How to Steal an Election by Hacking the Vote - repo.zenk-securit...
How to Steal an Election by Hacking the Vote - repo.zenk-securit...
How to Steal an Election by Hacking the Vote - repo.zenk-securit...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
http://arstechnica.com/articles/culture/evoting.ars<br />
when it's exploited, so let's all hope <strong>an</strong>d pray that November 7 falls within that time<br />
window.<br />
In <strong>the</strong> medium- <strong>an</strong>d long-term, it is just as much of a certainty that m<strong>an</strong>y of <strong>the</strong>se<br />
vulnerabilities will be exploited as it is that, say, major new Windows <strong>securit</strong>y<br />
vulnerabilities will be exploited. Indeed, <strong>the</strong> stakes in stealing <strong>an</strong> election are much,<br />
much higher th<strong>an</strong> <strong>the</strong>y are in <strong>the</strong> kind of petty hacking that produces <strong>to</strong>day's thriving<br />
ecosystem of PC viruses <strong>an</strong>d troj<strong>an</strong>s. I've outlined <strong>the</strong> way (already widely known) in<br />
this article, <strong>an</strong>d I don't doubt that someone, somewhere, has <strong>the</strong> will <strong>to</strong> match that<br />
way. Unless <strong>securit</strong>y practices <strong>an</strong>d elec<strong>to</strong>ral procedures are upgraded <strong>an</strong>d<br />
st<strong>an</strong>dardized across <strong>the</strong> country, <strong>an</strong>d unless me<strong>an</strong>ingful auditability is m<strong>an</strong>dated<br />
(preferably a voter-verified paper trail) nationwide, <strong>the</strong>n <strong>the</strong> probability of a largescale<br />
election <strong>the</strong>ft taking place approaches certainty <strong>the</strong> longer we remain<br />
vulnerable.<br />
In conclusion, let me summarize what I hope you'll take home with you after reading<br />
this article <strong>an</strong>d thinking about its contents:<br />
• Bits <strong>an</strong>d <strong>by</strong>tes are made <strong>to</strong> be m<strong>an</strong>ipulated; <strong>by</strong> turning votes in<strong>to</strong> bits <strong>an</strong>d<br />
<strong>by</strong>tes, we've made <strong>the</strong>m orders of magnitude easier <strong>to</strong> m<strong>an</strong>ipulate during<br />
<strong>an</strong>d after <strong>an</strong> election.<br />
• By rushing <strong>to</strong> merge our nation's election infrastructure with our computing<br />
infrastructure, we have prematurely brought <strong>the</strong> fairly old <strong>an</strong>d wellunders<strong>to</strong>od<br />
field of election <strong>securit</strong>y under <strong>the</strong> rubric of <strong>the</strong> new, rapidly<br />
evolving field of information <strong>securit</strong>y.<br />
• In order <strong>to</strong> have confidence in <strong>the</strong> results of a paperless DRE-based<br />
election, you must first have confidence in <strong>the</strong> personnel <strong>an</strong>d <strong>securit</strong>y<br />
practices at <strong>the</strong>se institutions: <strong>the</strong> board of elections, <strong>the</strong> DRE vendor, <strong>an</strong>d<br />
third-party software vendor whose product is used on <strong>the</strong> DRE.<br />
• In <strong>the</strong> absence of <strong>the</strong> ability <strong>to</strong> conduct a me<strong>an</strong>ingful audit, <strong>the</strong>re is no<br />
discernable difference between DRE malfunction <strong>an</strong>d deliberate tampering<br />
(ei<strong>the</strong>r for <strong>the</strong> purpose of disenfr<strong>an</strong>chisement or altering <strong>the</strong> vote record).<br />
Finally, it's worth reiterating that optical sc<strong>an</strong> machines are vulnerable <strong>to</strong> m<strong>an</strong>y of<br />
<strong>the</strong> same exploits as <strong>the</strong> DREs on which this article focuses. Optical sc<strong>an</strong> machines<br />
do leave a paper audit trail, but that trail is worthless in a state (like Florida) where<br />
m<strong>an</strong>ual audits of optical sc<strong>an</strong> ballots are not undertaken <strong>to</strong> clear up questions about<br />
<strong>the</strong> unexpected returns from certain precincts. I've been <strong>to</strong>ld that such audits are<br />
now prohibited in Florida <strong>by</strong> law in <strong>the</strong> wake of <strong>the</strong> 2000 voting sc<strong>an</strong>dal.<br />
Copyright © 1998-2006 Ars Technica, LLC<br />
22