Thursday, April 07, 2011
computers never make mistakes
Like say a former computer programmer.
Who counts the vote on a stand-alone computer. In her office.
And discovers over 7500 extra votes due to a spreadsheet copy error.
Is this kind of farce how you want to run elections?
Waukesha County Clerk Kathy Nickolaus' decision to go it alone in how she collects and maintains election results has some county officials raising a red flag about the integrity of the system.
Nickolaus said she decided to take the election data collection and storage system off the county's computer network - and keep it on stand-alone personal computers accessible only in her office - for security reasons.
"What it gave me was good security of the elections from start to finish, without the ability of someone unauthorized to be involved," she said.
Nonetheless, Director of Administration Norman A. Cummings said because Nickolaus has kept them out of the loop, the county's information technology specialists have not been able to verify Nickolaus' claim that the system is secure from failure.
In March, Nickolaus said, she moved the data off that server and into her own stand-alone system. She has a backup on a second computer, she said. In addition, she said, as she programs for elections, she does frequent backups during the day.
Nickolaus said she was a programmer for 15 years before becoming county clerk. And she said her staff knows how to operate the system, so "if I get hit by a bus, this election is going to run just fine."
from August 13, 2010 Journal Sentinel - Officials dispute reliability of Waukesha County clerk's election data system
and what happened in 2011?
David Prosser gained 7,582 votes in Waukesha County, after a major counting error of Brookfield results was detected, County Clerk Kathy Nickolaus announced in a stunning development this afternoon.
Nickolaus says the reason for the big change is that data transmitted from the City of Brookfield was imported but that she failed to save those results to the database. Brookfield cast 14,315 votes on April 5 -- 10,859 of those votes went to Prosser and 3,456 went to JoAnne Kloppenburg.
"The purpose of the canvass is to catch these kind of mistakes," Nickolaus said. She called it human error that is "common in this process." "I apologize," Nickolaus said.
April 7, 2011 - Journal Sentinel - Prosser's huge gain comes after Waukesha County flub is caught
Now let us imagine this story told this way:
* for security purposes, the elections official has boxes containing all the votes, in her private office
* oh and she's an expert in creating ballots
* oh and she just discovered another box of ballots over there in the corner
Do you think any elections observer in the world would buy this?
But it's all done with computers, so I guess it's impossible there could be anything suspicious.
Human nature doesn't change.
And humans program computers.
And humans create the security for computers.
Computer security does not exist in the abstract. Computers do not defend themselves or program themselves. But somehow people think it is a realm beyond human emotion and failings. In the end it's systems created by humans, used by humans, that have to resist threats from humans.
This is what happens when you vote over the Internet:
* Someone with some credentials they got somewhere votes. Hopefully it's you, with your rightful credentials. But it could be anyone who gained valid credentials, anywhere in the world.
* These credentials are used to vote. This involves your computer, full of hundreds of competing programs created by fallible humans, interacting with a website created by humans, over a network built managed and run by humans.
* The vote... or at least a vote, lands on a server... somewhere, a server running thousands of pieces of human-created software. A server installed, controlled, and managed by humans.
So the good news is, as long as you can absolutely trust every one of the thousands of people involved in that chain, and all of the one billion people on the Internet can't outsmart their security, then your vote is fine.
And the above is all if it's done WELL, not if it's some bogus "the counting computer is in my back closet" ridiculously compromised chain of custody.
Or alternatively, you could set things up so local people from competing political parties are watching one another, mark the votes on paper, watch the ballot box containing the votes, and count all the votes in public. In minutes (for a Canadian election).
So your choice is:
1. If you trust everyone who has ever created or maintained any device or software in the chain from your keyboard to the vote-counting server, and everyone with access to the server room, and everyone else in the world who is on the Internet, then Internet voting is a great choice.
2. If you trust people from your neighbourhood who have the very human motivation of competing interests, with a process that is visible to you end-to-end, and immediate local consequences if fraud is found, then you might want to vote on paper instead.
We are very very good at understanding voting risk scenarios in the physical world. We are very very bad at understanding risk in the digital world.
Where would you rather have your voting taking place?
Labels: electronic voting
Tuesday, April 05, 2011
Cyber attacks hit Canadians. Again.
Two recent incidents are:
* the Epsilon breach in the US, where Canadian email addresses were compromised
Air Miles among firms hit by huge data breach
* the attack on four Bay Street law firms
Major law firms fall victim to cyber attacks
Now imagine that instead of email addresses and mergers and acquisitions information, the prize was the entire Canadian election, the direction of the entire Canadian economy.
Do you imagine for a second that the same sophisticated computer attackers that have already successfully broken into computer systems will somehow not decide to attack an online voting system? Keep in mind that corporations and law firms have huge financial and reputation incentives to protect their systems, and they still fail. Do you think the government will do any better? Do you think that the millions of Canadians using their personal computers to vote will have better Internet security than Bay Street law firms?
Voting over the Internet is an invitation to successful cyberattack. And following such an attack, the entire integrity of your voting system is compromised. To compromise a paper-based election you need people to physically intervene simultaneously at locations all across Canada, somehow escaping detection of all the citizens and elections officials present. It would require massive coordination and risk of detection and capture. To compromise an Internet-based election, all you need is one person with an Internet connection anywhere in the world, pushing a button.
Sunday, April 03, 2011
Liberal Party platform proposes online voting
A Liberal government will direct Elections Canada to develop an online voting option, starting with a pilot project for individuals serving overseas in the Canadian Armed Forces and the federal public service, and post-secondary students living outside their home ridings. The pilot will support a broader discussion with Canadians about an online voting option for every voter.
Full Liberal platform (PDF) - Chapter 4, page 73 "Modernizing the Voting System". Released April 3, 2011.
If you want a pilot of overseas online voting, look no farther than the US. The problems identified in the analysis of their online voting system - "A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE)" - were so severe that the system was scrapped. So we can save a lot of time by not repeating their experience.
Modern is not always better. Actually working is better. We have a system that works.