Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

E-voting terminals: gambling with data?

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » Editorials & Other Articles Donate to DU
 
phoebe Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Jul-20-04 10:56 AM
Original message
E-voting terminals: gambling with data?
http://www.theregister.co.uk/2004/07/20/e_voting_terminals/

snip

If e-voting critics really want to take a lesson from Vegas, they should look at the history of gambling machine security. New means of stealing money still come along from time to time, and new measures are taken to prevent it. There was a time where a piece of aluminum foil could make a slot machine pay out, and there will always be new attacks against these units. Some are trivially simple, and at some point cash will be lost.

There's no reason to think e-voting machines can hold up better. Knowing this, it stands to reason that voting machine security should be concentrated on the aftermath of an attack, and not the attack itself. Regardless of how someone breaks an electronic ballot, the fact that it was broken into must remain the most important point of knowledge - data integrity must be required. The attack vector can be addressed later; we must first know if any votes were tainted, and we need a plan for recovering lost votes.

Other comparisons fare little better than the slot machines. Academics have suggested ATM machines as a model for e-voting machines, and one of the largest e-voting players, Diebold, also makes cash machines. ATMs are very physically secure, and even possess data integrity mechanisms (like having crypto keys embedded in the keypads rather than some extraneous software exchange). But, here, too, the security is directed at protecting cash, not data. Moreover, ATM's are hardly invulnerable themselves: they're increasingly deployed on insecure networks. I write about just this scenario in Syngress' new book, "Stealing the Network: How to Own a Continent".

We've already seen the dangers of applying the wrong kind of security to e-voting. Earlier deployments of Diebold's physically secure voting machines used a Microsoft Access database to store and tally votes. Diebold reportedly left this database anonymously accessible via the Internet, with no password, and no change log. It doesn't matter if the unit could withstand a tactical nuclear missile attack if someone on the Internet could point and click someone into elected office from the comfort of their desktop.


Article written by:

Timothy M. Mullen is CIO and Chief Software Architect for AnchorIS.Com, a developer of secure, enterprise-based accounting software. AnchorIS.Com also provides security consulting services for a variety of companies, including Microsoft Corporation.
Printer Friendly | Permalink |  | Top

Home » Discuss » Editorials & Other Articles Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC