Tuesday, October 4, 2011

Your vote got jacked: How safe are voting machines?

Here in the United States where the campaign for president is on, Democrats, Libertarians, Republicans and others are busy arguing about voting.  A CBS News story pointed out that 34 states have introduced laws requiring voters to produce identification, and some states are experimenting with laws that prevent voting on the Sunday before elections, or restrict early voting. 

While the various political parties argue over these laws, I wonder about the votes themselves.  Because apparently it's pretty cheap to hack a voting machine.

Technology is great if it makes a job easier, but you also have to consider cost and accuracy.  A recent study from the Argonne National Laboratory in Illinois figured out how to hack a widely used Diebold touchscreen voting machine.  The entire cost for the parts necessary to compromise the machine was $26 USD.  I know the economy is bad, but I'm pretty sure most any faction wishing to hack a vote could come up with $26 for each machine in a given area or even state.

Now election fraud is not a new thing.  People have stuffed ballot boxes, or voted using dead people's names and all sorts of other techniques for as long as people have voted.  The difference in this may be that with human and paper-based systems, fraud is limited by the cheater's ability to influence a given number of people.  In other words, most of the fraud techniques won't work without some collusion.  And when you have enough people in on a secret, the secret often comes out.

For example, you might pay people to vote using various names.  You would drive them around the city on election day so they could hit the different precincts.  But unless you have a lot of people and a lot of drivers, you are probably only impacting a fraction of the total votes. 

In contrast, hacking a voting machine means changing a lot of votes with the involvement of only a few conspirators.  In the Argonne test, the researchers planted a device on the voting machine, which is a physical security issue.  But a test at Princeton back in 2006 revealed that voting software can be hacked.  The testers also found that the machines "are susceptible to computer viruses that can spread themselves automatically and invisibly from machine to machine during normal pre- and post-election activity."

I think that's where the real danger is.  Accessing machines physically is difficult, but if viruses can reach them remotely, it means that hackers could, too.  It isn't hard to imagine political groups in the US or other countries hiring third party hackers to change crucial votes.

Before we continue to use this new technology, we need to take a very hard look at its vulnerabilities.  After all, you want your vote to be yours, not someone else's.

(Here are links to the CBS story, the Argonne story at Fox, and the Princeton study.  The pic is from:  cityofchesapeake.net)

No comments:

Post a Comment