I agree that the issues around voting
security in public elections are not the same as ATM or commercial banking
security. If we look as the consequences of a failure of voting security, they
are very different to anything else.
First, an election can always be rerun
should a failure of voting security be detected in time and recovery action
needed, even though this may be embarrassing for one of the leading democratic
nations.
Second, the democratic process will highlight
major failures in voting security that have an immediate and obvious impact on
the result. This was seen in the Ukraine and other counties in recent years. So a large scale
breakdown of voting security has a natural detection element to it in the democratic
processes.
Third, If there was a major breakdown
of voting security that remains undetected and not corrected by the
normal democratic processes, then potentially a nation could have a in effect
an “illegal” government.
It is this third consequence of having an
undetected compromise of security at the time of the election event which is
the major risk. Take the scenario of one nations foreign intelligence agency
influencing the result of another nations elections by cracking the security of
the voting systems, keeping that secret until it wishes to undermine that
government. This situation would be intolerable for a leading democratic nation,
and very bad for any nation and the world.
In summary, one needs to look at the
consequences (in security terms normally called the “impact”) before
doing any comparisons between voting security and the security of other systems
open to and used by the public. The security of public voting system is very
very important to the democratic world. Public verifiability is critical and
not so easy to achieve.
-----Original Message-----
From: David Petraitis
[mailto:david.petraitis@oasis-open.org]
Sent: 25 October 2005 07:35
To: David RR Webber (XML)
Cc: Paul Spencer;
election-services@lists.oasis-open.org; sibain@tendotzero.com
Subject: Re: [election-services]
GAO report on election system security
David, Paul, Simon, and
others on the list,
The issues in voting security are NOT the same as ATM security. The issue at
the base is not financial fraud but voting fraud i.e. the hijacking of an
governmental election in a democracy. I.e. the placing of a candidate (or
passing of an issue) that the people did not vote for. Who wants to live in
that democracy - even if they can SMS and have their bank accounts secured?
David RRW states below that billions are spent on elections - and this is
right. But the issue is not that these billions may have been fraudulently
taken for someone's (a fraudster or thief's) benefit - but that the vote is
"fixed". I think the comparison of voting and banking systems *may
not* be the best metaphor to use. Imagine if in exit polls of an ATM machine
you were asked your bank balance! In some ways the "average" citizen
values his vote less than his money. In other ways the vote is *more* valuable
to those who would want to fix an election and to those who would like to
promote and protect democracy.
Likewise the comparison of American Idol polls and e.g. Presidential Election
polls - while we may debate whether presidential elections are beauty contests
or not - may also put a spin on the debate that is not in the best interests of
the people who are promoting electronic voting (us). We need to seriously
address the unique security issues of electronic voting systems - which
DRRW did in a ppt "Trusted Logic Voting Systems" not too
long ago posted on the OASIS site. We need to make metaphoric comparisons
carefully and point out the flaws in the comparisons (SMS though ubiquitous and
somewhat trusted by the naive user is not secure, ATM's do not promote
anonymity,...) Let's focus on a careful reading of the GAO report and posting
some positive ways to promote secure electronic voting.
One debate which I would be interested in mooting on this list is: "Is
secure electronic voting compatible with proprietary software solutions in the
space? How and How not?
Keep those votes coming in!
David Petraitis
p.s. Off to my wading through 107 turgid pages of GAO prose!!!
David RR Webber (XML) wrote:
Just because the average
citizen can grok SMS does not mean it is a safe and reliable means of accurately
running a serious voting application.
Notice in the USA here
they had to re-do an American Idol poll because someone made a glitch in how
SMS votes were routed to the various counting buckets. This stuff is just
too hard to accurately audit and ensure there has not been any sophisticated
manipulation of the results.
In the USA literally
billions of $$$ are on the line in each Presidential Election - so the stakes
are so high - everyone has to be more than just "used to it" to make
sure it is not being compromised by sophisticated agents.
I've looked at company
voting services - they seem the last place where open standards may sell - they
all want closed systems that lock in their clients. Unless somoene like
the EU mandates - a la XBRL - that they have to use EML - they are not going to
- is my assess there!
-------- Original Message --------
Subject: RE: [election-services] GAO report on election system security
From: "Paul Spencer" <paul.spencer@boynings.co.uk>
Date: Mon, October 24, 2005 12:35 pm
To: <sibain@tendotzero.com>,
"David RR Webber (XML)" <david@drrw.info>
Cc: <election-services@lists.oasis-open.org>
I think SMS voting is being pushed by politicians in the UK on the basis
that "if millions of 18-24s vote by SMS on Big Brother, they will vote in
parliamentary elections as well if they can use SMS". Making democracy is
interesting(?) as Big Brother doesn't seem to enter the equation, any more
than security.
Simon is absolutely right that those who understand the issues should do the
educating. If we could get e-voting (preferably using EML) adopted in less
controversial areas, the acceptance would increase. This probably means the
private sector and remote voting. There are a limited number of companies in
the UK that manage much of the voting for unions and company AGMs. Perhaps
these are the people (or their customers) we should be convincing. Thinking
aloud though, companies may not want people voting themselves at their AGMs
rather than just appointing the chairman as a proxy with no guidance on how
to use their votes.
Regards
Paul, from an equally wet and windy southern'ish UK
> -----Original Message-----
> From: Simon Bain [mailto:sibain@tendotzero.com]
> Sent: 24 October 2005 15:40
> To: David RR Webber (XML)
> Cc: election-services@lists.oasis-open.org
> Subject: RE: [election-services] GAO report on election system security
>
>
> Hi,
>
> Agreed about the reconcilliation. However.
>
> It is still a percieved threat/worry. And as such we should not ignore or
> throw it to one side. Just as we should not let it lead us. What we need
> to do is participate and educate.
>
> There is always a concern about the unknown, what we as "informed
> users/developers/" should do is show people that there concerns are
> understandable, but can be proven to be incorrrect.
>
> It is an educational job. This is of course easier said than done, and is
> best suited to the actual adoption of electronic voting. As using is by
> far the best method of allaying fears.
>
> On a slightly perverse note I do not think that the general public has
> such fears as in the UK. (So called informed people may, and these maywell
> be publisiced, but the general public?). People in some areas actually
> want to use text messaging (SMS) to vote... Something that I would never
> do because of the security risks. The reasons I believe that they do not
> percieve risks here is:
>
> 1) They use SMS hourly (minutely in the case of my kids)
> 2) we have telivision programms in the UK which ask for votes to be sent
> in by SMS
> 3) It has been aorund for what seems like ever.
>
> In other words people are now comfortable with the technology.
>
> This is where evoting in whatever guises needs to get to. Once it has been
> used by a critical mass "successfully" then most fears will be
allayed.
> Just as they were with:
>
> on line banking
> and
> on line tax returns
>
> All the best from a warm wet and windy eastern'ish UK
>
> Simon
> --
> Simon Bain
> TENdotZERO
> Mobile: 07793 769 846
> Office: 0845 056 3377 - 44 (0) 1234 359090
> Fax: 44 (0) 208 882 9411
>
> <quote who="David RR Webber \(XML\)">
> > Simon, Unfortunately while on the surface they may appear
similar -
> > there are key differences. The most obvious is that in banking
you are
> > able to ultimately reconcile your monthly activity with your paper
> > transactions, and also have that overall statement. In voting
> - because
> > of the need for privacy you do not have that ultimately tracability.
> > Notice also that most deployed systems do not have even paper
> trails. And
> > then there is the issue of transparency. IMHO I believe the
GAO is
> > clearly seeing the right things in terms of the significant
> gaps yet to be
> > fixed here to get to that same level of trust as e-Banking. DW
> >
> >
> > -------- Original Message --------
> > Subject: Re: [election-services] GAO report on election system
security
> > From: "Simon Bain"
> > Date: Mon, October 24, 2005 2:23 am
> > To: "David RR Webber (XML)"
> > Cc: election-services@lists.oasis-open.org
> >
> > David hi.
> >
> > Are these not the same fears that users had for online banking?
> >
> > Which although there are headline cases, has proved to be very
securre.
> > With the majority of bank accounts in the UK at least now having
online
> > access.
> >
> > I think the biggest hurdle for electonic voting is user perception.
So
> > training / education would be a large part of any installation.
> Just as it
> > was when we first had the ballot box, which (although before my time)
I
> > believe people were very distrusting of.
> >
> > Cheers
> >
> > Simon
> > --
> > Simon Bain
> > TENdotZERO
> > Mobile: 07793 769 846
> > Office: 0845 056 3377 - 44 (0) 1234 359090
> > Fax: 44 (0) 208 882 9411
> >
> >
> >> The GAO produces 107 page report on security of voting
> systems The GAO
> >> has released a 107 page on the security of voting systems today.
> >>
> >> What the GAO found -
> >>
> >> "While electronic voting systems hold promise for improving
> the election
> >> process, numerous entities have raised concerns about their
> security and
> >> reliability, citing instances of weak security controls, system
design
> >> flaws,
> >> inadequate system version control, inadequate security testing,
> >> incorrect
> >> system configuration, poor security management, and vague or
incomplete
> >> voting system standards."
> >>
> >> Examples of Voting System Vulnerabilities and Problems:
> >>
> >> • Cast ballots, ballot definition files, and audit logs
could be
> >> modified.
> >> • Supervisor functions were protected with weak or easily
guessed
> >> passwords.
> >> • Systems had easily picked locks and power switches that
were exposed
> >> and
> >> unprotected.
> >> • Local jurisdictions misconfigured their electronic voting
systems,
> >> leading to election day problems.
> >> • Voting systems experienced operational failures during
elections.
> >> • Vendors installed uncertified electronic voting systems.
> >>
> >> The full 107 report is here.
> >>
> --------------------------------------------------------------------- To
> >> unsubscribe from this mail list, you must leave the OASIS TC that
> >> generates this mail. You may a link to this group and all
your TCs in
> >> OASIS at:
> >> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe from this mail list, you must leave the OASIS TC that
> > generates this mail. You may a link to this group and all your
TCs in
> > OASIS
> > at:
> > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
> > ---------------------------------------------------------------------
To
> > unsubscribe from this mail list, you must leave the OASIS TC that
> > generates this mail. You may a link to this group and all your
TCs in
> > OASIS at:
> > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail. You may a link to this group and all your
> TCs in OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that generates
this mail. You may a link to this group and all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. You may a link to this group and all your TCs in OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php