Create an Account
username: password:
 
  MemeStreams Logo

My letter to the IEEE.
search
Home Agent Weblogs Social Network Post Help About

Decius
Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
   Sci-Fi/Fantasy Films
  Music
   Electronic Music
Business
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Management
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Parenting
Miscellaneous
  Humor
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   SF Bay Area
    SF Bay Area News
Science
  Biology
  History
  Math
  Nano Tech
  Physics
Society
  Economics
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
Sports
Technology
  Computer Security
  Macintosh
  Spam
  High Tech Developments

support us

Get MemeStreams Stuff!


 
My letter to the IEEE.
Topic: Politics and Law 2:54 pm EDT, Sep 21, 2003

I submitted this letter on the EFF's website. If you want to reference my letter in composing your own, please do so, but don't include my words without attribution as it will reduce the impact of my comments.

I'm an information systems security professional. I work as a software engineer at a well known internet security software vendor. Prior to that I spent many years designing secure network infrastructure for Internet connected computer systems. I've been an IEEE member for 10 years (member number: XXXXXXXX). I'm writing to express concern with the IEEE electronic voting standards process (SCC38/P1583).

Recently there has been a great deal of public discourse about the security of electronic voting technologies. Unfortunately, this has been a very muddied process. We have, on the one hand, technology vendors and elections systems officials who have a vested interest in dodging questions about systems that have already been built and deployed. Furthermore, these vendors and officials are used to hearing uninformed luddite objections whenever new technology has been applied to the voting process. On the other hand, we have activists who don't always understand what they are talking about. However, in all of the noise and drama surrounding this issue there have been a number of serious questions with real technical merit raised by security professionals, and I feel that industry and elections officials have found reasons to dismiss these objections without giving them serious consideration.

In listening to elections officials in my home state (Georgia), I found that their primary concern in deploying electronic voting equipment has been to reduce the workload involved with counting votes. These officials do not understand how difficult it is to develop information systems that are secure against manipulation from well funded adversaries, and they do not understand how the way that they use the systems vendors have supplied impacts the security of those systems. Furthermore, they seem uninterested in hearing from professionals outside of one individual professor in the local university system who they have designated as a trusted advisor.

In asking the IEEE to help develop standards for electronic voting systems, Congress has entrusted the organization with the role of providing a technical voice of reason in all of these discussions. Unfortunately, the IEEE has an extremely poor track record when it comes to information security standards. The recent 802.11* standards have had very poor security qualities, and these standards processes have moved forward for years without soliciting input from security professionals. (Only in the past few months have I heard, anecdotally, that they have started to reach out to people who have been breaking their security techniques for years.)

It is absolutely essential that the standards that this committee produces include very tight security requirements. I haven't read the draft standard (because you are asking for nearly $100 for members to read the draft), however the security section of the draft is available for free on the committee's website. While I haven't done an in-depth analysis of this document, one flaw jumped out at me immediately:

"Voting systems that use electromagnetic (wireline or wireless) or optical (open air or fibre optic) transmission of data shall ensure the integrity of all transmitted data. This shall include standard transmission error detection and correction methods such as checksums or message digest hashes."

Checksums are an inexpensive way to check the integrity of a transmission in simple telecommunications applications, but they not a reliable data integrity technique when one is concerned about malicious manipulation of data. It is possible to change the contents of a message without violating a checksum. As checksums are not cryptographically authenticated, anyone who can change a message can usually change it's checksum. Furthermore, improper use of checksums within encrypted data has been used as a vector for cryptanalysis of poorly designed protocols.

This is just a simple example. There are many other questions that might be asked about this document. A few examples:

Why allow voting systems to operate in an environment shared by other data processing applications when dedicated hardware is so inexpensive? Are the restrictions on network connections complete enough? Why is there no discussion of programming techniques used to prevent memory management ("buffer overflow") vulnerabilities? Why not have more specific requirements for authentication of voting system administrators? Why is there no discussion of the security of features which maintain the anonymity of voters?

In sum, I think that the IEEE ought to solicit analysis from at least three well know academic computer scientists who specialize in the field of computer security and have published works in the electronic voting systems space. Any recommendations ought to be made available to the public and they ought to be taken seriously. The integrity of our democracy depends on it.

Thread [1]


  
 
Powered By Industrial Memetics		RSS2.0