Yesterday, the Technical Guidelines Development Committee narrowly rejected Ron Rivest’s proposal that voting systems become software-independent. This is a real shame, and it should lead us to seriously question the qualifications and biases of those who voted against it.
The software-independence guideline means that a voting system can’t depend on software for its correctness. In other words, there must be some other auditing mechanism, be it paper or cryptography or something else we haven’t thought of yet. I am particularly disappointed by Stephen Berger, who represents IEEE, and who states
To totally improve the security of the system, we need to put all the systems under equal scrutiny.
This is a cop-out. Of course, everything must be under scrutiny, but equal scrutiny means what? How can you compare the scrutiny of software with that of voting processes? Scrutiny is scrutiny, and if you see a major risk, one where a small undetectable software change could affect the outcome of the election and never be auditable, then it’s fairly important to address the issue. Berger’s argument sounds a bit like “well, we don’t prosecute all criminals equally, so let’s not prosecute this really dangerous one, either.”
What’s also really shocking is the apparent lack of understanding of the difference between a retail attack and a wholesale attack. A software attack is wholesale: it’s conceivable that you might modify one piece of software, and all machines would then become vulnerable. Process-based problems are inherently retail: failures to implement a process correctly aren’t exactly contagious, they’re localized to the voting area where the problem occurs. Conceptually, these are completely different classes of threats.
So, is it true that there are problems beyond software dependence? Absolutely. But software dependence is a big one. It’s actually the one issue that all academic computer scientists agree on: even if we don’t agree on how to fix it, we agree that it should be addressed. I worry that, if the TGDC refuses to take stronger positions, the outcome won’t be very useful.
2 responses to “A Real Shame”
US ACM Policy Blog “TGDC Reverses Course, Finishes Meeting”:
[…] As one astute commenter notes in my previous blog post on the TGDC meeting, a second resolution presented again by Ron Rivest today was accepted, thanks to revisions that grandfathered in existing machines. This is not quite as good as yesterday’s resolution, but it’s still quite good. So I must at the very least take back my harsh words about Stephen Berger, who obviously voted in favor of this new resolution. […]