In 2004, I appeared on a panel at Harvard alongside Debra Bowen, who was then a California State Senator. I found her to be extremely sharp, and particularly insightful about voting issues at a time when most of the public debate was thoroughly confused (it’s gotten a little bit better since).
Ms. Bowen has since become Secretary of State of California, and she brought on academics from the University of California system to perform a complete security review of all California voting equipment. The results were just published, and it’s not a pretty sight.
First, I want to congratulate Secretary Bowen on a fantastic initiative. I’m always surprised that public officials rarely take advantage of the free work that academics are willing to do for them, if given the chance. Boston deployed a RFID-based public transportation payment system without asking MIT, Harvard, BU, Tufts, Northeastern or any of their dozens of top-notch local universities to do even a cursory security review – I can only imagine the academic papers in the works now, ready to show just how weak that system likely is. The only thing that academics ask in return is the ability to publish their results, which shouldn’t be a problem for a branch of government that is accountable to the people. If you think I’m being sarcastic regarding public accountability, the current administration has made you far too cynical.
So this study is a fantastic development, a strong message from Secretary Bowen that more knowledge increases security. The naysayers, e.g.:
Letting the hackers have the source codes, operating manuals and unlimited access to the voting machines “is like giving a burglar the keys to your house,” said Steve Weir, clerk-recorder of Contra Costa County and head of the state Association of Clerks and Election Officials.
don’t get it. With all due respect to public officials, system security should be left to system security experts. Guess who else has “the source codes, operating manuals, and unlimited access to the voting machines?” The vendors and the election officials. And any enterprising hacker. The only ones who didn’t have this access until now were the law-abiding third-party security experts.
Now a quick note regarding the results of the study. I haven’t read the exact attacks against the machines. But I highly doubt that any computer scientist is truly surprised. It has always been clear that current electronic voting machines would not stand up to this kind of scrutiny. It’s just that we needed people to understand it in their gut, and since few people trust the philosophical debates of experts, a real experiment was required.
So now, how do we fix it? In the short term, designing processes at the polls to limit the risk. In the long term, we need auditable elections. The dirty secret here is that, while disclosing source code and using optical scanners will certainly improve the situation significantly, they won’t provide a complete solution. New techniques that use cryptography to provide individual users with their own “vote tracking receipt” have a chance. Secretary Bowen, I’m counting on you for the next step!