Monday, April 24, 2006

Voting machines

Saturday I was at the county democratic convention and had the chance to try out one of the Diebold voting machines that will be used for the next election. I asked the person conducting the demo if the county clerk's office had heard anything about any memory card based hacks on the machines. She didn't.

Today I spent some time on google and found out that what I was thinking of has become known as the Harri Hursti hack. Now in reading about this I saw that it was for optical scan voting machines. However, I still find myself uneasy that any product from the vendor of our voting machines would have such vulnerabilities.

One test of robustness in a piece of software is how it detects handles invalid data. If we are to have confidence in a voting system it must be able to take a stream of data from /dev/random, return an appropriate error, and keep running or end in a controlled manner. Also, if the XBox 360 can only execute signed code then I think we should expect the same of a voting machine.

We talk about cryptographically signing for copyright protection and for secure banking transactions. Yet we loose sight of such security for the simple act of casting votes. Something's wrong here. I just know I think I want to vote absentee and not use these machines.

Shaun

No comments: