Friday, October 29, 2010

CSOonline.com Dodges Debate on Internet Voting Security!

I tried to balance out this anti-Internet voting propaganda with facts and commonsense, but CSOonline.com would have none of that. Apparently, they only want to see one side. I wouldn’t have bothered to disillusion them, but for two reasons I had to persist. One is that the author is a worshipper of St. David Jefferson, and the other is that John Sebes has joined the love fest (he’s an insider on the DC fiasco).

Why won’t any of these True Believers engage me in an intelligent debate? (Do they all share a lack of courage? Sebes has even deleted my efforts to engage him on his blog; right, John?)

So, here is the propaganda piece, and my forbidden reply:

E-voting: How secure is it?

More than half of all states in the U.S. will allow some kind of internet voting this year. But security experts say it's a mistake and puts the nation at risk.

By Joan Goodchild, Senior Editor, October 28, 2010 — CSO —


Election fraud and vote tampering is as old as government. Before the American Revolution, most voting was done by voice. Voters would call out their pick for all to hear, which lead to intimidation and other nefarious tactics by those hoping to impact election results. The creation of the secret ballot was an improvement, but brought with it another host of possible modes of manipulation. In a quote that is now famous in American history, corrupt politician and Tammany Hall leader Boss Tweed often told constituents to 'vote early, and often.'

But surely, by 2010, with technology as sophisticated as it is and elections as regulated as they are, any voting system rolled out these days is no doubt fool-proof and iron-clad in terms of security, right? Not so, say some voting security experts. And, in fact, it's technology that makes new voting systems dangerous.

Back in 1999, David Jefferson, a computer scientist at the Lawrence Livermore National Laboratory and chairman of Verified Voting, an organization that monitors security of election systems, first began examining the issue of electronic voting, specifically internet voting, as technical chairman of a task force set up by the Secretary of State in California. "The original idea was that internet voting was a fine idea, and the only question was how best to deliver this capability to the citizens of California," recalled Jefferson. "The vision was people would be able to vote from home with computers, in their pajamas, or they could vote on the road, from the hotel, or from an Internet café. At any time, from anywhere. But as we studied the issue more carefully, we realized that it was a hopelessly dangerous concept."

The result, said Jefferson, was a report authored by the group advising election officials not to proceed with internet voting, at least not for a very long time. And in the 10-plus years since the report was released, Jefferson says the concept of internet voting has become no more secure.

Yet many states, in an effort to allow military and other overseas citizenry to vote, have opted to adopt it, much to Jefferson's amazement.

According to the Verified Voting, more than 30 states will allow ballots to be cast by email, fax or online this year. "This is a national security issue," said Jefferson, who vehemently opposes internet voting as much today as he did in 1999. "In elections, we are electing the President and the members of Congress who are going to make law and run the government of the United States. But we can expose the election infrastructure to cyber attacks by anybody in the world. That's what we do when we conduct online elections."

Case in point, according to Jefferson, is the recent demonstration by a team of students led by University of Michigan professor Alex Halderman. The group managed to easily hack into an internet-based system for overseas and military voters that the District of Columbia planned to test in the November election. Along the way, the team also found evidence the system had been penetrated by both Iranian and Chinese hackers.

"One of the great fears in an internet election is that you are exposing our votes to manipulation by foreign powers," said Jefferson. "I just consider this to be a major national security risk; a totally unnecessary, needless risk and it's shocking to me that election officials turn away from this. They don't want to hear it, and they certainly don't want to do anything about it." [THEY don’t want to hear it! Ed]

"As we moved to mechanical voting machines a century ago we moved into the era of Dilbert's boss administering technology he didn't understand," said Douglas Jones, an associate professor in the Department of Computer Science at the University of Iowa and a scientific expert serving on the federal Election Assistance Commission's Technical Guidelines Development Committee. "We're still there. We've advanced the technology and Dilbert's boss knows more now than he did a century ago. But he still doesn't know enough to master the system he's running."

Jones says elections officials in D.C. deserve a lot of credit for allowing the pilot system to be opened up to public test before actually using it in an election, even if it was done late and exposed serious problems. But he fears these kinds of precautions aren't being taken in smaller municipalities around the country with limited funds.

"The people in the D.C. election office who were administering the servers were people who have a lot of experience administering servers in the closed world of classical elections with no internet connections and no outsiders to deal with," said Jones. "This is evidence that the election office wasn't anywhere near up to administering a machine that was connected to the public internet. And the Washington D.C. people actually have a staff of professionally-trained people who know what they're doing. You can't say that in your typical county. The large, urban counties have resources in their election offices that average county doesn't have."

