The abolition of democracy in the US

[ciphergoth]

The SERVE system might appear to work flawlessly in 2004, with no successful attacks detected. It is as unfortunate as it is inevitable that a seemingly successful voting experiment in a U.S. presidential election involving seven states would be viewed by most people as strong evidence that SERVE is a reliable, robust, and secure voting system. Such an outcome would encourage expansion of the program by FVAP in future elections, or the marketing of the same voting system by vendors to jurisdictions all over the United States, and other countries as well. However, the fact that no successful attack is detected does not mean that none occurred. Many attacks, especially if cleverly hidden, would be extremely difficult to detect, even in cases when they change the outcome of a major election. Furthermore, the lack of a successful attack in 2004 does not mean that successful attacks would be less likely to happen in the future; quite the contrary, future attacks would be more likely, both because there is more time to prepare the attack, and because expanded use of SERVE or similar systems would make the prize more valuable. In other words, a "successful" trial of SERVE in 2004 is the top of a slippery slope toward even more vulnerable systems in the future.

-- conclusion (g) of "A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE)", Dr. David Jefferson, Dr. Aviel D. Rubin, Dr. Barbara Simons, Dr. David Wagner (emphasis mine)

Update: BBC News story indicating that for the Department of Defence, doing the impossible is all in a day's work, coverage in SFGate, New York Times, Slashdot.

Comments

Re: can't we all just pretend it works?

[ciphergoth.livejournal.com]

What part of the industry do you work in? Specifically electronic voting? It's all pretty worrying - I don't think I'm being entirely alarmist with my article title...

yanking my chain from across a continent and an ocean

[webcowgirl.livejournal.com]

Alas, your title is too, too accurate. It's so embarassing that the process of having our voting (and other civil) rights raped to nothingness in front of us is so incredibly visible to the rest of the world. The only thing more embarassing is listening to my fellow sheep-like citizens making statements like,"Why do I need to worry about the government tapping my phone lines? It's not like I have anything to hide." And they are of course pretending that everything is just fine, because that makes it easy for them to lead television-centered lives and worry about losing weight and whether or not Michael Jackson is going to go to jail. Seriously ... that is the American electorate, most of whom don't vote anyway.

I don't like to be specific about where I work in LJ as I consider it a too transparent forum (although I violated this dictum before I got this job - not thinking it would come through - proof of which can be found in earlier months).

I live in Seattle. I do software quality assurance, mostly for internet companies, never for The Borg. I could be much better at my job, as is made abundantly clear by a lot of the stuff I read through your journal. One of the big voting companies is in the locale, but I don't work there, although this is a damn small community (at least in QA) and I know folks almost everywhere. Just trying to make sure stuff is secure at my own company is plenty of work, although it's not what I'm specifically tasked with. Amusingly enough, I'm doing this work with the peculiar skills granted by years of studying political philosophy - giving me no talent at SQL server administration but plenty at getting a head of steam over the state of the real world.

If you want any more specifics, feel free to contact me off-LJ. And apologies for the horrible grammar and spelling errors in my original response - as a QA person I'm ashamed to see so many in just one post.