We Can't Afford Even One E-Voting Morris Worm

from the catastrophic-failure dept

Over at CNet, Declan McCullagh has an interview with probably the most prominent computer scientist who supports paperless e-voting, Michael Shamos. In a wide-ranging discussion, Shamos acknowledges that e-voting isn’t perfect but insists that every voting system has its flaws, and that e-voting can be made to work better than either paper ballots or touch-screen machines with paper trails (which he points out tend to jam a lot). Mike already pointed out some problems with Shamos’s analysis, and you can check out Dan Wallach’s post for a comprehensive rebuttal. But I found one of Shamos’s comments particularly striking. He says:

Remember Robert Tappan Morris and the Internet worm? I would get worried if we start to see systematic evidence (of increasingly robust) attacks. But we’ve never seen any of those.

Shamos is referring to probably the most famous malware attack in the history of the Internet. In 1988, a grad student named Robert Morris created a worm that infected hundreds, if not thousands, of computers across the Internet. It was by far the most damaging Internet worm up until that time, and as a proportion of all hosts on the Internet, probably still ranks among the most successful worms in Internet history. The important point for our purposes is that nobody saw the Morris worm coming. The security vulnerabilities exploited by the Morris worm were known ahead of time, but few people other than the worm’s author realized their seriousness.

Of course, once the Morris worm brought the Internet grinding to a halt for several days, everyone became acutely aware of the importance of security, and so they quickly fixed the bugs Morris had exploited. And luckily, at this point the Internet was still a relatively small, academic network, so while it cost millions of dollars of work to clean up the mess, no irreparable damage was done. But there wasn’t a series of “increasingly robust” attacks leading up to the Morris worm that could have provided fair warning to Internet users of the day. The Morris Worm was a lot more sophisticated and successful than anything that had come before it. And by the same token, there’s no reason to think that the bad guys will give us some advance warning by incompetently trying to steal a few city council seats before they disrupt a presidential election. If we continue to vote on insecure e-voting machines, we run the risk that our first clue that something is wrong will be when the voting machines in a key swing state “malfunction,” throwing the presidential election into turmoil. I don’t think we can afford to take that risk.

Filed Under: ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “We Can't Afford Even One E-Voting Morris Worm”

Subscribe: RSS Leave a comment
Anonymous Coward says:

I just wish folks would listen to the preponderance of technical folks and power users who have been trusting computers with our jobs, entertainment, communication, and secrets for years.. and have been thinking about it carefully all the while.. who insist that this one particular e-voting application is just a downright rotten idea.

Rebato says:

If we continue to vote on insecure e-voting machines, we run the risk that our first clue that something is wrong will be when the voting machines in a key swing state “malfunction,” throwing the presidential election into turmoil. I don’t think we can afford to take that risk.

You mean … again, right? I don’t want to play into conspiracy theories but I believe that is what’s happened in our most recent presidential elections.

zcat says:

EVoting NEEDS a Morris worm!!

Not just one swing state, there needs to be a total and catastrophic failure of voting systems in several states, preferably involving more than one vendor.

Nothing else is going to wake up voters and make them start to think about the security (or lack thereof) of current electronic voting systems.

A few minor ‘inconsistencies’ in one or two states can easily be brushed off. “Exit polls are inaccurate”, etc. It’s _already_ happened twice. The voting public is blissfully unaware of this.

“The canary was already sick, it probably died of natural causes”

That won’t wash if the problems are widespread and obvious.

Eric the Grey says:

So. . .

You mean to tell me that these machines are all networked together, and available for internet connections?

Why? Do we voters have the opportunity to do last minute checks on the candidates for slimy practices, just before we vote?

I know very little about these machines, but it seems to me that they should be stand-alone boxes, that record all the data as it goes in and nothing more. Placing them on any kind of network puts the entire system in jeopardy.


Rich Kulawiec says:

Lessons not learned

It’s been nearly twenty years since I was awakened by a panicked call from Purdue University’s Computing Center operations staff telling me “all the VAXes are down”, because that’s how it looked at first blush. What followed was a fairly good reality check and a substantial amount of panic as it was realized that this problem extended across the campus and beyond. We were lucky: my colleague Kevin Braunsdorf and I figured out a one-line fix that blocked the worm from propagating, and of course it turned out that it didn’t include malicious, data-destroying code.

Fast-forward to today and it becomes clear that NONE of the vendors or backers of computerized voting systems have absorbed the lesson — or if they have, their knowledge has been overruled by their profit motive. As Schneier’s brilliant economic analysis has shown, the budget available to an attacker going after the US Presidential election should be presumed to be on the order to $100 million. That’s easily enough to subvert these systems using a Morris-worm-ish technique albeit with considerably more subtlety so that it’s not nearly as easy to detect.

Moreover, the continued refusal by voting system vendors to publish all source code, all hardware design documents, etc. and submit them for public inspection means that the pool of people with access to this information is severely limited. Worse, it’s limited to the same people who are known to be designing, building, and deploying buggy, insecure systems, thus the people least likely to detect an issue similar to the Morris worm.

We need to go back to pencil and paper ASAP. (Yes, pencil and paper systems have their issues, too, but they’re vastly better-understood and they have the highly desirable property that they’re much more difficult to subvert en masse, which largely prevents large-scale fraud.)

Allan says:

The real issues

It makes me chuckle and sad how few people (not just in the US) understand their own electoral process, let alone the complexities of their election system or the machines and processes used to implement them.

Improving any system or process is like ‘peeling an onion’. Identify and address the most serious flaws and issues first, then continue until the flaws and issues become small enough to be acceptable. Of course this takes a rational, unemotional, systematic approach which is properly funded.

