[ISN] Security fix assures long election nights

InfoSec News isn at c4i.org
Mon Oct 24 09:09:36 EDT 2005


Forwarded from: matthew patton <pattonme at yahoo.com>

Diebold couldn't have gotten a more sympathetic article. Now we'll
have votors demanding that security be tossed to the wind because they
can't wait 8 let alone 48 hours to get a tally. And all those
blathering TV pundits will be denied their right to mindlessly repeat
"we have no new news, but this is what we know" for 8 hours straight.

> "The fact we now have a slight delay over what we had two years ago
> is, I think, a worthy trade-off for enhanced security," Cox says.

At least Cox has a little perspective.

> - but there ought to be a balance between security and speed so we
> can enjoy the excitement of election night."

some people need a reality checkup.

> The software was added to all voting machines last spring. It
> encrypts the transmission of election data from precincts to county
> election headquarters, making electronic vote tampering, internally
> or externally, more difficult.
> 
> Votes from machines are now coded onto a data card. Then, those
> cards have to be decoded and counted by a computer before the vote
> is official.

Ok, the above is probably the result of a jouno who simply doesn't
comprehend the subject material. But even so, since when is the lack
of encryption on the card anywhere CLOSE to being the problem that has
blasted Diebold (and other) machines? A 'vote' is but 1KB of data if
even that much. You mean to tell me Diebold machines run on 8086 CPU's
and are trying to crunch a 1024bit AES key be it symetric or asymetric
encryption?

> "I'm sure you will talk to people in this state who think we can
> never have too much security," she says. "Certainly I think this
> enhancement was a good thing for our machines."

How exactly? Where is the audit trail on the software itself? Where is
the resolution of the multiple ledger issue? Where is the verification
that votes are even counted right? While it may be 'nice' to know that
the card is encrypted as it is transfered 10ft over the air-gap
between voting station and the counting machine, or that purhaps the
counting machine won't honor an "illegal" card, physical security was
never the issue.

> Even though there hasn't been a recorded incident of fraud involving
> the system, some people simply don't trust it.

and why shouldn't EVERYbody not be leary? Heck, I wouldn't trust the
punchcard/optical machine either if it's summation software were not
available for inspection.

> To pacify uneasy voters, the state is considering retrofitting the
> machines with printers so voters could double-check their on-screen
> choices. Creating a paper trail could slow the vote count even more
> - if those ballots were used in the official count, says Cox's

printing the screen does NOTHING to legitimize the software or the
process. The computer could have written one thing to disk/card and
another to the printer. And the counting machine could take the vote
(card, barcode, OCR scan) and muck with it all it wants to while doing
the tabulation process.

The point is that every step of the process has to be fully disclosed
and beyond reproach. Frankly I think every voting station should have
a 2nd vote-counter from a different supplier that uses the nation-wide
open-vote format to independently tabulate votes. As somebody wrote a
year or so ago, why are the slot machines under vastly better security
than the voting infrastructure? The financial rewards of tampering
with an election FAR exceed mucking with betting machines.





More information about the ISN mailing list