Followers

Tuesday, October 14, 2008

E-Voting Doesn’t Get Computer Scientist’s Vote

Just in time for Halloween and Election Night Fever, a professor at Rice is scaring the crap out of us … well, kind of. Dan Wallach, an associate professor and Director of Rice’s Computer Security Lab, is an e-voting expert who specializes in what-could-go-wrong scenarios.

He’s headed to Austin Wednesday to tell the state senate about all the risky business associated with the computers Texas uses to count its votes. (As in, the ones we’ll be using Tuesday, November 4 to pick the next president.) Back in June, Wallach testified before the Texas House Committee on Elections about the dangers of ES&S, the e-voting computers used by Texas.

“All of these voting machines were vulnerable to what we call ‘viral attacks,’” Wallach tells Hair Balls.

“If you have enough access to [one computer] to be able to get out a screwdriver and monkey around without anybody looking then what you could do is you could replace the software inside the one voting machine,” he says. (So, if you hear any clanking in the booth next you, please notify an official.) Wallach says it’s more likely it would be a poll worker after or before the election who would get the type of access needed, but once one computer is corrupt, it doesn’t take long for all of them to be.

“I compromise one voting machine and then all the voting machines get brought back to the election warehouse,” he says. “Then my evil voting machine talks to the [main] machine that’s tabulating and getting all that stuff and then it hijacks that machine and now it’s evil.” And from there it’s a bad-apple-bunch scenario.

Wallach says there are ways of detecting these types of problems, but they’re not always successful. For one of his Rice classes, Wallach uses Hack-A-Vote, a fake voting computer similar to the ones used in Texas, and tells a group of students to wreak havoc on the system. Then another group of students inspects the machine for possible viruses.

“Many of the subtle hacks escape detection,” he says. These subtle hacks could result in anything from votes being deleted, added or not counted at all. To date, Wallach says there have been no reports of these kinds of problems in real elections.

“There is also no evidence to suggest the absence of an attack like this having been attempted, because if somebody was successful, you’d never know,” he says. “That’s not the sort of thing that gives you warm fuzzies.”

But hacking vulnerabilities aren’t Wallach’s only beef with voting computers. “In terms of technologies we have available today, the best technologies we have involve paper,” he says. “These electronic machines we use in the state, they generate no paper record so if they misbehave you have no way of either detecting it or correcting it.”

So, um, don’t forget to vote and once you voted, don’t forget who you voted for because this one isn’t going to remember.

Dusti Rhodes

Original here

No comments: