Share on Google Plus Share on Twitter Share on Facebook Share on LinkedIn Share on PInterest Share on Fark! Share on Reddit Share on StumbleUpon Tell A Friend 1 (1 Shares)  
Printer Friendly Page Save As Favorite View Favorites View Stats   1 comment

OpEdNews Op Eds

Trust the vote? Not in DC!

      (Page 1 of 1 pages)
Related Topic(s): ; ; ; ; ; ; ; , Add Tags Add to My Group(s)

Must Read 2   Valuable 2   News 1  
View Ratings | Rate It Headlined to H2 11/8/10

- Advertisement -
I was shocked to read on the DCBOEE's website (at <>) that they had decided to proceed with the use of the voting system they obtained from OSDV to collect Internet ballots in the November 2, 2010 general election, despite it having been proven to be highly flawed in terms of both security and integrity. I have become increasingly concerned that the recent wave of "voting hack exhibitions" are having the reverse effect. I'm not saying that these experiments shouldn't continue, but by somehow validating that the systems have been subjected to "testing" (even when this testing exposes massive vulnerabilities), the vendors and election officials seem to feel that it is appropriate to go ahead with deployment of these products. "At least we know [some of] the problems" is no way to run elections.

A lengthy October 22nd posting by Gregory Miller at the OSDV's TrustTheVote Project blog (at <>) underscores this "head in the sand" attitude by lauding the fact that "the District owns 100% of the source code, which is fully transparent and open source" as somehow a good thing. Actually this "ownership" means that the DC Election Officials had the freedom to deploy it, and they apparently did do so, despite knowing that it was vulnerable to international attack.

Does the DCBOEE really think that their website admonishment about the paltry $10,000 fine and possible imprisonment is going to stop anyone, especially foreign hackers (who may not be subject to US laws), from using proxy servers to avoid detection? Does the OSDV truly believe that the DCBOEE has the ability to detect tampering if it occurs? And if they discover that the system was hacked during the election, do they have a plan to allow the affected voters to recast their ballots in a secure way? Heck, when consumer electronics or automobiles are discovered to have systemic problems, they are RECALLED! Shouldn't the OSDV folks be ashamed of themselves for not including a clause in their distribution that IMMEDIATELY RECALLS THIS PRODUCT and ENSURES IT WOULD NOT BE USED IN ANY ACTUAL GOVERNMENT ELECTION, if any vulnerabilities test or subsequent data exposes it as insecure and/or unreliable?

Even more disconcerting is the cavalier attitude by the DCBOEE, in deciding to go ahead with this moronic experiment, knowing that the system was so massively flawed. This proves EXACTLY WHAT I (and others) HAVE ALWAYS SAID ABOUT OPEN SOURCE VOTING -- even if OSDV had been able to provide an update to remedy all of the KNOWN problems, there would be no time to adequately test it, and there would be no way for the voters to ensure that the CORRECTED version (and not a flawed or hacked one) is being used at the time of the election.

Open source voting thus provides a false sense of security about electronic elections, which this sad experience has vividly demonstrated. As Ken Thompson said in 1984: "You can't trust code that you did not totally create yourself. No amount of source-level verification or scrutiny will protect you from using untrusted code." This is still true, whether the election community, seemingly well-intentioned developers, and security experts want to believe it or not. Transparency is NOT equivalent to Trust, especially in voting systems.

Don't get me wrong, of course I believe that open source is a good thing for many types of applications -- voting (especially over the Internet or in fully electronic systems) just is NOT one of these. Sure, all aspects of voting systems must be open to thorough review. But the voting problem CANNOT BE SOLVED using open source. (If this sounds like a contradiction, it is, as I described in my doctoral dissertation, downlodable at <>, because there is an inherent conflict in the ability to create a trusted system that also provides full anonymity.) Our election integrity colleagues must ensure that these points are made whenever they demonstrate vulnerabilities. Anyone who allows voters, election officials, and members of the press to think otherwise is contributing to this outright fraud. Perhaps if the VENDORS are fined $10,000 and threatened with jail sentences, this charade will finally end.
- Advertisement -

Rebecca Mercuri.
- Advertisement -

Rebecca Mercuri has been in the forefront of the voting integrity movement since 1989. She provides expert witness services for elections and other forensic computing matters.

Share on Google Plus Submit to Twitter Add this Page to Facebook! Share on LinkedIn Pin It! Add this Page to Fark! Submit to Reddit Submit to Stumble Upon

Go To Commenting

The views expressed in this article are the sole responsibility of the author and do not necessarily reflect those of this website or its editors.

Writers Guidelines

Contact AuthorContact Author Contact EditorContact Editor Author PageView Authors' Articles
- Advertisement -
Google Content Matches:

Most Popular Articles by this Author:     (View All Most Popular Articles by this Author)

FBI vs. Apple: Fake Fight?

National Popular Vote Returns to California

Homebuyer Stimulus Plan -- Won't Work -- Do the Math

Connecting the Dots? Rush Holt, HR 811, and Avante International

COTS and Other Electronic Voting Backdoors

Hawai'i's Instant Runoff Legislation -- Veto Needed