About That Next Election ...
One of the few glimmers of hope that moderates my despair about our government is the vision that a fed-up electorate will "throw the bums out." Which is why news like the latest from California can just about ruin my week. Since it's Monday, I thought I'd share.
The Republican Secretary of State in California has just certified electronic voting machines produced by Diebold, despite the report of a scientific panel that found that the machines were easy to hack, and had multiple security flaws.
After the debacle of the 2000 Presidential election, Congress supposedly jumped to fix the problem, and assure Americans that it would never happen again, that the basic infrastructure of elections would be improved and made trustworthy. Sadly, this has not happened. Before I heard the President and Attorney General baldly spouting anti-Constitutional rhetoric, the idea that national election fraud might be in the works would have seemed crazy. Now? Well, California does have a lot of electoral votes.
The Republican Secretary of State in California has just certified electronic voting machines produced by Diebold, despite the report of a scientific panel that found that the machines were easy to hack, and had multiple security flaws.
But the experts were plainly troubled by flaws in Diebold's systems. The panel, which included David Jefferson of Lawrence Livermore National Laboratory and David Wagner of Berkeley, observed that the removable memory cards used by Diebold were vulnerable to undetectable acts of tampering.As a former software professional, with responsibility for testing security features for web browsers, I have to say this last bit is the most damning. I haven't seen their source code, but one can imagine that generating and then checking a new encryption key into their source code would take virtually no time. Imagine doing a search-and-replace of a word in a text document, and saving the new version. It's a bit more complicated, but not much. Of course, you'd want to have local operators still creating their own, but why not change it in your code? It's the only professional approach, given how easy it should be to do. (If it isn't easy to do, that says something very bad about the way their code has been designed and managed, which means we shouldn't be using it.) That they haven't made this change is so ridiculous that it suggests ulterior motives, because it's hard to imagine someone so cavalier or incompetent.
The panel found 16 software bugs that could cede "complete control" of the system to hackers who might then "change vote totals, modify reports, change the names of candidates, change the races being voted on," and even crash the machines, bringing an election to a halt. Hackers wouldn't need to know passwords or cryptographic keys, or have access to any other part of the system, to do their dirty work. Voters, candidates and election monitors wouldn't necessarily know they'd been rooked.
The bugs lead some computer professionals to believe that Diebold's software designers never treated security as a high priority. "It's like they were making a mechanical device, and never heard of computer security," says David Dill, an expert in electronic voting at Stanford University who wasn't on the panel.
The bugs pale next to another discovery by the panel. This is the presence of a cryptographic key written into the source code, or basic software, of every Diebold touch-screen machine in the country. The researchers called this blunder tantamount to "a bank using the same PIN code for every ATM card they issued; if this PIN code ever became known, the exposure could be tremendous."
Here's the punch line: The Diebold key became known in 2003, when it was published by researchers at Johns Hopkins and Rice universities. It can be found today via a Google search. What's worse, the key was first identified in 1997 by a University of Iowa researcher, who promptly warned the manufacturer of the flaw, apparently to no avail.
Diebold contended in 2003 that the Hopkins-Rice researchers had examined "an older version" of its code, suggesting that the flaw had been removed. But that doesn't explain why the same defect was found this year by the Berkeley panel, which wrote that it was hard-pressed "to imagine any justification" for continuing to use a cryptographic key that had been publicly compromised.
A Diebold spokesman told me that the key isn't a security issue today because election officials are instructed to override it with their own key before running the machines. McPherson's office requires county officials to perform the override as a condition to allowing them to use the machines. But many computer security experts say that's a poor solution. The human factor is an inherent flaw in any security system, and it's a mistake to rely on overstressed and overworked election officials to run through a complicated checklist, especially when the procedure would be unnecessary if the system were designed properly in the first place.
After the debacle of the 2000 Presidential election, Congress supposedly jumped to fix the problem, and assure Americans that it would never happen again, that the basic infrastructure of elections would be improved and made trustworthy. Sadly, this has not happened. Before I heard the President and Attorney General baldly spouting anti-Constitutional rhetoric, the idea that national election fraud might be in the works would have seemed crazy. Now? Well, California does have a lot of electoral votes.
posted by Paul at 8:58 AM |
|
email this