Election activists, critics and conspiracy theorists have a tendency to harp on about their own little concerns and pet peeves, rather than take the time to understand the big picture and target the real issues. And you know what? the incumbent politicians and power brokers the world over are just happy for them to do so, as it takes attention away from how they really influence elections, so they can continue to do just that.

Take elections in the US, which are the most complex in the world. Here are some facts of which most Americans, including the activists, appear to be blissfully unaware:

The democratic process is an illusion. When voting for President, Americans are actually voting for a representative on the electoral collage for their State, NOT for the President. Your vote does not count for President. It is that Electoral College that decides how to allocate that States votes for President (each state has a different number of electoral collage votes based on size, population, history etc). There is an assumption that the Electoral College will follow the popular vote for that State, but it has no constitutional obligation to do so, and in the past there have been documented occasions when it has not. So much for democracy.

It is a Federal offence to interfere with the election process in order to influence the result. Influencing the election for senior positions (State and Federal rather than local) in such a manner would require such a wide spread corruption and law breaking that the risk of it being detected is just too great for any of the major parties to even consider, whether it be interfering with electronic machines, paper ballots, polling places or the tally process. Why should they bother when they have a much wider range of legal and borderline legal ways to achieve the same goal? Incumbents use legislation and policy to affect voter registration, voter eligibility, accessibility to polling sites etc. The number of cases of legal but immoral practices to achieve this is widespread, however many activists tend to try to blame the election technology used rather than identify the true issues. Take Ohio in 2004 as an example – activists blame the use of electronic machines rather than the distribution of those machines and the policies to reduce access to the poling places in certain areas, both of which were legal and highly effective.

The easiest point in the electoral process to influence an election is voter registration, not the polling place (or voting machines). If people are registered to vote who should not be (non-existent, dead, out of state) or certain legitimate groups are not registered (discouraged, removed from electoral roll), then the election can be influenced at source. This happened in Florida in 2000, when a State law was passed requiring registrars to remove anyone from the electoral roll who was ‘suspected of being a felon’ (felons are not allowed to vote in Florida). The State (read Governors office) provided a list of people who were suspected of being felons to some (but not all) registrars. These lists were concentrated in areas of particular geo-political nature and included people who shared the surname and initials of a known felon! These voters were not notified that they had been removed. Hence, many voters turned up to vote only to be told they were not eligible to do so. Coupled with same highly dubious decisions concerning provisional and absentee voting, this policy was both legal and highly effective.

The amount of effort required for a jurisdiction to implement an election in the US is huge due to the complexity and frequency of elections. It is just a simple fact that even if those tasked with running the election wanted to ‘rig’ it (and really they do not) they do not have the time or manpower to do so. All they really want to do is to successfully implement it, with a minimum of issues and hope they survive with their sanity intact for the next one!

Paper based elections are only slightly more secure than a show of hands. There is a growing misconception, that the use of paper ballots ensures a secure election because it leaves a permanent record of the ballots cast which can be audited. Paper based election have been used for centuries and a myriad of ways to rig them have been invented and successfully used in that time. How can you tell if ballot boxes have been stuffed or ballots removed? – when you audit the election the records include the ‘extra ones’ and does not include those removed – it is ‘self auditing’. This has been common place in the past. Another easy way, which has been used in the US, is the artificial creation of over-votes for certain contests during the counting or auditing process. Choices in over-voted contests (where more choices have been made than are allowed) do not count, so if an election worker adds a mark to a ballot or punches out an extra hole, on some ballots then those votes will not count either in the main counting process or the re-count process, and there is no evidence of it as the very ‘auditable ballot’ is the thing that has been manipulated.

Very little money is actually spent on the election process for the complexity an frequency of the elections. Election departments are funded at County (or City) level and with budget restrictions are usually under funded and struggling. Even the $5 Billion that the Federal government made available from Federal funds for HAVA sounds a lot but only represents about $12 per eligible voter and a large proportion of that went to voter education and infrastructure.

Now, that’s not to say that the election activists do not have good points. They certainly come up with a myriad of ways to improve the election process and make it more secure. However, they are concentrating on minor issues compared with the glaring issues that exist and do not recognize the level of funding needed to really guarantee a fair and secure election. I just hope that community gets smart and starts to concentrate on the biggest issues, so that America can once again gain the respect of the rest of the world as the beacon of democracy it once was.

Chris Brudy says:

The Perfect worm

Sooner or later even the computer people will come to realize that the only way to make sure the votes are counted correctly is to have four sets of human eyes observing each and every vote as it is tallied.

I’m not a Luddite. Computers are indispensable. The problem arises when the users are divided as to what the output is supposed to mean. Programmers from one party or the other can not be relied upon to be honest, especially when the code is never inspected.

We need worms, spread around every county in the country, that either crash the machines totally or automatically give the Democrat 80% of the vote. Otherwise, look forward to eternal war and eventual economic ruin.

molded plastic parts (user link) says:

Carmi’s Auckland Recommendations

Australia We can’t believe it either–Australia is the last stop on our Lost Girls China printing round-the-world journey! We’re gonna make the most of our time in Oz by renting an apartment on Bondi Beach in Sydney (just a block away from the water!) and taking road trips to cool scaffolding spots up and down the East Coast. All three of us are dying to learn how to surf, so we’re definitely signing up for classes with the hottest instructors we can find plastic bucket manufacturer!

After our two months in Sydney are up, The Lost Girls are parting ways…Jen goes back to the States to do the “friends n’ family tour,” Holly is returning to NYC and Amanda will stay on in Oz to dive the Great Barrier Reef. Are we abandoning the blog? Hell, no! Stay tuned for regular updates about our American re-entry, reverse culture shock and latest travel adventures.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...