More From Yesterday's Paper
Buried on Page 18A:
County officials challenge state over voting machines
Santa Clara county officials are pushing back against California Secretary of State Kevin Shelley's directive to require security measures to safeguard the integrity of electronic voting systems. Officials in 9 other counties are supporting Santa Clara. All of these counties recently bought new touch-screen voting machines.
Why the pushback? Simple bureaucratic politics is my guess. Someone or some group in each county authorized the purchase of these machines and stands to get blamed if the machines are found to be flawed or unusable.
Now, I don't subscribe to any conspiracy theories about the Diebold voting machines. Various companies, including Diebold, rushed these machines into production after the 2000 election debacle because they saw a chance to make a quick buck. The investors out for a quick buck couldn't care less about security issues or quality software development processes; those things just cost more money and delay the release of the product. So the engineers - who probably don't have much experience in or knowledge about building secure systems - realized that the thing is badly flawed and will constantly need to be fixed using field-expedient methods. So they put in things like wireless network cards and simple locks that make it easy to replace memory cards and firmware.
When the CEO of Diebold promises to deliver Ohio to the Republican Party in the next election, he's acting as conventional party power broker, not as some sort of evil conspirator who's deliberately created a system he knows his co-conspirators can hack.
When the Diebold folks deny that there are any problems with their systems, they're not engaged in some systematic and well-organized coverup. They're clueless. Dismissing all the evidence of any problems is nothing more than the simple human act of denial.
When California county officials complain about the Secretary of State's directives about security, they're engaged in a bureaucratic turf war. They're not participants in a massive conspiracy to alter the results of elections.
Never ascribe to malice that which can explained by simple incompetence.
It's apparent that no matter how many times independent security experts point out how badly these machines are flawed, there will be no stopping their adoption and use. I'm beginning to think that the best thing that could happen is for a group of white-hat hackers to alter the results of an election in some ridiculous and undeniably obvious way (like having Mickey Mouse be the winner of some race in a Los Angeles county election) and then announce exactly how they did it.
Of course, that would be wrong. And the government and media would probably focus on what a horrible crime had been committed and prosecute the hackers to the full extent of the law (perhaps adding some new provisions to the Patriot Act to allow even greater punishment of the offenders), thus drowning out the issue of how insecure and untrustworthy these machines are.
Instead, it'll be the black-hat hackers who compromise these systems. They'll do their best to cover their tracks. And they'll probably get away with it. All we can hope for is that they're incompetent, too, and that they'll mess up and get caught.
I just found out that the Diebold machines use Microsoft Windows as their OS. So even if you remove the wireless card and the ability to remove and change memory cards and firmware, you still have all the vulnerabilities of the world's most popular and insecure operating system. Unbelievable. What was behind the choice of Windows? Surely, more incompetence. No reasonably knowledgeable software system architect would ever make such a choice.
Sunday, February 15, 2004
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment