Saturday, March 23, 2013

Review of "Broken Ballots: Will Your Vote Count"

Broken Ballots: Will Your Vote Count?,” by Douglas W. Jones and Barbara Simons, is a tour de force review of the history and current state of voting technology security. The authors (who were key players in security reviews of a number of electronic voting systems, as well as in voting technology policy discussions at the local and national level) provide us with unique insights into the technical, procedural, policy, and even political difficulties of assuring election integrity.

The central challenge in voting systems, from a security perspective, is the absolute requirement for ballot secrecy (to prevent coercion or vote-buying) while ensuring that all eligible voters are allowed to vote, but no more than once per election. The notion of an eligible voter implies some sort of authentication system, while secrecy demands that in spite of authentication, ballots not be linkable to individual voters. Requirements for massive scalability, efficient vote tabulation, usability, accessibility for voters with a range of disabilities, ballots containing multiple races, and cost-effectiveness impose additional complexity on voting systems. This book explores how technology has attempted to achieve these conflicting goals, and how the complexity has often created vulnerabilities that threaten election integrity, which in turn, has required technology to evolve.

“Broken Ballots” documents a large number of case studies of security concerns on a variety of electronic voting technologies, including Direct Recording Electronic (DRE) and Internet-based systems. An entire chapter is devoted to the missteps of Diebold, “the poster child of much that is wrong with DREs”, including overt partisanship suggesting vote rigging, hiding poor coding and deployment practices behind a screen of “trade secrecy”, circumventing the voting software Independent Testing Authority and certification process, use of programmers who had previously been convicted of computer-based fraud, and harassment of independent researchers who disclosed the existence of vulnerabilities. Another chapter is devoted to risks associated with Internet voting, quite similar to those characteristic of e-commerce, including server-based attacks, client-side malware, phishing, counterfeit sites, man-in-the-middle attacks, DDoS, the loss of ballot secrecy (a risk specific to voting).

Lest we be tempted to return to simpler times before touch screens and the Internet, the authors provide a fascinating history of voting technologies and attacks on them, from voice vote to ballot boxes to punch cards. (Who knew that lever voting machines were susceptible to jammed gears?)

The authors describe the challenges associated with developing meaningful voting standards and critique a number of failed attempts (such as the 2002 Help America Vote Act and several of its revisions.) They leave us with a number of concrete recommendations for improving the integrity and transparency of elections, including:
• Development of uniform election standards (technological as well as procedural requirements)
• Technological support for audits and mandatory post-election audits
• Greater vendor accountability
• Revamping voter enfranchisement laws
• Explicitly forbidding Internet (as well as fax and phone) voting until significant security breakthroughs have been achieved

“Broken Ballots” should be largely accessible to a non-technical audience, but those with IT experience will respond more viscerally to the cringe-worthy practices it documents. The CISSP will appreciate the thoroughness of the analysis, as it touches on practically every domain of the CBK, from physical security to secure coding practices to governance. The case studies it cites are primarily (though not exclusively) US-based, but the principles these illustrate are universal. It is not a quick read, and at times feels a bit shopping-listy, but it is well-worth working through it, and should be of interest to every adult citizen of any country that conducts elections.

This review appears on the ISC2 book review section.

Monday, March 11, 2013

Inquiring minds want to know

So don't ask me why...really don't...I have no idea...but I was struck this morning by the similarity between the words "require" and "quiero" (Spanish for "I want"). Perhaps I've been working on requirements too much lately. In any case, what is a requirement, after all, but something I want?

In such intriguing cases, I generally resort to my handy dandy Random House College Dictionary (acquired when I was in Grad School) which often provides helpful etymological information. Paydirt!

Unsurprisingly, Require, Acquire, Inquire, Query, Quest, Question all originate from the Latin quaerere, to seek, ask.

That's as distinguished from Quarry, which, according to Merriam Webster Online (now that I've put away my dictionary) is derived from the French cuir (skin, hide), which, itself, is derived from the Latin corium (which also gives us Excoriate). Which is weird because if you'd asked me, I'd have said that a lot of hunters seek quarry. In fact one of the definitions that Merriam Webster offers for quarry is "one that is sought or pursued." And then there's the stone quarry, which is totally unrelated and comes from the Latin quadrus meaning square (as in a square block of stone).

Who gets to decide the official etymology, anyway?