[liberationtech] Fwd: [peoplecount] Encryption no deterent to hackers of voting machines (fwd)

Sun Jan 30 20:49:48 PST 2011

Hi, Sheila. Welcome to the list.

On 1/30/11 6:01 PM, Sheila Parks wrote:
> I am very eager to hear what you have to say about hand-counting all our
> votes in elections and why and how.

Election procedure is not my strength, but I share your skepticism of
electronic voting machines: they are often opaque, unreliable, and
selected by laymen for reasons other than merit. I'm not certain,
however, that hand-counting is the only viable alternative, although
it's certainly a good one.

Back in New York, we used electromechanical lever machines for over a
century without major issues. One key advantage of these lever machines
was that being massive steel boxes full of cams and gears, they were
inherently resistant to discreet reprogramming. Old-fashioned
supervision by observers from rival parties was enough to prevent more
mundane varieties of fraud. Electronic voting machines that merely print
paper ballots also seem benign, if extravagant.

On the other hand, electronic-tally systems frighten me. Today's
machines are badly-made, as security researchers regularly demonstrate.
But even if the machines were technically perfect, their invisible and
intricate operation could still fuel destabalizing accusations of fraud.
Because the integrity of the vote is utterly important, especially in
nations transitioning away from regimes that based their legitimacy on
rigged elections, avoiding even the perception of irregularity is more
important than almost any efficiency gained through technology. The cost
of an election (or at least the vote-collecting portion) is tiny in
perspective.

Voting aside, the article you linked speaks to a larger
issue: even today, the word "encryption" has a certain talismanic
quality. It imbues systems with a dangerous and undeserved aura of
safety. While everyone understands that strong welds alone don't make a
strong bridge, the public lacks the analogous understanding of
cryptography's role and limitations. From WEP to GSM to Sony's
Playstation 3, the digital landscape is littered with the debris of
systems based on good cryptography used badly. We need to emphasize that
"it's encrypted" is never itself an adequate response to security
concerns, and that a public end-to-end analysis by experts is almost
always appropriate.

Regards,
Daniel Colascione

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20110130/4c584345/attachment.asc>