With so much happening in the technology and technology policy fields, it is a rare day that computer experts focus on one particular issue. So it seems pretty significant that several blogs and news reports with quotes from well-respected computer scientists are focusing on a new report by Harri Hursti for blackboxvoting.org outlining several new serious security flaws. While many of the details of the report have been redacted, apparently the most significant flaw is a well-known exploit that can be used to completely compromise the machine including vote counting, using widely available tools. The ease with which this security hole can be used and the relatively trivial knowledge it requires has shocked computer scientists.
I’ve just started reading the short report, but let me put up pointers to the stories and blog posts which outline the issue very well:
- Inside Bay Area.com report
- New York Times’report
- Post by Ed Felten and Avi Rubin on Freedom-to-tinker
- Post by Bruce Schneier on Schneier on Security Blog
ACM issued a statement in 2004 calling for voting systems to have a physical (e.g., paper) record to verify that individual’s vote has been accurately cast. That statement also called for all voting systems to “embody careful engineering, strong safeguards, and rigorous testing in both their design and operation.”