We Can't Afford Even One E-Voting Morris Worm

from the catastrophic-failure dept

Over at CNet, Declan McCullagh has an interview with probably the most prominent computer scientist who supports paperless e-voting, Michael Shamos. In a wide-ranging discussion, Shamos acknowledges that e-voting isn't perfect but insists that every voting system has its flaws, and that e-voting can be made to work better than either paper ballots or touch-screen machines with paper trails (which he points out tend to jam a lot). Mike already pointed out some problems with Shamos's analysis, and you can check out Dan Wallach's post for a comprehensive rebuttal. But I found one of Shamos's comments particularly striking. He says:

Remember Robert Tappan Morris and the Internet worm? I would get worried if we start to see systematic evidence (of increasingly robust) attacks. But we've never seen any of those.

Shamos is referring to probably the most famous malware attack in the history of the Internet. In 1988, a grad student named Robert Morris created a worm that infected hundreds, if not thousands, of computers across the Internet. It was by far the most damaging Internet worm up until that time, and as a proportion of all hosts on the Internet, probably still ranks among the most successful worms in Internet history. The important point for our purposes is that nobody saw the Morris worm coming. The security vulnerabilities exploited by the Morris worm were known ahead of time, but few people other than the worm's author realized their seriousness.

Of course, once the Morris worm brought the Internet grinding to a halt for several days, everyone became acutely aware of the importance of security, and so they quickly fixed the bugs Morris had exploited. And luckily, at this point the Internet was still a relatively small, academic network, so while it cost millions of dollars of work to clean up the mess, no irreparable damage was done. But there wasn't a series of "increasingly robust" attacks leading up to the Morris worm that could have provided fair warning to Internet users of the day. The Morris Worm was a lot more sophisticated and successful than anything that had come before it. And by the same token, there's no reason to think that the bad guys will give us some advance warning by incompetently trying to steal a few city council seats before they disrupt a presidential election. If we continue to vote on insecure e-voting machines, we run the risk that our first clue that something is wrong will be when the voting machines in a key swing state "malfunction," throwing the presidential election into turmoil. I don't think we can afford to take that risk.

Filed Under: e-voting, michael shamos

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Allan, 24 Apr 2008 @ 6:44pm

    The real issues

    It makes me chuckle and sad how few people (not just in the US) understand their own electoral process, let alone the complexities of their election system or the machines and processes used to implement them.

    Improving any system or process is like ‘peeling an onion’. Identify and address the most serious flaws and issues first, then continue until the flaws and issues become small enough to be acceptable. Of course this takes a rational, unemotional, systematic approach which is properly funded.

    Election activists, critics and conspiracy theorists have a tendency to harp on about their own little concerns and pet peeves, rather than take the time to understand the big picture and target the real issues. And you know what? the incumbent politicians and power brokers the world over are just happy for them to do so, as it takes attention away from how they really influence elections, so they can continue to do just that.

    Take elections in the US, which are the most complex in the world. Here are some facts of which most Americans, including the activists, appear to be blissfully unaware:

    The democratic process is an illusion. When voting for President, Americans are actually voting for a representative on the electoral collage for their State, NOT for the President. Your vote does not count for President. It is that Electoral College that decides how to allocate that States votes for President (each state has a different number of electoral collage votes based on size, population, history etc). There is an assumption that the Electoral College will follow the popular vote for that State, but it has no constitutional obligation to do so, and in the past there have been documented occasions when it has not. So much for democracy.

    It is a Federal offence to interfere with the election process in order to influence the result. Influencing the election for senior positions (State and Federal rather than local) in such a manner would require such a wide spread corruption and law breaking that the risk of it being detected is just too great for any of the major parties to even consider, whether it be interfering with electronic machines, paper ballots, polling places or the tally process. Why should they bother when they have a much wider range of legal and borderline legal ways to achieve the same goal? Incumbents use legislation and policy to affect voter registration, voter eligibility, accessibility to polling sites etc. The number of cases of legal but immoral practices to achieve this is widespread, however many activists tend to try to blame the election technology used rather than identify the true issues. Take Ohio in 2004 as an example – activists blame the use of electronic machines rather than the distribution of those machines and the policies to reduce access to the poling places in certain areas, both of which were legal and highly effective.

    The easiest point in the electoral process to influence an election is voter registration, not the polling place (or voting machines). If people are registered to vote who should not be (non-existent, dead, out of state) or certain legitimate groups are not registered (discouraged, removed from electoral roll), then the election can be influenced at source. This happened in Florida in 2000, when a State law was passed requiring registrars to remove anyone from the electoral roll who was ‘suspected of being a felon’ (felons are not allowed to vote in Florida). The State (read Governors office) provided a list of people who were suspected of being felons to some (but not all) registrars. These lists were concentrated in areas of particular geo-political nature and included people who shared the surname and initials of a known felon! These voters were not notified that they had been removed. Hence, many voters turned up to vote only to be told they were not eligible to do so. Coupled with same highly dubious decisions concerning provisional and absentee voting, this policy was both legal and highly effective.

    The amount of effort required for a jurisdiction to implement an election in the US is huge due to the complexity and frequency of elections. It is just a simple fact that even if those tasked with running the election wanted to ‘rig’ it (and really they do not) they do not have the time or manpower to do so. All they really want to do is to successfully implement it, with a minimum of issues and hope they survive with their sanity intact for the next one!

    Paper based elections are only slightly more secure than a show of hands. There is a growing misconception, that the use of paper ballots ensures a secure election because it leaves a permanent record of the ballots cast which can be audited. Paper based election have been used for centuries and a myriad of ways to rig them have been invented and successfully used in that time. How can you tell if ballot boxes have been stuffed or ballots removed? – when you audit the election the records include the ‘extra ones’ and does not include those removed - it is 'self auditing'. This has been common place in the past. Another easy way, which has been used in the US, is the artificial creation of over-votes for certain contests during the counting or auditing process. Choices in over-voted contests (where more choices have been made than are allowed) do not count, so if an election worker adds a mark to a ballot or punches out an extra hole, on some ballots then those votes will not count either in the main counting process or the re-count process, and there is no evidence of it as the very ‘auditable ballot’ is the thing that has been manipulated.

    Very little money is actually spent on the election process for the complexity an frequency of the elections. Election departments are funded at County (or City) level and with budget restrictions are usually under funded and struggling. Even the $5 Billion that the Federal government made available from Federal funds for HAVA sounds a lot but only represents about $12 per eligible voter and a large proportion of that went to voter education and infrastructure.

    Now, that’s not to say that the election activists do not have good points. They certainly come up with a myriad of ways to improve the election process and make it more secure. However, they are concentrating on minor issues compared with the glaring issues that exist and do not recognize the level of funding needed to really guarantee a fair and secure election. I just hope that community gets smart and starts to concentrate on the biggest issues, so that America can once again gain the respect of the rest of the world as the beacon of democracy it once was.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.