Election hacking

Voting is a sacred right and an awesome responsibility. My Greek heritage makes me proud of the origin of voting, while my American citizenship makes me a beneficiary of its strongest instantiation. As a security expert, I am deeply suspicious of electronic voting machines, especially those that do not have auditable logs. So it is no surprise to me that the rush to adopt paperless, non-auditable electronic voting machines has subverted trust in the process and outcome of elections. The most recent example comes from the South Carolina primary.

What would your ultimate network security look like?

The South Carolina primary is a perfect example of an imperfect election. The result of the Democratic primary has propelled a relatively obscure candidate into a victory that has many scratching their heads. Rep. James Clyburn recently told reporters, "I believe there was some hacking done into that computer," referring to electronic voting machines. It's quite easy to dismiss these claims as the sour grapes of a party that didn't get the result it wanted. But where should we place the burden of proof? Are election results simply an assertion or are they assumed to be validated as true and accurate?.

Fortunately, we can look at the precinct results and perform some statistical analysis. According to Benford's law, we can expect that the first and second digit of the election results will follow a predictable statistical distribution, if those election results are the outcome of a real election. If the numbers are "made up" then the distribution will deviate by a measurable amount. Dr. Walter Melbane, a political science and statistics professor at the University of Michigan, analyzed the South Carolina primary results with second-digit Benford's law analysis and came to the conclusion that such results could only occur "by chance" 10% of the time. A different way of stating this result is that 90% of such number distributions are manufactured, not natural. Interestingly, the same process showed even less confidence in Iran's last election -- 5%.

Which brings us back to the voting machines: How have we reached the point where the only way to audit an election is statistics? Why can't we get a robust, audited and validated election result? The simple answer is that we can, but we choose not to. If you withdraw money from an ATM, you get a paper receipt and the bank gets a paper trail. With billions of transactions worldwide, the number of disputes with ATM transactions is negligible. If you put a quarter in a slot machine in Vegas, the Nevada Gaming Commission ensures that you will have a fair chance at winning, regardless of the manufacturer of the machine. Not only are the machines scrutinized and tested rigorously, the entire process of procurement, distribution, installation and maintenance is hawkishly monitored and inspected.

We can do better with voting machines, but we choose no to. The process is fragmented into 50 states, each with its own vendors, machines, processes and laws. Until we have a federal, robust and consistent standard for voting machines, the best solution is paper and pencil. It is auditable, secure, repeatable, easy and robust. It's just not fast. Then again, who said election results should be fast? I'd rather have "true elections" than "fast elections" myself. Until then, it's paper ballots by mail for me.

Learn more about this topic

Security: Risk and Reward

Security experts, hackers question AT&T's iPad data safety claim
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2010 IDG Communications, Inc.