Problems with Electronic Voting
by beebe@math.utah.edu
Last updated 2004-05-30
From a posting to the Salt Lake Linux User Group mailing list on Fri, 13 Jun 2003 09:33:16 -0600 (MDT) I'd like to raise a caution here that the issue of electronic voting is a LOT more complex than most citizens and legislators, and even enthusiastic programmers, seem to think. It isn't enough that you verify that the vote-counting program matches the one you got by compiling open source code that you can inspect. For one, subtle bugs can exist that won't be evident from code scrutiny, and might only be discoverable after extensive testing. Read Unix co-architect Ken Thompson's Turing Award lecture ``Reflections on Trusting Trust'', Comm. ACM 27(8) 761--763, August 1984. http://www.acm.org/classics/sep95/ For another, the program isn't the sole location where problems can reside: there are shared libraries, kernel modules, network connections, storage device connections, and others, any of which could be used to intentionally subvert the voting process, or simply by intermittent failure, invalidate the vote. Yet a third is the issue of biological diversity: organisms survive only when at least part of their population is resistant to an attack. The software analogue is the number of independent implementations: far too many operating systems, programming languages, run-time libraries, and even hardware systems, are sole source. Remember the infamous Pentium `divide flaw'. The electronic voting proposals involve one, or a few, suppliers of software and hardware: a single failure could invalidate an entire nation's voting. With paper ballots, we had enormous diversity, with tens of thousands of vote counters, and despite a certain percentage of human error in the counts, as long as ballot-box stuffing and theft can be prevented, and voters allowed to vote in secrecy without fear, it is close to impossible to subvert the process on a wide scale. A few years ago, a state-wide electronic vote in Germany was invalid because rounding errors in vote-percentage calculations were shown to have chosen the wrong candidate: see http://catless.ncl.ac.uk/Risks/13.37.html Here is an essay by leading cryptographer Bruce Schneier, whose writings and books I've extolled before on this list, taken from a crypto-gram newsletter that came out a couple of years ago (archives and subscription information are available at http://www.counterpane.com/crypto-gram.html
See Risks to Public Computers
Pentagon Calls off Voting by Internet
Vanity Fair article on E-Voting - very interesting
article_id 29
|
