We Can't Afford Even One E-Voting Morris Worm
from the catastrophic-failure dept
Over at CNet, Declan McCullagh has an interview with probably the most prominent computer scientist who supports paperless e-voting, Michael Shamos. In a wide-ranging discussion, Shamos acknowledges that e-voting isn't perfect but insists that every voting system has its flaws, and that e-voting can be made to work better than either paper ballots or touch-screen machines with paper trails (which he points out tend to jam a lot). Mike already pointed out some problems with Shamos's analysis, and you can check out Dan Wallach's post for a comprehensive rebuttal. But I found one of Shamos's comments particularly striking. He says:
Remember Robert Tappan Morris and the Internet worm? I would get worried if we start to see systematic evidence (of increasingly robust) attacks. But we've never seen any of those.
Shamos is referring to probably the most famous malware attack in the history of the Internet. In 1988, a grad student named Robert Morris created a worm that infected hundreds, if not thousands, of computers across the Internet. It was by far the most damaging Internet worm up until that time, and as a proportion of all hosts on the Internet, probably still ranks among the most successful worms in Internet history. The important point for our purposes is that nobody saw the Morris worm coming. The security vulnerabilities exploited by the Morris worm were known ahead of time, but few people other than the worm's author realized their seriousness.
Of course, once the Morris worm brought the Internet grinding to a halt for several days, everyone became acutely aware of the importance of security, and so they quickly fixed the bugs Morris had exploited. And luckily, at this point the Internet was still a relatively small, academic network, so while it cost millions of dollars of work to clean up the mess, no irreparable damage was done. But there wasn't a series of "increasingly robust" attacks leading up to the Morris worm that could have provided fair warning to Internet users of the day. The Morris Worm was a lot more sophisticated and successful than anything that had come before it. And by the same token, there's no reason to think that the bad guys will give us some advance warning by incompetently trying to steal a few city council seats before they disrupt a presidential election. If we continue to vote on insecure e-voting machines, we run the risk that our first clue that something is wrong will be when the voting machines in a key swing state "malfunction," throwing the presidential election into turmoil. I don't think we can afford to take that risk.