Home > Uncategorized > Security in eVoting Systems Will Become Considerably Better

Security in eVoting Systems Will Become Considerably Better

This blog covers the third of ten predictions regarding events and trends that I have foretold will occur in 2008, namely that:

3. Vendors of eVoting systems will greatly improve the out-of-the-box security of their products to the point that they will be widely deployed with far less concern for their security than has surfaced so far.

In an earlier blog I discussed security in eVoting machines, saying in essence that there has been a marked improvement in the out-of-the-box security of these machines. One of the main reasons for this improvement is the fact that states such as California and Maryland have had such serious security-related concerns with some of these systems that they have refused to allow certain vendors’ products to be used in upcoming elections. Countries such as Ireland have pronounced eVoting machines insufficiently secure and reliable to be used in elections.

Whereas eVoting machine vendors initially leveled fierce counterattacks against anyone who raised security concerns about their products, the vendors could not withstand the constant discovery and announcement of serious security-related vulnerabilities in their products. The University of California research team led by Dr. Matt Bishop produced extremely compelling findings earlier this year that in many ways represented the culmination of proof that security in eVoting machines is badly flawed; they found numerous ways that perpetrators could defeat or bypass security in eVoting machines to manipulate election results. Vendors have thus really been left with no other choice but to attempt to improve the security of their products.

Significant change never comes overnight, and eVoting system security is no exception. Security flaws are still being found in eVoting systems; this trend is not likely to go away. What has changed, however, is that eVoting systems that were not certified or that were decertified for use in elections only a few years ago are now starting to be certified for such use. News concerning discovery of new vulnerabilities in these systems also seems to be less commonplace.

Before I close, I feel compelled to recognize an individual who pioneered the effort to identify security-related flaws in eVoting systems and to educate the US government and the public about them—Dr. Avi Rubin, professor of computer science at Johns Hopkins University. He persisted in his efforts even though there was little or no personal gain in store for him and despite numerous death threats. Secure eVoting systems are starting to be reality, not an impossible wish, and Dr. Rubin deserves a great deal of the credit.

Categories: Uncategorized Tags:
  1. No comments yet.
  1. No trackbacks yet.
You must be logged in to post a comment.