2008
Aug 
15

Unnecessary Measures

10:55  
 

Don’t forget to wear a condom.

http://www.xkcd.com/463/

The comic this morning on xkcd is a good example of arguments for and against electronic voting.

Read it. Careful though: it is funny, so the humorless fascists for whom you work may have blocked the site and also be in the business of firing anyone who tries to access it.

Regardless of that, it is a little ridiculous to have anti-virus software on a voting machine. A voting machine should probably not be network connected. If it is in fact network connected, then we shouldn’t have had the problems that we did with corrupted SD cards not having the voting data when needed. These things each indicate other problems as well.

First, if a voting machine is online, it is immediately insecure. All computers are prone to attack through either a network interface or by way of physical access to a machine. That said, some computers are more secure than others. Those computers used for high-profile applications—such as, I don’t know, off the top of my head, uh, VOTING—will of course be more delectable targets. So, possible operating principle number one: keep voting machines off-line.

Then, if a voting machine is off-line, why does it need virus protection software? The SD cards used for transporting data—the insecurity of which we will get to in a moment—should be checked for any virus or malware IMMEDIATELY BEFORE they are being placed into a machine. Ergo, there should never have been any need for virus protection software on these machines.

On to the point of XKCD this morning: What operating system is running on these voting machines and what is it doing? I am not sure, but I am just going to take a gander that is was Windows XP, or some-such. Now, Windows is known for: crashing, being-virus prone, being entirely insecure in the case of physical access to a machine, and a laundry-list of other fun things. Firstly, Windows should not be the operating system of choice for this application. There are more than enough compelling reasons to take that right off the table. Therefore, we should assume that there was a contract—read: set of payouts, kicks-backs, or other reward perks—involved between Premier Election Solutions (a.k.a. – Diebold) and Microsoft.

Let’s look at this again. Logically, so far, we have decided that: 1) voting machines should be using a secure, robust operating system, 2) voting machines should not be networked.

Or should they?

Is it secure to have votes stored in .xls (Microsoft Access) files and then transported on SD cards to a computer terminal by some flunkie (read: election official or Premier Election Solutions Employee) for transmitting over what one would hope are secure channels?

No, is the only answer to that question, by the way. PHYSICAL ACCESS to data is the point of least security. Swapping cards is just the easiest way to corrupt/alter the voting data.

The alternative: a networked voting machine which is connected to several sets of voting servers around the country—redundancy, in this case, is security, or at least accountability—via port/transport-encrypted connection protocols. The data is transmitted and tabulated at these central sites, plural. The data that is transmitted is stored on a separate physical disk from the operating system. That disk is encrypted and, if it is an SD card, there is no physical access to it—like a slot that it plugs into. Screwdrivers with weird noses are in order if you want it out.

When the data is transmitted, it can be in the form of an encrypted binary image of the disk. This is more secure than an .xls stored on an SD card. All of this will happen when the decentralized server farms call the data in at the end of the election. Also, at the end of the election, a printout could have a per-transaction list of the data received from the voters at each site. There are a number of ways to maintain the anonymity of the voters. Remove names, randomize times, etc. This printout would also be output electronically so that it can be stored for checking results, if there is a dispute.

Votes are tabulated/reported faster. The security is better—though only as good as its worst implementer. Everyone goes home happy-ish. Or at least as happy as they were before the election.

Back to the original topic: virus software. Here’s a fun thing: often, these days, viruses are written to attack and corrupt the virus protection software itself. Like real-world pathogens, they have adapted to attack the defenses first, and then go for the soft belly. So, if your computer is riddled with viruses, start over. This time, don’t use the virus software. Just use a malware detector like Spybot – Search & Destroy. In the distant past, when I still bothered with Windows, this was my virus-protection scheme, and it worked like a charm. My dad has been doing the same thing for years, and it works like a charm.

Again, back to the original topic: voting machines should not have Windows on them. Neither should servers. Linux is working all over the computing world on servers and in embedded devices for applications which require a great deal of security and require the OS to be robust—i.e. – not crashy. It comes in all sorts of flavors. It is scalable, customizable, and the source code is open. In other words, the kernel—most basic part of the operating system—can be fully customized to run exactly what is needed in the hardware, which also limits security gaps. It is also good at all the things that we talked about above: transport encryption, disk encryption, complicated networking schemes, redundancy, binary image backups. It also doesn’t have that nasty habit of crashing and dying forever. If it crashes, it can reboot, and it will be fine. This can even happen automatically since parts of the system can be restarted without your ever having to know about it in a user interface.

I don’t want to sound like an evangelical Linux user, but I am. And I will also admit that Linux is not for everyone—a statement that I do not fully believe, but which I will allow at present. It is however, perfect for an application like running voting systems. Even if you ran a Linux system comparable to what is running now on these silly machines, the problems would scale back immediately.

So, take that for what it’s worth. I felt that the comic was funny, but might need a little further explanation. There you go.

Oh yah, disclosure: This post was written from a laptop running an unnecessarily secure Ubuntu install, backed up on a server in my house running Debian and transmitted to the internet via a router running the Linux-based DD-WRT to a—you guessed it—Linux web-server share running WordPress. This blog post is delivered to you using only open-source operating systems and applications on our end. I can’t vouch for what you used to view it, but if you used Firefox, it’s a step in the right direction.