E-voting terminals: gambling with data?

http://www.theregister.co.uk/2004/07/20/e_voting_terminals/

snip

If e-voting critics really want to take a lesson from Vegas, they should look at the history of gambling machine security. New means of stealing money still come along from time to time, and new measures are taken to prevent it. There was a time where a piece of aluminum foil could make a slot machine pay out, and there will always be new attacks against these units. Some are trivially simple, and at some point cash will be lost.

There's no reason to think e-voting machines can hold up better. Knowing this, it stands to reason that voting machine security should be concentrated on the aftermath of an attack, and not the attack itself. Regardless of how someone breaks an electronic ballot, the fact that it was broken into must remain the most important point of knowledge - data integrity must be required. The attack vector can be addressed later; we must first know if any votes were tainted, and we need a plan for recovering lost votes.

Other comparisons fare little better than the slot machines. Academics have suggested ATM machines as a model for e-voting machines, and one of the largest e-voting players, Diebold, also makes cash machines. ATMs are very physically secure, and even possess data integrity mechanisms (like having crypto keys embedded in the keypads rather than some extraneous software exchange). But, here, too, the security is directed at protecting cash, not data. Moreover, ATM's are hardly invulnerable themselves: they're increasingly deployed on insecure networks. I write about just this scenario in Syngress' new book, "Stealing the Network: How to Own a Continent".

We've already seen the dangers of applying the wrong kind of security to e-voting. Earlier deployments of Diebold's physically secure voting machines used a Microsoft Access database to store and tally votes. Diebold reportedly left this database anonymously accessible via the Internet, with no password, and no change log. It doesn't matter if the unit could withstand a tactical nuclear missile attack if someone on the Internet could point and click someone into elected office from the comfort of their desktop.


Article written by:

Timothy M. Mullen is CIO and Chief Software Architect for AnchorIS.Com, a developer of secure, enterprise-based accounting software. AnchorIS.Com also provides security consulting services for a variety of companies, including Microsoft Corporation.