If you live in a democracy -- yes, I'm looking at you -- you have to go read this article on How to steal an election by hacking the vote.

What if I told you that it would take only one person—one highly motivated, but only moderately skilled bad apple, with either authorized or unauthorized access to the right company's internal computer network—to steal a statewide election? You might think I was crazy, or alarmist, or just talking about something that's only a remote, highly theoretical possibility. You also probably would think I was being really over-the-top if I told you that, without sweeping and very costly changes to the American electoral process, this scenario is almost certain to play out at some point in the future in some county or state in America, and that after it happens not only will we not have a clue as to what has taken place, but if we do get suspicious there will be no way to prove anything. You certainly wouldn't want to believe me, and I don't blame you.

So what if I told you that one highly motivated and moderately skilled bad apple could cause hundreds of millions of dollars in damage to America's private sector by unleashing a Windows virus from the safety of his parents' basement, and that many of the victims in the attack would never know that they'd been compromised? Before the rise of the Internet, this scenario also might've been considered alarmist folly by most, but now we know that it's all too real.

. . . .

So now it's time to hit the panic button: In this article, I'm going to show you how to steal an election.

Stokes goes on to demonstrate how our new reliance on electronic voting makes it not only easy for a single person (or small group) to change the outcome of an election, but also makes it impossible to tell that such a change has been made.

* Bits and bytes are made to be manipulated; by turning votes into bits and bytes, we've made them orders of magnitude easier to manipulate during and after an election. * By rushing to merge our nation's election infrastructure with our computing infrastructure, we have prematurely brought the fairly old and well-understood field of election security under the rubric of the new, rapidly evolving field of information security. * In order to have confidence in the results of a paperless DRE-based election, you must first have confidence in the personnel and security practices at these institutions: the board of elections, the DRE vendor, and third-party software vendor whose product is used on the DRE. * In the absence of the ability to conduct a meaningful audit, there is no discernable difference between DRE malfunction and deliberate tampering (either for the purpose of disenfranchisement or altering the vote record).

It continues to astound me that the richest democracy on earth cannot secure its own elections. I have more 50x confidence in an ATM than I do in a voting machine. Conspiracy Theory Mike says that's because politicians run the elections, and politicians like to steal elections, therefore they have no interest in a secured system. Cynical Mike says that we've just figured that we should get the best system money can buy, and therefore the highest price tag must mean the most secure system, and bingo, we turn our right to vote over to the private sector. (Cynical Mike also thinks that if an election is stealable, it will eventually be stolen.)

Idealistic Mike wants everyone to read this article and then leave a comment telling me what we can all do about it.

M E-L posted this on October 27, 2006
It is filed under Computers & Internet, National News

It is also indexed with the following tags: Electronic Voting | Democracy | Hack | Voting | Diebold |