verbosity

Take her home, he said

And so the trade is complete. I leave you with only pictures.

That last one makes for a damn nice desktop background.

Your opinion doesn't count

As a computer aficionado, one would assume I'd be supportive of replacing paper ballots with electronic voting. That assumption would be correct. I even like the side-effect of saving paper (and thus trees, and trees are happy). However, replacing any traditional service or procedure with a computerized version brings about a wealth of security concerns. Computers just make things easier and faster, and that goes for both sides of the law. Those with sinister motives often even gain the upper hand when something is brought into the digital realm: Tampering becomes easier to execute and harder to detect; Once-laborious means of attack can be automated and carried out with incredible speed; If the system in question is attached to the Internet, your adversary can be anywhere in the world, and your number of potential attackers becomes staggering.

I won't waste time rephrasing general concepts that security expert Bruce Schneier has already covered well in his books Secrets and Lies and Beyond Fear; let's get to specifics about electronic voting. Diebold. They make ATMs, vaults, access-control systems, and now electronic voting machines. Sounds like a company that understands security well, doesn't it? Then why have Diebold's voting terminals come under fire so frequently in the news?

Paper-trail issues?
Built-in tampering?
Dubious executive motives?
Questionable "independent" reviews?
Undisclosed source code?

The list goes on. There is days upon days worth of reading material out there to make even the most trusting person skeptical. My good friend Matt has become so distrusting of Diebold based on their voting machine issues that he now refuses to use even their ATMs. Can't say that I disagree with him.

Black Box Voting performed a demonstration yesterday of mutiple, grevious problems with Diebold's machines. They even went so far as to hack the machine's results using only a chimpanzee (the possibly monkey-based puns here are endless). Articles based on that event are sparse given the recentness, but they're starting to pop up. (If you oppose useless demographic-information collection, just use BugMeNot.com for a login)

Any electronic voting system should obviously come under close scrutiny. Any system created by a for-profit company should be analyzed that much more. Diebold's scorecard so far doesn't look that great. I'm not fundamentally opposed to a company trying to make a buck while providing a service to the people at large, but it does complicate matters. Bribery and ulterior motives are a big risk. Systems stay closed (and protected by law where possible) to prevent competition, which makes review difficult. Perhaps sensitive issues like voting should only be handled by non-profit organizations, with source-code and system design being open for review by anyone? Not that open-source guarantees security, as tampering can be done anywhere (paper written in 1984!) from in microcode to at the compiler level or higher, the installed software may not be produced from the code actually reviewed (volunteers needed to audit the code diff, compile, checksum computation, installation, and checksum verification at the least), or unauthorized software could be introduced. The attack vectors are numerous.

Vote with paper until a decent computer voting system has been built, a system that can be reasonably trusted because it is open to review, has been reviewed, and found worthy. Cryptography taught us that lesson long ago. As it is, electronic voting courtesy of Diebold is so untrustworthy that voting using one of their machines is probably equivalent to not voting at all.