Information Security

Defending the digital infrastructure

iSTOCK/GETTY IMAGES

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Ping: Avi Rubin

Avi Rubin

Electronic voting machines will be used more than ever during this month's mid-term elections. To Avi Rubin, a professor of computer science at Johns Hopkins University and co-author of a seminal 2004 report on security problems in e-voting machines, this is a matter of national security. His book, "Brave New Ballot," shows how little has changed in the last two years.

Have electronic voting machines gotten more secure since your initial paper? It's difficult to tell because [Diebold and other manufacturers] are very secretive with their code. But if you know software, you know it isn't something that could evolve into a secure system. You can't improve an overcooked steak by cooking it more.

Is it possible to build a secure e-voting machine? One of the biggest problems with electronic voting doesn't have anything to do with whether the machines are secure—it's whether they're transparent and whether they might be rigged. A system that's fully electronic does not give people who use it the confidence that there's any kind of audit capability, that the votes are recorded correctly and that there isn't cheating.

How much do you think the report affected the electoral process? I think it's definitely the catalyst that got things started. But I don't think it would've had the same effect if it wasn't the right time for it. The machines were pretty widely adopted and almost no one was questioning their security, aside from some activists and computer scientists. So if our report gets credit for anything, it's being the first to say it in a public way that got everyone's attention.

What would be the ideal setup for implementing electronic voting? In the short term, the things to really press for are optically scanned paper ballots; they can be machine-generated or hand-generated as long as the voters have a chance to verify them. In the long term, I'm increasingly impressed by cryptographic solutions that allow you to verify not only that your vote was recorded, but that it was in the final tally. They give you a lot more than we have today, but they are quite opaque to people. Even with a Ph.D. in math or computer science, you can have a hard time understanding how they work.

And then there's the issue of recovery if the software's failing and you don't realize it. What do you do at the end of the election if the software wasn't working right?

I think we're a long way off, but, in my lifetime, I hope to see voting on these types of systems.


Read the full version at searchsecurity.com/ismag.

Article 19 of 20

Dig Deeper on Security industry market trends, predictions and forecasts

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close