Computerworld
Home News Blogs ReviewsWhite Papers Newsletters IT Careers

resource center


Ads by TechWords

See your link here

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
 

Print edition

50M Electronic Votes Could Be Insecure, Say Researchers

Experts, vendors spar at commission hearing

By Dan Verton
May 10, 2004 12:00 PM ET
Recommended
(0)
Digg
Share/Email

Computerworld - WASHINGTON -- IT security researchers said they have uncovered significant vulnerabilities in the electronic voting systems that nearly 30% of all registered voters will use in this November's presidential election.
In testimony before the U.S. Election Assistance Commission last week, security researchers said that without voter-verifiable paper receipts, the 50 million Americans who will use electronic voting machines this fall will have no way of knowing if their votes were subject to electronic tampering. Moreover, the code base powering the systems is so large and complex that there's no efficient way for election officials to be sure that it's free of malicious code designed to manipulate election results.
Avi Rubin, a professor at the Johns Hopkins University Information Security Institute in Baltimore, said his biggest concern is the threat of individuals who have access to the code base rigging the election. "And it's virtually undetectable," he said.
"The trusted computing base is approximately 50,000 lines of computer code sitting on top of tens of millions of lines of [operating system] code," Rubin said. "It is impossible to secure such a large trusted-computing base."
Rubin recently had 40 Ph.D. candidates design Trojan horse programs to assess the security of the e-voting systems. "I was astounded to see the cleverness and ease with which the malicious code was hidden and how difficult it was to find," he told the commission. "In the short term, meaning November 2004, a voter-verifiable paper ballot is necessary. It's the only way to get around all of the security problems in the machines" and, if necessary, to conduct meaningful recounts.
Identifying Vulnerabilities
Rubin, who has come under fire from IT vendors and their Washington lobbying group, the Information Technology Association of America, recently worked as a polling official to observe the process firsthand.

Johns Hopkins professor Avi Rubin
Johns Hopkins professor Avi Rubin
Image Credit: Dan Verton

Although Rubin said that the experience forced him to rethink some of his early concerns about the security of the systems, he added that he came away with new concerns about the risk of manipulation and fraud.
"At the end of the day, the memory cards were taken out of all of the machines and put into one machine ... and then they were [transmitted via modem] to back-end servers," said Rubin. He also noted that the polling station used a broken cipher for encryption and a key that was hard-wired to all of the machines. That constituted "a single point of vulnerability," he said.
Ted Selker, a professor at MIT and a former IBM fellow, said there are ways to counter such vulnerabilities. But encryption would be too difficult to deploy in time for the November vote, he said. And in some cases, registration databases remain full of errors -- a problem that led to the loss of between 1.5 million and 3 million votes during the 2000 election, Selker said.
The IT vendors that make the systems in question sought to discredit Rubin's research by characterizing it as laboratory work that has little relevance to a real-world voting environment. Some also complained that until last year, election officials were more interested in usability improvements than in better security.
"What's been missing from these laboratory-originated critiques has been the real-world experience of the voting booth," said Mark Radke, director of marketing at McKinney, Texas-based Diebold Election Systems, which made the system tested by Rubin and his students. The questions and doubts raised are "theoretical in nature," he said.
Neil McClure, general manager of Hart InterCivic Inc. in Austin, said product changes should be based on risk assessments, not solely on the existence of vulnerabilities. He discounted the threat of electronic tampering, saying it would require a long-term commitment by a motivated attacker.
In any case, both the IT vendors and the researchers agreed that properly securing the existing systems will also be a long-term process.
"For 2004, we have the equipment we have," said Selker.
E-voting system vendors told federal officials the threat of tampering is overblown.
E-voting system vendors told federal officials the threat of tampering is overblown.
Image Credit: Dan Verton


Recommend Digg Twitter ShareThis
Email Print Send Feedback Reprints

Additional Resources

Xerox
Win a color printer!
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Upgrade to Internet Explorer 8 today.
Save time and mitigate security risk. Deploy it now.
Sybase
NEXT-GENERATION MOBILITY PLATFORMS
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

U.S. Restaurant Chain Bakes in Whitelisting
Targeted attacks, data theft and PCI DSS compliance are current challenges for most organizations today. In this Case Study, discover how Bit9 helped...  

Modernizing the IT Infrastructure
(Source: Oracle) There is a lot of legacy in many government IT systems today - legacy hardware, legacy software platforms, and legacy skills...

IT Modernization in Government
As IT budgets are slashed, IT management pressures rise and legacy systems linger in government organizations, modernizing the IT infrastructure and applications has...  

Usability Is Everything
Learn what sets Workday's HR and Payroll solutions apart from the competition....

Accelerate SSL Encrypted Applications
The amount of SSL traffic is growing in the enterprise. Because it is encrypted, it cannot be properly controlled and accelerated. Blue Coat...  

The Value of Real SaaS at Workday
Cost savings, speed to value, and innovation brought to the enterprise by Workday's software-as-a-service solutions for HR and Payroll....

ESG Lab Field Audit
Many companies have successfully implemented Riverbed WAN optimization solutions within their Cisco networks. This ESG Lab Field Audit document explores the success that...  

SaaS at Flextronics, Inc.
Dave Smoley, CIO of Flextronics, discusses the real value of software-as-a-service and why he chose Workday for his HR solution....

Shape Your Apps Strategy to Reflect New SaaS Licensing and Pricing Trends
Why are smart companies choosing software-as-a-service? Find out in the complimentary Forrester Research report...  

Why Compliance Pays
This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data...

All White Papers | All Webcasts

Computerworld Reports

An Interactive eBook: Enterprise Security

The Business Case for Server Virtualization

Computerworld Technology Briefing: Intelligent Users Use Business Intelligence

All Computerworld Reports
 

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.