[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IEEE Symposium: "this voting system is unsuitable for use in a general election..."

To: "'Citizens for Verifiable Voting'" <cvv-discuss@xxxxxxxxxxxxxxxxx>
Subject: IEEE Symposium: "this voting system is unsuitable for use in a general election..."
From: "Pete Klammer" <pklammer@xxxxxxxxxxx>
Date: Thu, 15 Jul 2004 13:47:25 -0600
Delivered-to: mailing list cvv-discuss@coloradovoter.net
List-help: <mailto:cvv-discuss-help@coloradovoter.net>
List-post: <mailto:cvv-discuss@coloradovoter.net>
List-subscribe: <mailto:cvv-discuss-subscribe@coloradovoter.net>
List-unsubscribe: <mailto:cvv-discuss-unsubscribe@coloradovoter.net>
Mailing-list: contact cvv-discuss-help@coloradovoter.net; run by ezmlm
Organization: Klammer Family
Reply-to: <pklammer@xxxxxxx>
Thread-index: AcRqpI2IvdWGGOsMS92+gMmxcALShg==

Read it all at http://avirubin.com/vote/analysis/index.html

Analysis of an Electronic Voting System
IEEE Symposium on Security and Privacy, Oakland, CA, May, 2004. 
Authors 
Tadayoshi Kohno 
Adam Stubblefield 
Aviel D. Rubin 
Dan S. Wallach 

Abstract 
With significant U.S. federal funds now available to replace outdated
punch-card and mechanical voting systems, municipalities and states
throughout the U.S. are adopting paperless electronic voting systems from a
number of different vendors. We present a security analysis of the source
code to one such machine used in a significant share of the market. Our
analysis shows that this voting system is far below even the most minimal
security standards applicable in other contexts. We identify several
problems including unauthorized privilege escalation, incorrect use of
cryptography, vulnerabilities to network threats, and poor software
development processes. We show that voters, without any insider privileges,
can cast unlimited votes without being detected by any mechanisms within the
voting terminal software. Furthermore, we show that even the most serious of
our outsider attacks could have been discovered and executed without access
to the source code. In the face of such attacks, the usual worries about
insider threats are not the only concerns; outsiders can do the damage. That
said, we demonstrate that the insider threat is also quite considerable,
showing that not only can an insider, such as a poll worker, modify the
votes, but that insiders can also violate voter privacy and match votes with
the voters who cast them. We concludethat this voting system is unsuitable
for use in a general election. Any paperless electronic voting system might
suffer similar flaws, despite any "certification" it could have otherwise
received. We suggest that the best solutions are voting systems having a
"voter-verifiable audit trail," where a computerized voting system might
print a paper ballot that can be read and verified by the voter. 

 --
Pete Klammer / ACM(1970), IEEE, ICCP(CCP), NSPE(PE), NACSE(NSNE)
    3200 Routt Street / Wheat Ridge, Colorado 80033-5452
  (303)233-9485 / Fax:(303)274-6182 / Mailto:PKlammer@xxxxxxx
 Idealism may not win every contest, but that's not what I choose it for!

Prev by Date: Ya gotta see this
Next by Date: Sedalia, MO: "touch-screen voting machines are more expensive than using paper ballots"
Previous by thread: Ya gotta see this
Next by thread: Sedalia, MO: "touch-screen voting machines are more expensive than using paper ballots"
Index(es):
- Date
- Thread