Computer scientist defends security community stance on e-voting
Aviel Rubin is the professor at the center of the controversy over e-voting security
Computerworld - WASHINGTON -- The computer science professor at the center of the controversy over electronic voting system security told members of Congress yesterday that policymakers made "a mistake" by not conferring with security experts about voting system technologies. And he said that using the systems in November without first fixing the security flaws would be "irresponsible."
Aviel Rubin, a computer science professor at Johns Hopkins University in Baltimore, defended a series of recent studies that outlined significant security vulnerabilities in the current generation of e-voting systems -- and he criticized policymakers for not requiring security audits sooner. Rubin testified before the House Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census.
"I have been disappointed that the policy community did not reach out to the computer security community when making decisions about voting technology, and when my community came to the table, they said it was too late," said Rubin.
In February, Rubin co-authored a controversial paper that outlined major security vulnerabilities in the software powering e-voting systems developed by Diebold Inc. In addition to Rubin's research, three other independent studies have uncovered similar problems and a host of other issues related to the reliability of most electronic voting systems now in use.
"At this point, the failures of current [direct recording equipment voting systems] have been documented in four major studies by leading computer security experts," said Rubin. "Yet computer security experts, myself included, find ourselves routinely referred to as Luddites and conspiracy theorists."
In May, Harris Miller, president of the Information Technology Association of America, an Arlington, Va.-based association of IT vendor companies, labeled Rubin's research "misleading, at best," and compared his testimony at a hearing of the Election Assistance Commission to yelling "fire" in a crowded theater without cause (see story).
But Rubin has refused to back down, telling members of Congress that in a range of terrible to very good security, today's electronic voting systems "are sitting at terrible.
"Not only have the vendors not implemented security safeguards that are possible, they have not even correctly implemented the ones that are easy," said Rubin.
Terry Jarrett, general counsel to Missouri Secretary of State Matt Blunt, said the public's concern about the security and integrity of the election process is what prompted his state to certify only those e-voting systems that offered a voter-verifiable paper audit trail.
"At this point in time, Secretary Blunt is convinced that a voter-verified paper ballot is the only paper audit trail that can provide voters with a reasonable assurance that their vote will not be lost, destroyed or otherwise not
This pilot fish is a contractor at a military base, working on some very cool fire-control systems for tanks. But when he spots something obviously wrong during a live-fire test, he can't get the firing-range commander's attention.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Reduce federal infrastructure risk with compliance management and situational awareness
- IBM continuous monitoring and management solutions deliver real-time situational awareness to help federal agencies understand vulnerabilities, and protect the infrastructure.
- Top 3 Myths about Big Data Security : Debunking common misconceptions about big data security
- Big data represents massive business possibilities and competitive advantage for organizations that are able to harness and use that information. But how are...
- Magic Quadrant for Data Masking Technology
- IBM is a leader in Gartner Inc's Magic Quadrant for Data Masking Technology. Read the full report to learn about IBM.
- Best Practices for Securing Hadoop
- Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges
- Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks... All Government IT White Papers
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Why Are Customers Really Deploying an NGFW? It seems every IT Security expert is talking about the NGFW, but what are people really doing? This webcast covers 5 real-world customer...
- Charting Your Analytical Future - "Making predictive analytics part of your business processes" Webinar This session will show how predictive analytics can be used throughout the organization by anyone looking for answers and how organizations can make...
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt.
- All Government IT Webcasts