Computer scientist defends security community stance on e-voting
Aviel Rubin is the professor at the center of the controversy over e-voting security
Computerworld - WASHINGTON -- The computer science professor at the center of the controversy over electronic voting system security told members of Congress yesterday that policymakers made "a mistake" by not conferring with security experts about voting system technologies. And he said that using the systems in November without first fixing the security flaws would be "irresponsible."
Aviel Rubin, a computer science professor at Johns Hopkins University in Baltimore, defended a series of recent studies that outlined significant security vulnerabilities in the current generation of e-voting systems -- and he criticized policymakers for not requiring security audits sooner. Rubin testified before the House Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census.
"I have been disappointed that the policy community did not reach out to the computer security community when making decisions about voting technology, and when my community came to the table, they said it was too late," said Rubin.
In February, Rubin co-authored a controversial paper that outlined major security vulnerabilities in the software powering e-voting systems developed by Diebold Inc. In addition to Rubin's research, three other independent studies have uncovered similar problems and a host of other issues related to the reliability of most electronic voting systems now in use.
"At this point, the failures of current [direct recording equipment voting systems] have been documented in four major studies by leading computer security experts," said Rubin. "Yet computer security experts, myself included, find ourselves routinely referred to as Luddites and conspiracy theorists."
In May, Harris Miller, president of the Information Technology Association of America, an Arlington, Va.-based association of IT vendor companies, labeled Rubin's research "misleading, at best," and compared his testimony at a hearing of the Election Assistance Commission to yelling "fire" in a crowded theater without cause (see story).
But Rubin has refused to back down, telling members of Congress that in a range of terrible to very good security, today's electronic voting systems "are sitting at terrible.
"Not only have the vendors not implemented security safeguards that are possible, they have not even correctly implemented the ones that are easy," said Rubin.
Terry Jarrett, general counsel to Missouri Secretary of State Matt Blunt, said the public's concern about the security and integrity of the election process is what prompted his state to certify only those e-voting systems that offered a voter-verifiable paper audit trail.
"At this point in time, Secretary Blunt is convinced that a voter-verified paper ballot is the only paper audit trail that can provide voters with a reasonable assurance that their vote will not be lost, destroyed or otherwise not
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
If you use ‘password,’ one the worst passwords, as your password, fail to keep antivirus protection updated and don’t bother to deploy security patches to close critical vulnerabilities, then maybe you should consider working for the cybersecurity-clueless federal government; you’d fit right in, according to Senator Tom Coburn's cybersecurity and critical infrastructure report.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Red Hat Enterprise Linux - The Original Cloud Operating System
- Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse
- Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Building a Bridge to the Next Generation Data Center
- Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- OpenStack and Red Hat: IDC White paper
- Most OpenStack deployments are by public cloud providers that are early adopters of technology and use OpenStack in a do-it-yourself deployment and support... All Government IT White Papers
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of...
- All Government IT Webcasts