E-Voting Isn't Perfect, But It Takes Less Work to Corrupt Big Elections
from the O(1) dept
Thad Hall, a political scientist at Caltech, complains that e-voting critics rarely make apples-to-apples comparisons between electronic and paper voting systems. They contend that if traditional paper voting systems were subjected to the same kind of close scrutiny that e-voting endures, security experts would find flaws—ballot tampering, ballot box stuffing, and so forth—at least as serious as the problems commonly identified in touch-screen voting machines. Rice computer scientist Dan Wallach responds by pointing to a new paper he's written proposing an elegant way to think about the security of voting systems. Computer scientists use "big-O" notation to describe the complexity of algorithms. He suggests a similar terminology to describe the effort required to compromise voting systems as a function of the size of the election. A security flaw that can be compromised with an effort proportional to the number of voters N is said to be a O(N) flaw. A flaw that can be exploited with an effort proportional to the number of polling places is an O(P) flaw. A flaw that can be exploited with a constant amount of effort, regardless of the number of voters, is an O(1) flaw.
The last kind of attack is the most dangerous because it's feasible for a small number of people—perhaps even a single individual—to do a lot of damage. The reason paper-based elections tend to be better than touch-screen elections isn't that the former don't have flaws. The difference is that attacks against paper-based voting systems are far more likely to be O(N) or O(P)—that is, you have to tamper with a lot of ballots or corrupt a lot of poll workers. In contrast, because they contain re-programmable computers at their hearts, touch-screen voting systems are far more susceptible to O(1) attacks such as a custom-developed virus or a corrupt employee at the e-voting vendor. Because they allow a single individual to do extensive damage, they're much more dangerous than other kinds of attacks, even if carrying them out takes relatively more skill or effort than other attacks with O(P) or O(N) cost. The reason to prefer paper-based voting to touch-screen voting isn't that paper voting is flawless, but that the attacks against them are labor-intensive enough that it's difficult to carry out large-scale attacks without getting caught.