Trust the vote? Not in DC! (Rebecca Mercuri)
Open source voting is, per se, not the answer to our huge election problems, as Rebecca argues with her usual acuity.
I don’t know if there’s been much follow-up on the DC voting system hack. I thought your readers would be interested in some recent developments. Please pass
this along if you can.
I was shocked to read on the DCBOEE’s website (at
that they had decided to proceed with the use of the voting system
they obtained from OSDV to collect Internet ballots in the November
2, 2010 general election, despite it having been proven to
be highly flawed in terms of both security and integrity. I have
become increasingly concerned that the recent wave of “voting hack
exhibitions” are having the reverse effect. I’m not saying that these
experiments shouldn’t continue, but by somehow validating that the
systems have been subjected to “testing” (even when this testing
exposes massive vulnerabilities), the vendors and election officials
seem to feel that it is appropriate to go ahead with deployment of
these products. “At least we know [some of] the problems” is no way
to run elections.
A lengthy October 22nd posting by Gregory Miller at the OSDV’s
TrustTheVote Project blog (at
comment-page-1#comment-9463>) underscores this “head in the sand”
attitude by lauding the fact that “the District owns 100% of the
source code, which is fully transparent and open source” as somehow a
good thing. Actually this “ownership” means that the DC Election
Officials had the freedom to deploy it, and they apparently did do
so, despite knowing that it was vulnerable to international attack.
Does the DCBOEE really think that their website admonishment about
the paltry $10,000 fine and possible imprisonment is going to stop
anyone, especially foreign hackers (who may not be subject
to US laws), from using proxy servers to avoid detection? Does the
OSDV truly believe that the DCBOEE has the ability to detect
tampering if it occurs? And if they discover that the system was
hacked during the actual election, do they have a plan to allow the
affected voters to recast their ballots in a secure way? Heck, when
consumer electronics or automobiles are discovered to have systemic
problems, they are RECALLED! Shouldn’t the OSDV folks be ashamed of
for not including a clause in their distribution that IMMEDIATELY
RECALLS THIS PRODUCT and ENSURES IT WOULD NOT BE USED IN ANY ACTUAL
GOVERNMENT ELECTION, if any vulnerabilities test or subsequent data
exposes it as insecure and/or unreliable?
Even more disconcerting is the cavalier attitude by the DCBOEE, in
deciding to go ahead with this moronic experiment, knowing that the
system was so massively flawed. This proves EXACTLY WHAT I (and
others) HAVE ALWAYS SAID ABOUT OPEN SOURCE VOTING — even if OSDV had
been able to provide an update to remedy all of the KNOWN problems,
be no time to adequately test it, and there would be no way for the
voters to ensure that the CORRECTED version (and not a flawed or
hacked one) is being used at the time of the election.
Open source voting thus provides a false sense of security about
electronic elections, which this sad experience has vividly
demonstrated. As Ken Thompson said in 1984: “You can’t trust code that
you did not totally create yourself. No amount of source-level
verification or scrutiny will protect
you from using untrusted code.” This is still true, whether the
election community, seemingly well-intentioned developers, and
security experts want to believe it or not. Transparency is NOT
equivalent to Trust, especially in voting systems.
Don’t get me wrong, of course I believe that open source is a good
thing for many types of applications — voting (especially over the
Internet or in fully electronic systems) just is NOT one
of these. Sure, all aspects of voting systems must be open to
thorough review. But the voting
problem CANNOT BE SOLVED using open source. (If this sounds like a
contradiction, it is, as
I described in my doctoral dissertation, downlodable at
<www.notablesoftware.com/evote.html>, because there is an inherent
conflict in the ability to create a trusted system that also provides
full anonymity.) Our election integrity colleagues must ensure that
these points are made whenever they demonstrate vulnerabilities.
Anyone who allows voters, election officials, and members of the
press to think otherwise is contributing to this outright fraud.
Perhaps if the VENDORS are fined $10,000 and threatened with jail
sentences, this charade will finally end.