The good (and bad) news about electronic voting
Security researcher cites interesting research on securing electronic voting systems.
Following the February 5 presidential primary, several county clerks in New Jersey asked an independent researcher to study the vote results on the state's electronic voting machines. The vendor, Sequoia, has threatened legal action, but so far hasn't taken any. Initial results suggest that there were some inconsistencies in vote tallies, although none were enough to reverse the election results themselves.
Since last year, several states have requested audits of electronic voting systems. In California, the audits resulted in some systems being scrapped for the 2008 presidential primaries. As we turn our attention to the fall 2008 presidential election, several security researchers have come forth with their own studies and suggestions. One of them is Brian Chess, chief scientist at Fortify.
Below is a transcript of part of my interview. The entire podcast can be heard here.
To start, I asked Brian what his take is on the whole electronic voting issue.
Chess: It might actually start off sounding bad, but the news really is good on the electronic voting part. So here's what's happening. In California last year, and they've since been followed by states like Ohio, and Florida, and Colorado, have been taking a hard look at the electronic voting system that they've purchased. Usually the way this happens is the secretary of state will go to the state university and say, "Give me some electronic voting experts and I want them to examine the systems that we purchase." Those experts go and examine the systems and they say, "You know, these don't provide a level of security that we're comfortable with," and then the state begins to restrict the use of that electronic voting technology based on the vulnerabilities or the concerns that the experts have identified.
That's a really good thing and I would have thought that the business world would have caught on before the politicians would have caught on, but here we've got the politicians at least in this electronic voting realm really listening to the experts about where the risks lie in a system that's critical to the functioning of our democracy. The way we vote. They're saying, "Hey, you know, maybe we want to really consider how to deploy this technology" and that's really, really good news. It's not good news that we're finding new systems that are not adequately secured. But it's good news that we're starting to think about some of the risks that these systems pose. Some of the work that I've been proudest of coming out of Fortify now is that we've been contributing to the analysis of these voting system and allowing the people conducting the reviews to use our source code analysis technology.
Me:Are you a part of any standards group that's looking into these systems?
Chess: Well, on the one side, you've got the companies who are making the voting machine; and on the other side, you've got people who are trying to legislate what threshold for security might be. So far, we've tried to stay out of that political arena.
Me: I'm thinking of something that I heard at RSA about software dependent and software independent models that are being discussed for electronic voting machines?
Chess:: The problem we have with the electronic voting machine is that there is, at some point or another in all of these systems, there is this very complicated black box, and in order for the election to do what you want, you have to trust that black box works correctly. So there are university researchers who are talking about systems that do not depend these sort of black box with a complicated mechanism in it, functioning correctly in order for you to know that you got the right result out of the election. I think that there is some really cool research going on there. But I don't think any of that is going to help us. Well, certainly not with this next presidential election. I would be pretty amazed if it helps with the one after that. But the frontier there is full of absolutely stellar work.
Me: Most of the researchers I've talked to about electronic voting have said, "We're stuck with it, and we just have to make it work the way it exists." Do you agree with something like that?
Chess: Look at what happened in California where they checked the voting machine, the electronic voting machine, but they said, "We're going to use these machines for a much more narrow purpose than they were originally designed for. We're going to keep them around, so people with disabilities can be independent voters," and that is now this sole function of the voting machines in California. I think that is a significant reduction in risk from saying, "These are the machines that we're going to turn our elections over to." I expect we'll see more compromises along those, along those lines, and I think that's a big step up from where we were just a few years ago.
Me:Any thoughts on the use of paper trails to verify the data?
Chess: There are a lot of machines that have been retrofitted to have paper trail included as part of them, but if you look at what the system of record is, the system of record is still not the paper trail or even when the system of record is the paper trail, paper trail is created in such a way that it makes it almost impossible to perform and audit using that paper trail. So I think that paper trail is a good idea, but it's very difficult to bolt onto a system and retrofit an insecure system to be secure because you added this paper trail.