Sunday, November 14, 2004

When Computer Security Experts Attack...

One of my heroes, Bruce Schneier, a computer security expert and CTO of Counterpane Systems, and the editor of the excellent Crypto-Gram Newsletter, has lobbed another grenade downrange on the subject of The Problem With Electronic Voting Systems.

It should not surprise you that his recommendations are basically the same ones I've been blasting out for the last two years. Quoting from his concluding paragraphs (emphasis mine):

1. DRE [direct record electronic, e.g. touch-screen] machines must have a voter-verifiable paper audit trail (sometimes called a voter-verified paper ballot). This is a paper ballot printed out by the voting machine, which the voter is allowed to look at and verify. He doesn’t take it home with him. Either he looks at it on the machine behind a glass screen, or he takes the paper and puts it into a ballot box. The point of this is twofold. One, it allows the voter to confirm that his vote was recorded in the manner he intended. And two, it provides the mechanism for a recount if there are problems with the machine.

2. Software used on DRE machines must be open to public scrutiny. This also has two functions. One, it allows any interested party to examine the software and find bugs, which can then be corrected. This public analysis improves security. And two, it increases public confidence in the voting process. If the software is public, no one can insinuate that the voting system has unfairness built into the code. (Companies that make these machines regularly argue that they need to keep their software secret for security reasons. Don’t believe them. In this instance, secrecy has nothing to do with security.)

Lost in much of the ongoing kerfuffle about voting irregularities and exit poll discrepancies is that second point above. Schneier does a pretty good job of explaining in short easy words why people like me keep hammering on the fact that all these election computers are running proprietary trade-secret code. A lot of my liberal friends don't get why this is so important, and it drives me into shrill, unholy madness when they respond to this concern with a sense of total ambivalence about it.

The fact is the second requirement is even more important than the first. Without public analysis of the source code, any public confidence placed in the integrity of the voting process is completely and utterly false confidence. Why, oh why, is this such a hard concept for my liberal friends to comprehend? If liberals were in control of all three branches of federal government and a majority of the state governments as well, you better believe the conservatives would be shouting about this from the rooftops. It wouldn't be just a few lone computer security experts.

UPDATE 2004-11-17: I have still not heard a word of comment from any of my liberal friends about why they are not very exercised about the proprietary trade-secret source code problem. Some of them are starting to get it about the voter-verified paper ballots— but the source code thing is going completely over their heads.

I am now in the depths of another bout of shrill, unholy madness.

No comments: