[ale] OT: Electronic Voting in GA

Bob Toxen bob at verysecurelinux.com
Tue Oct 28 00:49:22 EST 2003 

On Sun, Oct 20, 2002 at 11:25:58PM -0600, Joseph A Knapka wrote:
> John Mills wrote:
> >Joe, all -
> >On Sat, 19 Oct 2002, Joseph A Knapka wrote:
> >>John Mills wrote:

> >>>How would you compare auditing a direct-electronic voting system with
> >>>auditing a state's old-style mechanical lever machines?

> >Context - when I said 'mechanical' I meant the old lever style.

> >>With mechanical voting machines you have an absolutely irrefutable
> >>physical representation of each voter's vote.

> >You don't have any way to know if your vote was actually added to the
> >counter for your candidate, since the counters are out of sight (for their
> >protection). Ultimately the totals were transcribed manually. Anyway,
> >no one can afford to maintain or set up these beasts any more.
As a young child, I remember seeing those counters and they were
NOT covered.  You could note the count before you went into the booth
to cast your vote and you could note when you came out that the count
for your candidate had increased and that the count for the evil, corrupt,
scum running against him had not.  Representatives of any candidate that
suspected machine tampering could physically examine the innards and see
if the gears appeared filed down, etc.

NOBODY observes the integrity of the data from the touchscreen devices
being uploaded to the servers that do the counting.

> >>With any automated
> >>system, you need some way to be sure that there isn't some code
> >>in there that says, "No matter what buttons the voters press,
> >>record 65% of the vote for candidate A and distribute the
> >>remainder randomly among the other candidates."


> >I certainly don't say this _can't_ happen, but there are some measures
> >that can make it a bit trickier:


> Public key cryptography allows us to achieve provably
> secure electronic voting, immune from this sort of
> attack (see Bruce Schneier's "Applied Cryptography") -
> is the GA system using such techniques? Any electronic
> voting system certainly ought to, but somehow I doubt
> they actually do.
Yup!  There are all kinds of well-understood techniques for ensuring
no tampering.  The touchscreen devices each could have a different
private key that is used encrypt someones vote.  The encrypted traffic
could remain encrypted throughout the network, to be unencrypted only
at the county's secure computer room.  Intermediate systems each could
record the encrypted data permanently.

Each voting system could keep a running total of votes that would be
encrypted and recorded in each precinct (sic).  Those counts would be
physically transported separately from the electronicly transmitted
readings from the cards.  The counts would be compared.

There are lots of other techniques designed by others having spent months
or years thinking about the problem rather than my five minutes.

None of them appear to be used in the Diebold system.

> Cheers,

> -- Joe

Congratulations, President Gates.

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002

More information about the Ale mailing list