By Brent T. Yonehara
Undoubtedly, the right of suffrage is a fundamental matter in a free and democratic society. Especially since the right to exercise the franchise in a free and unimpaired manner is preservative of other basic civil and political rights, any alleged infringement of the rights of citizens to vote must be carefully and meticulously scrutinized.[1]
INTRODUCTION
In Reynolds, the Court held that state legislative districts had to be drawn with roughly the same populations.[2] Although Reynolds is a seminal voting rights decision prohibiting geographic discrimination in violation of the Equal Protection Clause, it has applicability to contemporary usage of technology in electronic voting machines.[3] In the 2008 presidential election, a thousand votes were “lost” in Ohio as a result of a voting machine software glitch.[4] Elections officials could not verify over 12,000 votes in New Mexico in 2002.[5] A similar incident occurred in Nevada.[6] These software-based electronic voting machines are known as Direct Recording Electronics (DREs).[7] Security has been a widely discussed topic among DREs since 2000.[8] DREs’ security issues directly hinder a voter’s ability to vote.[9] As such, these mechanisms need careful and meticulous scrutiny. Part II discusses more in depth the security issues surrounding DREs. Part III discusses the role of software practitioners in resolving some of these security issues. Part IV concludes with a cautionary note that software industry professionals can play a role in ensuring everyone’s vote is protected and sacrosanct.
SECURITY ISSUES
Not all technology actually makes our lives easier.[10] It is fairly simple to conduct man-in-the-middle attacks and hacking of, and malicious code release within, DREs.[11] Security is an absolute necessity in voting systems.[12] Without it, a vote becomes meaningless or trivial, like an informal office party tally or a non-scientific social media poll.
Several commentators have revealed deep flaws in the security of DREs. Man-in-the-middle attacks, where a microprocessor is implanted into a machine and a vote is then externally controlled, are possible.[13] Reverse engineering and hacking on voting machines have also been conducted in order to expose their security vulnerabilities.[14] These modulated hacking exercises have indicated that DREs are extremely vulnerable to mischief.[15] Vote-stealing and denial-of-service attacks could be implemented.[16] Vote-stealing would move votes from one candidate to another; denial-of-service would render the DRE unusable on Election Day.[17] Tampering with the hash tables within the DRE software – specifically, by rewriting Candidate class’ hashCode() and equals() methods, two candidates would be merged as one; thus, votes for either would be ordered for a single candidate.[18] Also, through manipulation of command-line options, a machine could have authenticating communications disrupted, thereby disabling that machine.[19]
Malicious code can also be introduced into the DREs, through either lax measures pre-election storage of the devices or surreptitious day-of-election activity.[20] Malicious code, like viruses or Trojan horses, could be released on one machine through rather mundane software upgrades via a memory card; as the technician moves from machine to machine, the code is introduced to each successive machine.[21] All of these scenarios would eviscerate the voter’s intent and undermine electoral integrity.
ROLE OF SOFTWARE PRACTITIONERS
No right is more precious in a free country than that of having a voice in the election of those who make the laws under which, as good citizens, we must live. Other rights, even the most basic, are illusory if the right to vote is undermined. Our Constitution leaves no room for classification of people in a way that unnecessarily abridges this right.[22]
In a vigorously contested election, a vote is a precious commodity.[23] Deliberately tampering with the voter’s intent undermines that the preciousness of that vote for both voter and candidate. As the first line of defense, software practitioners are in a critical role to resolve these security issues surrounding electronic voting machines.[24] Software practitioners, through their understanding and expertise of software as a profession, can use this erudition to shepherd the design, development, testing, and maintenance of DREs.[25] Because the software engineering process is a highly convoluted, and technically complex, it requires people from divergent professions to build a system that can deftly protect the vote but also malleably work with different electoral jurisdictions’ rules.[26] A software professional is the only one capable of possessing both understanding of the technical requirements for a machine and the more disparate policy requirements of election laws.[27] In their role as project manager, software practitioners can advocate for changes to electronic voting laws around the country, which can, unlike other industries like cars and airplanes that must report to a governmental agency, have regulatory oversight over DREs.[28]
Lax security practices at the voting machine manufacturer’s assembly and distribution site, as well as insufficient security during storage of these machines are also contributory weaknesses in which an opportunity is opened to create mischief into the electoral process.[29] One commentator observed that the entire DRE software, including the BIOS, bootloader, OS, and applications could be tampered with by an erstwhile cyber-terrorist.[30] This same commentator has proposed security architecture designed to validate DREs prior to Election Day.[31] This security validation could be implemented on DREs by the poll workers.[32] If based on validation there is evidence of tampering, the machine could be taken off-line before the poll doors open for elections.[33] This commentator, and other commentators like him, could use their knowledge and expertise to work with state elections officials, as well as DRE manufacturers to implement such security architecture.[34]
Conducting paper audit trails correlative with each DRE use during an election is also recommended.[35] Additionally, stricter software engineering processes within voting machine companies are needed; as a group, software engineers within these companies should advocate for these more rigorous processes in order to prevent malicious code releases within DREs.[36] In one incident, a Linux kernel hacking job was caught before the modification into the final voting system when the hack was processed by higher levels of scrutiny during the engineering process.[37] These incidences, though, are not typical, and illustrate areas of improvement which software practitioners can play a more potent role.[38]
CONCLUSION
In Reynolds, Chief Justice Warren wrote “[t]o the extent that a citizen’s right to vote is debased, he is that much less a citizen.”[39] Numerous commentators have reported that DREs were susceptible to man-in-the-middle and denial-of-service attacks, malware infiltration, and hacking.[40] As long as there are security issues with DREs, the cherished right to vote – upon which countless people throughout history have died fighting to achieve – will continue to be undermined in what should be the most tech-friendly country in the world. While neither blame nor responsibility rests on their shoulders, software practitioners must use their professional expertise to assist in resolving these issues. It is best to have software patches and architectures handled by software engineers rather than politicians and policy wonks. As one commentator puts it, until changes are made to the design, development, and testing of DREs, the “very core of our democracy is in danger.”[41] He is absolutely right.
