November 08, 2006
Voting Security: Back to the Greeks
Yesterday was election day in the US as you probably know if you live in the states and you probably could care less about if you don't. And if you're in the infosec world, you also know that everyone's been cranking up for the big day due in no small part to the increasing use of electronic voting machines and the increased scrutiny that this technology has come under in the past few months - both in academia, in public forums as well as through less traditional means. Needless to say, it's been something to watch - high entertainment indeed for the connoisseur of human folly (to borrow a phrase from Jane Austen).
Now, I'll fess up - I'm a bit of a Luddite. For example, I use fountain pens (even travel with them) despite the constant ink stains, I won't upgrade to anything after Visual Studio 6 because I don't want to learn the new interface, and I prefer driving a stick. Now, being the Luddite that I am - I think electronic voting is dumb. I revel in the fact that the small town of Amherst, NH hasn't caught wind of the hideous inefficiencies associated with the "write it down on a piece of paper" style of voting.
Now, that being said, here comes a bit of heresy: I think our election woes have very little to do with electronic voting machines or the fact that security is not built in to the electronic voting process. Sure, the process is flawed, the equipment is prone to theft, and there are bugs galore. But at the end of the day - are we worse off? I'm not sure that we are.
To illustrate what I mean, consider the case of Themistokles. Themistokles (or Themistocles if you prefer the Latin spelling) was a famous Greek naval commander who was ostracized for being too arrogant (well, or for taking bribes or for being a bad leader depending on who you ask.) Anyway ostracism was basically democratic banishment - individuals could be kicked out of Greek society for a period of ten years if enough people voted that they should be. Voters would write the name of the individual on a piece of clay called an ostraka (a voting token - one is pictured above) and put in a jar. If enough votes were in the jar, the person in question had to go. In the case of Themistocles, he had enough votes to get booted out - and he was. Now, what's really interesting about the Themistocles case is that years later, archaeologists found hundreds of ostraka at the bottom of a well; they were written out by fourteen different individuals and were hidden. In other words, somebody (quite obviously) rigged the election. Of course, voting fraud is nothing new. As long as there have been elections, there has been fraud. Ballot stuffing (like what happened to Themistokles), scare tactics, fraudulent reporting, voter intimidation - all of these things were there in Athens 2500 years ago and they're with us now. With apologies to Solomon, there's nothing new under the sun.
So here's the question I'd ask: how robust does a voting system have to be before it's "robust enough" for the purpose? Is it possible for someone to smuggle malware onto a Deibold machine? Sure. Is it possible for someone to file down the punch mechanism in lever-based system? Yes. Is it possible for someone to walk in to the voting place and say that they're me? Uh-huh. Look - here's my point: fraud can happen in electronic systems just like it can happen with clay jars. Maybe the security is worse with electronic voting machines or maybe it's worse - either way, we shouldn't expect more from electronic voting just because it's electronic. Instead, I think we should be asking another question: how invested are citizens in the voting process? Aristotle said - and I agree with him - that the more people vote, the more reliable the vote will be (this doesn't necessarily imply better decision making, by the way - just a more representative count.) It makes sense, doesn't it? In Attica, where there were only 6000 people voting, stuffing the ballot only required a few extra votes - in the US where upwards of 150 million people vote (on average), stuffing the ballot takes a lot more extra votes and is therefore harder to pull off.
Posted by Ed at November 8, 2006 10:40 AM | TrackBackI think the only real problem with electronic voting is similar to other digital problems we are having such as security, insecurity, and digital copyrights, etc.
With clay jars and levers, I can maybe affect local ballots. With electronic means, my one act may be so efficient as to affect huge swaths of voting precincts. Software/copyright piracy was never a huge problem for the RIAA when people could only copy cassette tapes, but now that mp3 downloading is so efficient, they are sitting up and taking notice (that's an understatement...).
So, that's the real issue here. Thankfully we don't vote online (yet) or in very central places, but instead we still vote in a huge amount of locations. But this is the point of the digital and industrial revolutions: automation and efficiency. Eventually we'll have fewer polling stations, more efficient machines that we vote on, and so on.
But that efficiency comes at the price of needing more security. And in something that requires a certain high level of integrity like a democratic, national election, the stakes are still pretty high to assure that tampering is not too high a possibility that it undermines our faith in it. :\
Anyway, nice post. :) I think the thing we need to accept is that electronic voting will happen, just like RFIDs will happen. That's progress and that's the sound of a huge river running downhill that we can't stop. We can only try to make it go where it should go, where we want it to go. So the challenging of the voting system are healthy, but not at the cost of saying no to all electronic voting.
Posted by: LonerVamp at November 8, 2006 03:18 PM