[ Features Index | Silicon Valley | Metroactive Home | Archives ]

Techsploits Internet Voting By Annalee Newitz MY HACKER friend Mason is fond of saying that whenever he explains a computer security issue to a nontechnical person, he gives them one simple set of instructions. "If you're talking about doing something with the Internet, just put the word 'evil' in front of it," he told me with a grin. "That way, you can say you're sending email over the evil Internet, or you're doing banking over the evil Internet. I find that this really helps to clarify the issue." What Mason means is that the Internet is not secure, and therefore it does not protect you against evil. When you chat on the Internet, you are not chatting in private. When you do your banking over the Internet, there are dozens of ways for an industrious hacker to snarf your password and take over your bank account. Using the Internet is like walking down the street in New York City. Most of the time, you'll have no problems. But once in a while, somebody will steal your wallet, eavesdrop on your conversations or abduct you and beat you senseless. And that's just one reason why there's an electronic voting issue that everybody can agree on: Internet voting sucks ass. Although the whole electronic voting machine issue is only getting uglier and uglier as November draws near, at least we can rest assured that nobody—not even Jeb Bush—will try to make us vote over the Internet. Back in January, a coalition of Democrats and Republicans representing U.S. citizens overseas worked together to stop a proposal that would have allowed out-of-country voters to mark their ballots online. This bipartisan attack on Internet voting was bolstered by an independent report on the government's Secure Electronic Registration and Voting Experiment (SERVE), a system for Internet voting slated to be rolled out this year. The authors of this report, a team of computer security experts and professors, noted, "The vulnerabilities we describe cannot be fixed by design changes or bug fixes to SERVE. These vulnerabilities are fundamental in the architecture of the Internet." (You can see the whole report at www.servesecurityreport.org.) Boiled down, what the report said was: "Don't vote on the evil Internet." Similar kinds of reports, written by well-credentialed experts, have been issued about our current crop of electronic voting machines too. But the political response, while nonpartisan, has been a lot less emphatic. Sure, there are a couple of bills making their way through the House and Senate that would force counties and states to make their E-voting machines a bit more secure by producing what are called voter-verifiable paper audit trails (basically, paper versions of your electronic ballot that you can check for accuracy and use in a recount). But there has been no call to halt the use of these machines entirely, the way there has been in debates over Internet voting systems. Granted, the E-voting machines many people will use in November won't be sending our votes over the evil Internet, but they are nevertheless insecure. More importantly, they are subject to all kinds of random screw-ups. By now, you've probably heard countless reports of how an ES&S iVotronic machine lost over a hundred votes in a 2002 Florida gubernatorial election; and that hundreds of voters in Southern California couldn't cast votes in a March election because their Hart InterCivic machines broke down unexpectedly. And let's not even get started on Diebold, the company now notorious for getting its machines banned in the state of California for loading software on them which hadn't been certified by the state. The obvious question is, Why are people freaked out about Internet voting, but not so much about E-voting machines? The answer is simple. It's too late. No matter how many reports we write, no matter how many bills we shove through congressional committees, people will be voting on shitty-ass machines in the next election—machines whose security makes Windows XP look like OpenBSD. Luckily, there are activists and policymakers who are trying to make these machines work as smoothly as possible come November (check out www.verifiedvoting.org). Often, these are the same people who are making it safe for you to do banking and credit card transactions online. As usual, the high-tech marketplace is moving faster than the democratic ideals that made its rapid expansion possible. Sometimes, that's a good thing. This November, I hope we don't have to learn a hard lesson about what happens when it isn't. Annalee Newitz ([email protected]) is a surly media nerd who wants her double-encrypted paper audit trail right now, you bastards! Send a letter to the editor about this story to letters@metronews.com. [ Silicon Valley | Metroactive Home | Archives ]