Want To Examine E-Voting Machines That E-Voting Companies Won't Let You See? Do You Have $82?
from the that-wasn't-so-hard... dept
In the ongoing debate over the security of e-voting machines, one thing has stood out. The e-voting companies continually insist that they shouldn't let security researchers examine their machines, often claiming that these well-respected researchers would simply hand over the details to other irresponsible parties. In other words, they were basically admitting that their machines weren't secure, but were hoping that security-by-obscurity would protect them. Unfortunately, security-by-obscurity rarely works -- because the obscurity is never quite as obscure as people hope. It appears that a Princeton professor was able to get his hands on five e-voting machines from Sequoia by bidding $82 in a government surplus auction. He's now examining the machines, and while he says they appear more secure than Diebold's machines, there are still problems with them. Sequoia has responded that it doesn't matter, because any machine that was tampered with would have obviously broken seals. Unfortunately for Sequoia, it's already been pointed out that such seals are easily removed and replaced without anyone noticing, and it seems to happen quite often. However, the bigger point, that Sequoia seems to be ignoring, is that by relying on a security-by-obscurity policy, e-voting companies are assuming that no one with malicious intent would ever get their hands on these machines to inspect them. However, if all it takes is $82 from a government surplus auction (for five of the machines) it seems pretty clear that anyone who wants to examine these machines for vulnerabilities (for either good or bad purposes) can easily get their hands on one. That knocks out the obscurity -- and, with it, whatever "security" that came with it.