Happy New Year! We usher in 2007 with a continuing story from last year — security and e-voting machines.
Computerworld has a good interview with Eugene Spafford, USACM’s Chair and Director of Purdue’s Center for Education and Research in Information Assurance and Security (CERIAS) on the security of e-voting issues. The focus of the interview is on the recent federal action to create new “software independence” standards by the Technical Guidelines Development Committee, which is charged with drafting the federal technical standards for voting machines. We covered these actions in detail (1, 2, 3) and in our last newsletter.
Here is an excerpt from the interview:
Spafford: Not yet. The reason is that the issue is still not well understood by a number of local officials. Some of us in the community perhaps have not done the best job in describing the issue. We’re worried about the security aspects, but we’re also worried about reliability. For instance, what has happened in the Florida race is probably not a security breach. It’s probably poor design or machine failure.
But we have no way of knowing what the voter intent was because there was no independent audit trail.
One of the ways we can capture attention is talk about security failures. The people at local elections level, when we have raised these arguments, have taken a sort of personal umbrage. First, we’re calling into question their judgment for buying the machines in the first place, and second, we’re implying that their procedures are faulty or the people involved are dishonest.
That isn’t going to enlist their support in moving to better systems. We need to convey to them that it’s in the interest of the population to have greater confidence in elections.
Look for more e-voting issues throughout the year on this blog!