PING with Aviel Rubin

In this exclusive interview with Information Security magazine, Aviel Rubin, author of "Brave New Ballot" examines security problems in e-voting machines, and details why isn't just a cause for concern, it's a matter of national security.

Electronic voting machines will be more widely deployed than ever before during this month's mid-term elections. To Aviel Rubin, a professor of computer science at Johns Hopkins University and co-author of a seminal 2004 report on security problems in e-voting machines, this isn't just a cause for concern, it's a matter of national security. His new book, Brave New Ballot, shows just how little has changed in the last two years.

Have electronic voting machines gotten any more secure since your initial paper?
Rubin: It's very difficult to tell because [Diebold and other manufacturers] are very secretive with their code. But if you know software, you know it isn't something that could evolve into a secure system. You can't improve an overcooked steak by cooking it more.

Is it possible to build a secure e-voting machine?
Rubin: One of the biggest problems with electronic voting doesn't have anything to do with whether they're secure, it's whether they're transparent and whether they might be rigged. And a system that's fully electronic does not give people who use it the confidence that there's any kind of audit capability, that the votes are recorded correctly and there isn't cheating. So if for no other reason than transparency, I think we shouldn't be using fully electronic systems.

How closely are lawmakers paying attention to this, if at all?
Rubin: I think it's got their attention now. There's a lot of media coverage around this issue. Lawmakers, at least every one that I know of, have to get elected so they have to be very concerned with the mechanism by which they get elected.

How much do you think the report itself affected the electoral process?
Rubin: I think it's definitely the catalyst that got things started. But I don't think it would've had the effect it did if it wasn't the right time for it. The machines were pretty widely adopted and almost nobody was questioning their security, aside from some activists and some computer scientists. So if our report gets credit for anything, it's being the first to say it in a very public way that got everyone's attention. The media deluge was such that they realized they were on to a story that no one had realized before.

What would be the ideal set-up for implementing electronic voting?
Rubin: In the short term the things to really press for are optically scanned paper ballots. And they can be machine-generated or hand-generated as long as the voter has a chance to verify them. In the long term, I'm increasingly impressed by the cryptographic solutions. These solutions allow you to verify not only that your vote was recorded, but that it was in the final tally. So they give you a lot more than we have today. But they are quite opaque to people. Even with a Ph.D. in math or computer science you can have a hard time understanding how they work. And then there's the issue of recovering if the software's failing and you just don't realize it. What do you do at the end of the election if the software wasn't working right? I think we're a long way off, but in my lifetime I hope to see voting on these types of systems.

This was last published in October 2006

Dig Deeper on Information security laws, investigations and ethics

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.