Harris Miller, president of the Information Technology Association of America (ITAA), stated that the open source movement is using the issue of e-voting security to wage a religious war that pits open-source software against proprietary software. The only thing more absurd would be for Harris to blame the woes of e-voting as a vast right-wing conspiracy.
Miller said critics who claim to be concerned about the security of e-voting systems are really using the issue to push a political agenda on behalf of the open-source community. Miller should applaud the whistle-blowers who have demonstrated the security flaws of e-voting systems, not disparage them
.
Leading security professionals are against e-voting, given the serious security issues around e-voting. While there are myriad benefits to e-voting, the huge security risks currently faced outweigh all of those benefits. If e-voting were a drug, the FDA would never let it out of the lab. Let’s hope that’s the municipalities that are so ensconced with e-voting, have the same level of fortitude to ban insecure e-voting systems.
Miller stated that a recent ITAA survey showed that 77% of registered voters are unconcerned about the security of e-voting systems. Such a figure should accentuate how little those polled know about information security. Could any of those 77% could find insecure code in the voting software or explain how blind authentications voting systems are supposed to work? Democracy is magnificent, but the optimism of 77% of the populace can’t make insecure and buggy code workable. If the 77% truly understood the myriad security problems, their enthusiasm for e-voting would be quickly extinguished.
e-voting creates the largest and most unique set of challenges to information security today; greater than the security challenges of e-commerce or electronic tax filing systems. When the ITAA points fingers at the open source movement, it is only in a losing attempt to deflect criticism of the inherent security flaws of e-voting systems.
Paper voting is clearly not without its problems as the 2000 Presidential election showed. What traditional voting systems offer are audit trails. Even with all of their shortcomings, paper audit trails are the best we currently have. While fraudulent multiple voting has long been a problem, the most fraudulent votes a single person could place in a single day is perhaps 20. Move that election on-line and there is no limit (within reason) to the amount of hacked votes that could be placed.
Electronic audit trails, if done correctly, could offer an ideal solution. The only problem is that there are no vendors offering levels of auditability that would enable secure e-voting to take place.
A secure e-voting system is not beyond our reach and could be developed. But that would take the software equivalent of the Manhattan Project to carry to fruition. Until then, the only bomb is the e-voting software itself.