A Real Shame

Yesterday, the Technical Guidelines Development Committee narrowly rejected Ron Rivest’s proposal that voting systems become software-independent. This is a real shame, and it should lead us to seriously question the qualifications and biases of those who voted against it.

The software-independence guideline means that a voting system can’t depend on software for its correctness. In other words, there must be some other auditing mechanism, be it paper or cryptography or something else we haven’t thought of yet. I am particularly disappointed by Stephen Berger, who represents IEEE, and who states

To totally improve the security of the system, we need to put all the systems under equal scrutiny.

This is a cop-out. Of course, everything must be under scrutiny, but equal scrutiny means what? How can you compare the scrutiny of software with that of voting processes? Scrutiny is scrutiny, and if you see a major risk, one where a small undetectable software change could affect the outcome of the election and never be auditable, then it’s fairly important to address the issue. Berger’s argument sounds a bit like “well, we don’t prosecute all criminals equally, so let’s not prosecute this really dangerous one, either.”

What’s also really shocking is the apparent lack of understanding of the difference between a retail attack and a wholesale attack. A software attack is wholesale: it’s conceivable that you might modify one piece of software, and all machines would then become vulnerable. Process-based problems are inherently retail: failures to implement a process correctly aren’t exactly contagious, they’re localized to the voting area where the problem occurs. Conceptually, these are completely different classes of threats.

So, is it true that there are problems beyond software dependence? Absolutely. But software dependence is a big one. It’s actually the one issue that all academic computer scientists agree on: even if we don’t agree on how to fix it, we agree that it should be addressed. I worry that, if the TGDC refuses to take stronger positions, the outcome won’t be very useful.

2 thoughts on “A Real Shame

  1. Pingback: Benlog » I spoke too quickly?

Comments are closed.