propose. Allow votes to be cast electronically, but make sure that the people can verify those votes with some kind of paper receipt that voters get to look at and personally verify.

Technology is a good thing in Texas politics, but we must not get so caught up in it that we loose our trail, just as Hansel and Gretel supposedly did.

*Quotes from, citations of, and bios for these studies will be posted later for those who are interested. [edit: see my comment on this post]

3 comments:

  1. Here is a list of the five studies I found regarding the hackability of Electronic Voting Machines and the bios associated with them. Please check out the literature for yourself and come to your own conclutions.

    Studies:

    Princeton
    Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten. “Security Analysis of the Diebold AccuVote-TS Voting Machine” Center for Information Technology Policy (Princeton University, September 13 2006) http://itpolicy.princeton.edu/voting/ts-paper.pdf.

    IEEE
    Tadayoshi Kohno, Adam Stubblefield, Aviel D. Rubin, Dan S. Wallach “Analysis of an Electronic Voting System” (February 27 2004). IEEE Symposium on Security and Privacy 2004. (IEEE Computer Society Press, May 2004) http://avirubin.com/vote.pdf.

    SAIC
    Science Applications International Corporation. “Risk Assessment Report Diebold AccuVote-TS Voting System and Processes” State of Maryland (MD: September 2 2003). SAIC-6099-2003-261. Prepared for: Department of Budget and Management, Office of Information Technology. http://bravenewballot.org/resources/SAIC.pdf.

    RABA
    Michael A. Wertheimer, Dir. “Trusted Agent Report: Diebold AccuVote-TS Voting System” RABA Innovative Solution Cell (RiSC). (MD: Department of Legislative Services, January 20 2004). http://www.raba.com/press/TA_Report_AccuVote.pdf.

    Compuware
    Compuware Corporation. “Direct Recording Electronic (DRE) Technical Security Assessment Report” Ohio Secretary of State. (OH: November 21 2003). http://www.sos.state.oh.us/sos/hava/compuware112103.pdf.

    UC
    Matthew Bishop, Principal Investigator. University of California. Red Team Report. “Diebold Elections Systems, Inc.” California Secretary of State Debra Bowen. (2007) http://www.sos.ca.gov/elections/voting_systems/ttbr/red_diebold.pdf.

    Bios

    Ariel J. Feldman: Ph.D. student in the Princeton University, Computer Science Department.

    Alex Halderman: Is a PhD student in computer science at Princeton.

    Edward W. Felten: Professor of Computer Science and Public Affairs Director, Center for Information Technology Policy, Princeton University. Felten specializes in computer security and privacy, and technology policy. He is Feldman and Halderman’s advisor.

    Tadayoshi Kohno: Assistant Professor, Department of Computer Science and Engineering, University of Washington.

    Adam Stubblefield: Information Security Institute, Johns Hopkins University.

    Avi Rubin: B.S., M.S.E. and Ph.D., Professor of Computer Science and Technical Director of Information Security Institute.

    Dan Wallach: Associate professor in the systems group at Rice University's Department of Computer Science, manager of Rice's computer security lab, and the associate director of .

    The
    SAIC: Science Applications International Corporation is a leading systems, solutions and technical services company.

    RABA: is a consulting firm since 1994. The 2004 report was prepared by the RABA Innovative Solution Cell (RiSC). It became part of SRA International in October 2006.

    Dr. Michael Wertheimer: Assistant Deputy Director and Chief Technology Officer, Office of the Deputy Director of National Intelligence for Analysis.

    Compuware: a recognized industry leader in enterprise software and IT services that performs services for 95% of the Fortune 100 companies.

    University of California Red Team membership:
    Matthew Bishop: Ph.D., M.A., M.S., A.B. Is the Principal Investigator. Professor at the Department of Computer Science, University of California.
    Robert Abbott: B.S. Mathematics, U.C. Berkeley. Received the Fitzgerald Award for lifetime and continuing contributions to the field of IT Security.
    Elliot Proebstel: B.S., M.S.
    Sujeet Shenoi: Ph.D., M.S., M.S., B.Tech. is a F.P. Walter Professor of Computer Science.
    Davide Balzarotti: M.S., Ph.D. Post doctorate Researcher in Computer Security Computer Science Department, University of California Santa Barbara
    Greg Banks: B.S. Banks is a Ph.D. student and Research Assistant in the Security Lab. Department of Computer Science, University of California Santa Barbara.
    Marco Cova: M.S., Ph.D., Computer Security Group, Department of Computer Science, Santa Barbara, CA
    Mark Davis: M.S., B.S., A.A., Graduate Research Assistant, Department of Computer Science, University of Tulsa, Tulsa, Oklahoma. Was a Research Scientist, Air Force Research Laboratory, Rome, New York in the Summer of 2002
    Viktoria Felmetsger: B.S., Ph.D. Candidate and Research Assistant, Computer Security Lab, Department of Computer Science, University of California, Santa Barbara.
    Richard Kemmerer: Ph.D., M.S., B.S., a Professor, Department of Computer Science, University of California, Santa Barbara, and was a former chair of that department.
    William Robertson: B.S., is a Ph.D. Student, Computer Science University of California, Santa Barbara.
    Jacob Stauffer: B.S., M.S.,
    Fredrik Valeur: Siv.Ing, Ph.D., Is a Post Doctorate Researcher at the University of California Santa Barabara
    Giovanni Vigna: M.S. (cum laude), Ph.D. Associate Professor in the Department of Computer Science, University of California, Santa Barbara.

    ReplyDelete
  2. Wow....looooong list of resources!

    I personally think the idea of combining both paper and electronic voting is so obvious...when I was asked to take a side on this issue my VERY FIRST thought was "Why not both?" You get the best of both worlds while helping eliminate the worst by combining the two.

    ReplyDelete
  3. Just because computers are better at somethings it does not make them better at all things. Voting machines are a perfect example.

    ReplyDelete