Home > Information Security Magazine > Columns > Ping
EMAIL THIS LICENSING & REPRINTS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Ping
by Dennis Fisher
Issue: Nov 2006
printer-friendly
licensing & reprints

Electronic voting machines will be used more than ever during this month's mid-term elections. To Avi Rubin, a professor of computer science at Johns Hopkins University and co-author of a seminal 2004 report on security problems in e-voting machines, this is a matter of national security. His book, "Brave New Ballot," shows how little has changed in the last two years.

Have electronic voting machines gotten more secure since your initial paper? It's difficult to tell because [Diebold and other manufacturers] are very secretive with their code. But if you know software, you know it isn't something that could evolve into a secure system. You can't improve an overcooked steak by cooking it more.

Is it possible to build a secure e-voting machine? One of the biggest problems with electronic voting doesn't have anything to do with whether the machines are secure—it's whether they're transparent and whether they might be rigged. A system that's fully electronic does not give people who use it the confidence that there's any kind of audit capability, that the votes are recorded correctly and that there isn't cheating.

How much do you think the report affected the electoral process? I think it's definitely the catalyst that got things started. But I don't think it would've had the same effect if it wasn't the right time for it. The machines were pretty widely adopted and almost no one was questioning their security, aside from some activists and computer scientists. So if our report gets credit for anything, it's being the first to say it in a public way that got everyone's attention.

What would be the ideal setup for implementing electronic voting? In the short term, the things to really press for are optically scanned paper ballots; they can be machine-generated or hand-generated as long as the voters have a chance to verify them. In the long term, I'm increasingly impressed by cryptographic solutions that allow you to verify not only that your vote was recorded, but that it was in the final tally. They give you a lot more than we have today, but they are quite opaque to people. Even with a Ph.D. in math or computer science, you can have a hard time understanding how they work.

And then there's the issue of recovery if the software's failing and you don't realize it. What do you do at the end of the election if the software wasn't working right?

I think we're a long way off, but, in my lifetime, I hope to see voting on these types of systems.


Read the full version at searchsecurity.com/ismag.





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts