Voting Heartburn over “Heartbleed”
Heartbleed is the latest high-profile consumer Internet security issue, only a few weeks after the “Goto Fail” incident. Both are recently discovered weaknesses in the way that browsers and Web sites interact. In both cases and others, I’ve seen several comments that connect these security issues with Internet voting. But because Heartbleed is pretty darn wicked, I can’t not share my thoughts on how it connects to the work we do in the TrustTheVote project – despite the fact that i-voting is not part of it. (In fact, we have our hands full fixing the many technology gaps in the types of elections that we already have today and will continue to have for the foreseeable future.)
First off, my thanks to a security colleague Matt Bishop who offered an excellent rant(his term not mine!) on Heartbleed and what we can learn from it, and the connection to open source. The net-net is familiar: computers, software, and networks are fundamentally fallible, there will always be bugs and vulnerabilities, and that’s about as non-negotiable as the law of gravity.
Here is my take on how that observation effects elections, and specifically the choice that many many U.S. election officials have made (and which we support), that elections should be based on durable paper ballots that can be routinely audited as a cross check on potential errors in automated ballot counting. It goes like this:
- Dang it, too many paper ballots with too many contests, to count manually.
- We’ll have to use computers to count the paper ballots.
- Dang it, computers and software are inherently untrustworthy.
- Soooo …. we’ll use sound statistical auditing methods to manually check the paper ballots, in order to check the work of the machines and detect their malfunctions.
This follows the lessons of the post-hanging-chads era:
- Dang it, too many paper ballots with too many contests, to count manually.
- We’ll have to use computers to directly record votes, and ditch the paper ballots.
- Dang it, computers and software are inherently untrustworthy.
- Oops, I guess we need the paper ballots after all.
I think that these sequences are very familiar to most readers here, but its worth a reminder now and then from experts on the 3rd point – particularly when the perennial topic of i-voting comes up– because there, the sequence is so similar yet so different:
- Dang it, voters too far away for us to get their paper ballots in time to count them.
- We’ll have to use computers and networks to receive digital ballots.
- Dang it, computers and software and networks are inherently untrustworthy.
- Soooo …. Oops.
– EJS