By Brent Yonehara. Originally published at: http://yonaxis.blogspot.com/2014/02/voting-machines-security-and-role-of.html (Feb. 15, 2014).
[1] Reynolds v. Sims, 377 U.S. 533, 561-62 (1964).
[2] Id. at 572-73.
[3] See Kim Zetter. Report: Voting machine errors highlight urgent need for U.S. database. Wired. Retrieved Jan. 3, 2014 from <http://www.wired.com/threatlevel/2010/09/voting-machine-database/> (Sept. 10, 2010, 10:15 AM).
[4] Id.
[5] Id.
[6] Id.
[7] See Ryan Gardner, Sujata Garera, & Aviel D. Rubin. On the difficulty of validating voting machine software. 2007 USENIX/ACCURATE Electronic Voting Technology Workshop (EVT ’07). Retrieved Jan. 3, 2014 from http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.119.9233&rep=rep1&type=pdf> (Aug. 2007).
[8] Id.
[9] See generally Steve Ragan, IT Security When Protection Becomes Prohibitive, Slashdot. Retrieved February 13, 2014 from http://slashdot.org/topic/bi/it-security-when-protection-becomes-prohibitive/ (January 28, 2013) (hypothesizing that security as a business measure is slowly killing work productivity and innovation, and is, in a much larger sense, a “cloud” for the modern world as a whole).
[10] See e.g. David Berlind, For All the Good It Does, Technology Often Fails Us in Big Ways, ZDNet, <http://www.zdnet.com/blog/btl/for-all-the-good-it-does-technology-often-fails-us-in-big-ways/2237> (Retrieved Feb. 13, 2014) (arguing the government is using Big Brother-like use of technology to invade our privacy); Ivan Babovic, New Technology is Not Always a Good Thing, UN Special, <http://www.unspecial.org/2012/06/new-technology-always-good-thing/> (Retrieved Feb. 13, 2014) (positing that some new technology is sometimes bad business decision-making).
[11] See Roger Johnston (as told to Suzanne LaBarre). How I hacked an electronic voting machine. Popular Science. Retrieved Jan. 3, 2014 from <http://www.popsci.com/gadgets/article/2012-11/how-i-hacked-electronic-voting-machine>. (Nov. 5, 2012); Gardner et al., supra at note 7; Jonathan Bannet, David W. Price, Algis Rudys, Justin Singer & Dan S. Wallach, Hack-a-Vote: Security Issues with Electronic Voting Systems, 2 No. 1 IEEE Sec. & Priv., 32; Ariel J. Feldman, J. Alex Halderman & Edward W. Felten, Security Analysis of the Diebold AccuVote-TS voting machine. 2007 USENIX/ACCURATE Electronic Voting Technology Workshop (EVT’07). Retrieved Jan. 3, 2014 from <https://www.usenix.org/legacy/events/evt07/tech/full_papers/feldman/feldman_html/> (Aug. 2007).
[12] See Feldman et al., supra note 11.
[13] See Johnston, supra note 11.
[14] See Bannet et al., supra note 11, at 32; Feldman, supra.
[15] Id.
[16] See Bannet et al., supra at 34.
[17] Id.
[18] Id.
[19] Id. at 34.
[20] See Feldman et al., supra.
[21] See Bannet et al., supra at 34; Feldman et al., supra.
[22] Wesberry v. Sanders, 376 U.S. 17-18 (1964).
[23] See e.g. Editor, Colorado’s Undecided Voters Are a Hot Election Commodity, KUOW.ORG, Retrieved February 13, 2014 from < http://kuow.org/post/colorados-undecided-voters-are-hot-election-commodity> (Oct. 2, 2012, 12:33 AM).
[24] See Bannet et al., supra at 34.
[25] See Anthony Lonergan. Dependability of electronic voting machines, p. 42. Retrieved January 3, 2014 from <http://core.kmi.open.ac.uk/download/pdf/10851634.pdf> (Aug. 2007); Zetter, supra note 3.
[26] Id.
[27] Zetter, supra.
[28] Id.
[29] Gardner et al., supra.
[30] Id.
[31] Id.
[32] Id.
[33] Id.
[34] Id.
[35] See Bannet et al., supra at 36.
[36] Id.
[37] Id.
[38] Id.
[39] Reynolds, at 567.
[40] See Bannet et al., supra at 34-35.
[41] See Davide Balzarotti, Greg Banks, Marco Cova, Viktoria Felmetsger, Richard Kemmerer, William Robertson, Fredrik Valeur & Giovanni Vigna, Are Your Votes Really Counted? Testing the Security of Real-world Electronic Voting Systems, Proc. of the 2008 Int’l Symp. Soft. Testing & Anal., pp. 237-248. ACM. Retrieved January 3, 2014 from <http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.156.1894&rep=rep1&type=pdf> (Jul. 2008).