, , , , , , , , , , , , , , , ,

July 19, 2008

By Rady Ananda and Andi Novick

Top shelf, the crème de la crème, the most succinct, in-plain-English, best quotes by computer security experts.  Do we really want to vote on this “crap?”  The quotes:

“…testing to high degrees of security and reliability is from a practical perspective not possible.” 


“…insufficient to guarantee a trustworthy election.”  


“… provides the opportunity for new kinds of attacks, from new kinds of attackers.”


“An attack could plausibly be accomplished by a single skilled individual with temporary access to a single voting machine.  The damage could be extensive – malicious code could spread to every voting machine in polling places and to county election servers.”


“… numerous studies have shown that currently deployed voting systems are susceptible to undetectable malicious attacks….” 


“Malware in a voting system could be designed to operate in very subtle ways…. be inserted at any of a number of different stages … from the precinct all the way back to initial manufacture – and lie in wait for the appropriate moment.” 


“This is a classic computer security problem.  Whoever gets into the machine first wins.  So if the Trojan horse software is in there first, you ask it to test itself — it will always lie to you and tell you everything is fine.”


“There would be no way to know that any of these attacks occurred….” 


“…’logic-and-accuracy testing’ … will never be comprehensive; important flaws will always escape any amount of testing.” 


“The current certification process may have been appropriate [with] a 900 lb lever voting machine…. But software is different….  you cannot certify an electronic voting machine the way you certify a lever machine…. we absolutely expect that vulnerabilities will be discovered all the time….” 


“A certification system that requires freezing a version in stone is doomed to failure because of the inherent nature of software.” 


“… vulnerability of the system to malware infection and manipulation. … large possibility that they could implement malicious programming (malware) into the system with little chance of detection. …could likely spread from component to component throughout the system.”  


“… the lack of capability to detect and report potential malware attacks against the system makes it the single largest threat.” 


To learn how to keep software driven voting systems out of New York, visit http://www.re-mediaetc.org/.

For full quotes and citations, see Debunking Pre-Election Testing Myths, or read the 50+ reports listed in this bibliography.