On-site electronic voting machines also risky
Both security experts also point to electronic voting machines as security risks, too. Electronic machines that allow votes to be cast at precincts without paper became popular after the 2000 U.S. Presidential election, and the now famous "hanging chad" controversy. But even these machines, used in a closed-precinct environment, still make Jefferson uncomfortable because of the possibility of vote tampering.

"The paperless, electronic-voting machines, machines in which there is no paper trail, and no way of auditing those machines, are a major security risk. But there are many election officials, even entire states, that insist they can conduct elections strictly with electronic-voting machines and that there are no security risks with it."

The lack of auditing inherent in many types of these kinds of machines causes controversy regularly. In fact, a conservative watchdog group in Nevada is currently embroiled in an argument with voting machine technicians in one county that are represented by the union SEIU. The group, Americans for Limited Government, wants state officials to intervene and ensure SEIU workers who operate the machines don't skew the results in favor of Senate Majority Leader Harry Reid, the union-endorsed candidate. Issues like this crop up every election season, noted Jefferson. Still, it's internet voting, and it's possible widespread adoption, that keeps him up at night.
"Internet voting is really this year's voting problem and I have to say it's about a thousand-times worse than the security risk of straight electronic voting machines in precincts," he said. [end]

http://www.csoonline.com/article/630699/e-voting-how-secure-is-it-


KELLEHER’S FORBIDDEN COMMENT

This article is a tad one-sided. The message it conveys is that “some voting security experts,” like David Jefferson and Douglas Jones, have sure-fire knowledge about the insecurity of Internet voting, while all the government officials who are trying it are clueless. Of course, it is not only the local election officials who do not understand, it is all those who have advised them along the way. That includes the experts who set up the systems now being successfully used by West Virginia and Arizona.

Six years ago, the Department of Defense had an Internet voting system ready to be used by a group of 100,000 overseas volunteers. Jefferson was one of the four rouge computer scientists who, with the help of the New York Times, publicized a pack of really scary stories about what a “catastrophe” would occur with Internet voting. One example is, “you are exposing our votes to manipulation by foreign powers,” an old refrain used again in Ms Goodchild’s article. Frightened out of his wits, Assistant Secretary of Defense, Paul Wolfowitz, who was also angling for the presidency of the World Bank, ordered a halt to the program. (He got the job.)

That was in 2004. Since then Internet voting has been tried with repeated success in some provinces in Canada, and in several nations in Europe. Hall and Alvarez write that no security, or other, problems have been reported. (Electronic Elections, page 71.) The voting security experts who built these systems must also be deluded, if Jones and Jefferson are to be believed.

But the repeated success of Internet voting trials around the world seems to belie the cries of “wolf!” that alarmists like Jefferson have made a career on. Their scary stories appear to have no basis in experience, with the sole exception of the recent DC fiasco. (For more details on this see “Scary Stories Fail to Stop Internet Voting”
http://ssrn.com/author=1053589 )

Also, Bob Carey, head of the Federal Voting Assistance Program, announced at a recent meeting that the Department of Defense has decided to restore the old SERVE system, with all the updates now available. (Citation given in “Scary Stories”)

Ms Goodchild’s article refers to the DC hack as if it were evidence in favor of the case made by Jefferson et al. But all the facts have yet to be discovered. For instance, the team at Trust the Vote, who built the DC system, have been, like Jefferson, long-time critics of Internet voting. Why did they submit a bid to build the system? Why did the DC officials hire them, as opposed to the companies that built the West Virginia and Arizona systems?

One observer wrote on Slashdot, not me, that the system seems designed to fail. Could that be true? Was the very construction of the system an insider attack? After a decade of crying “wolf!” without any actual facts to point to, the anti-Internet voting activists needed something tangible. The DC fiasco seems to be just what the doctor ordered.

Since John Sebes has joined the discussion, perhaps he can address some of these questions. (For more on this, including citations, see “Does the DC Fiasco Damn Internet Voting?” http://bit.ly/aIfiRa )

The Internet voting security debate has been one-sided for far too long, with the alarmist squeaky wheel getting all the attention. CIO.com would be an excellent spot for an intellectually honest engagement of the issues.

William J. Kelleher, Ph.D.
Fri, 2010-10-29 18:48
"Your comment has been queued for moderation by site administrators and will be published after approval."

No comments: