Computerized voting not secure


OK, I'll admit, I wasn't surprised to read the article from the New York Times yesterday about computerized voting machines and the ease with which they could be subverted.

Software is the basic problem, and the experts who looked at it say that it is not to be trusted.

In a scathing report, three researchers from the Information Security Institute at Johns Hopkins University and another researcher from Rice University have claimed that the source code reviewed contains flaws that would allow multiple-voting and the access to administrative functions by individual voters.

The analysis was made possible because of an accidental release of source by Diebold, a voting machine manufacturer (that also makes ATMs).

In the end, the suggestion is that voting technology, like cryptography, is much safer when everything is disclosed (including source code). The idea is that the source code will not remain secret (this is an excellent example) and that security through obscurity does not work.

To add insult to injury, the manufacturer indicated that it was likely many of the bugs had been fixed, but another researcher (who worked as a state election official in Iowa over five years ago) claimed to have reported many of these bugs to the company at the time.