Wednesday, May 11, 2005
Topic of the Day: Electronic Voting
Today's Topic of the Day was inspired by this Avedon post at Atrios that I read a couple days ago. Some people are really scared of electronic voting. People claim there is no way to make it secure. Well, that's not exactly true...
Before I begin, let me lay out that I consider myself an expert on information security. Although I've never done anything with electronic voting, I have a Bachelor's Degree in Computer Security specializing in Network and Information Security. All of the technical information I'm about to lay out I understand completely and would be happy to answer any questions on the subject.
I recently watched a guest lecture given by a Computer Scientist from Brazil, part of the discussion focused on Brazil's voting system. That is the inspiration for what I'm about to lay out.
There are 4 parts to a voting machine system: hardware, operating system, software, and networking.
1. Hardware. Voting machines won't require any difficult hardware. To the contrary, the hardware should be as common as possible: a typical PC, a touchscreen monitor, and a network card. Now this can be dressed up as professionally as one might like, but the simpler the hardware the more people will trust and be willing to use the machine.
2. Operating System. Whatever OS actually gets used is almost irrelevant so long as its a common OS. I'd prefer an open-source Linux such as Fedora for more transparency. The OS should be cleanly installed the morning of the vote--with representation of both major parties--to ensure that it isn't a hacked OS.
3. Software. Only two pieces of software should be run, the election software, and a hashing software. The election software is straight-forward. The hashing software I'll discuss later. The main thing to remember is that anyone should be able to use either software, the hashing software will simply create a hash of the election software (and even the hashing software itself). Again, I'll discuss the hashing process later.
4. Networking. Until the polling location officially closes, each election machine shouldn't be plugged into any network. Simple. After the election closes the machine, using a digital signature system, communicates with the central computer for each county or state. It is actually fairly trivial to get information securely to a central location, not nearly the problem people might think it is.
Now, obviously the election software itself needs to be secure. This is why the software will be turned over to a team of security experts who will examine the software for security vulnerabilities and backdoors. Once the software is considered safe, the same security experts use the hashing program above to hash the election software. (A hash is a one-way encryption algorithm that generates a "hash" that cannot be reversed) This hash is then printed in all the newspapers in the country prior to the election. Then, on election day, anyone can using that hashing software to check and make sure the software running is the software that was checked by security experts.
The key is to provide both transparency and authenticity. I think Brazil's system does a thorough job of that. It provides just as much, if not more, security than our current system.