journal

eVoting talking points

David Nunez

David Nunez

1 min read

This entry is more of an experiment for me, so move along if it’s uninteresting, please.

I had a late night dinner with Adina last night after the sparsely attended EFF-A board meeting and I mentioned I had trouble articulating the issues & problems around evoting machines so I whipped out my freshly acquired Moleskine notebook (bought on Prentiss’s recommendation) and jotted down a page of talking points.

So here we go:

After the election debacles of a few years ago, localities all around the US have installed evoting machines.

These machines were supposed to be more reliable, more secure, and impervious to tampering.

These machines are supplied by a small set of opportunistic companies who delivered closed systems (i.e. the software and protocols used to implement the system are held as trade secrets by the vendors). The systems are closed because the companies claim this improves security.

However, as these things are going live, it’s becoming aparent that we are discovering horrific security problems with these systems.

For example, a company in Houston is delivering machines that all have the same, unchangeable administer password. This would be like walking into a parking lot where all the cars opened and could be operated with the exact same key.

The flaws are systemic: There are security problems all over the place, from the data transfer protocols to the terminals, themselves.

Also, most systems do not provide a sufficient audit trail for individual votes (ex. printed, hardcopy reciepts) or in the aggregate (ex. the systems seem not to provide logging).

Furthermore, the systems and processes lack transparency, so there is no facility for oversight on the process.

Geeks need to pay attention to this. We have learned via the Open Source that it’s provable that systems that are more open (where the code and protocols are exposed and freely available) are more secure. This is because many more smart people are able to examine the codebase and flaws are discovered and patched much more quickly.

Read more