Vulnerabilities in the Ohio Voting System

One of my readers (yes I actually have at least one that’s not related or an outside friend) pointed out an article that he was working on that has been picked up by the media.

The issue it seems is in the method that Ohio ballots are marked and recorded. While I will give you the links to the technical side of this type of attack, the results are tragic in the face of democracy.

Our system of government relies on a secret ballot. Some people have no problem sharing who and what they are voting for. Others however feel undo pressure from peers if someone else knows how they may vote on unpopular issues. For example, that property tax hike that you campaigned against for months and invested time and money in fighting, well you could go down and see all the people who voted for it after it passed. Some less scrupulous people could use this information to harass the voters that passed it. After this harassment has taken place there will be more outside forces that can cause that voter not to vote their conscience the next time.

Since this is one of those rare opportunities where you can ask the person that discovered this bug (he e-mailed me first) I sent this back to him

“…..I’m just curious what your thoughts are on how to fix this hole?

Do you wish them not to record time stamps or not to have a paper trail? Do electronic voting machines have several known vulnerabilities that can lead them to manipulation? I can see that you would rather have a ballot form of the paper trail since these could theoretically be mixed up so you can’t them orderly, but at the same time, the anonymity is only going to be aggregate to the amount of data you collect. In other words, in small election turnouts, it will be easier to decipher who voted in which way than in a large voter turnout.

An easy immediate step to help ensure the security of these records without the additional cost of voting machines would be to have the pollsters record the voting numbers randomly instead of orderly without time stamps since we only really need to verify they are eligible and do not need to record which order they came in to vote accurately…….”

A few hours later (we all have day jobs) he sent me this response:

“…I still see electronic voting as superior to hand-counted ballots. My opinion on the details changes 😉 but currently, I would like to see implemented

  • separation of ‘vote’ and ‘event’ logs (similar to ES&S’s Unity database)
  • sorting of ‘vote’ logs by content, rather than a deceptively insecure [pseudo]random sequence….”

I have some personal issues of course with electronic voting machines and while I’m not going to put in the complete exchange we discussed here is the relevant part of my reply.

“……I’ll agree that electronic voting machines are superior, especially in the amount of time to tally the votes and accuracy. The thing I would like to see implemented is an open-source approach to the code (I’m not a Linux zealot as most of my computers are Windows) as this can have verified security through the process of code review. The main coders would just have to publish the code but maintain all changes by the in-house programmers after suggestions of a code review – since it would not be advisable to take custom code in from normal coders – the maintainers would still be accountable for accuracy and reliability.

The next thing would be a split printer paper trail where it could maintain one copy for archival purposes and possible manual tallying to verify votes were counted accurately by the computer and a mirrored copy that would be printed out for the voter to verify the accuracy of their vote. While there would need to be a mechanism for the archival copy to be destroyed if the voter decided to change their vote or found an inaccuracy in their printed ballot – this for the most part would be a trivial proposition of an enhanced paper tray.

But all in all, I agree with you – of course for Ohio vulnerabilities the intern that took the backup home on a flash drive full of public records as the states way of maintaining off-site records is a far worse exposure than I hope can be corrected along with the voting issue……”

Now, this is something that really needs to be addressed quickly. It does not affect all Ohio counties but please pressure your officials to make sure that you are not using the type of equipment that can cause this exposure to your private data. In the end, your privacy is all you have that will truly always be yours.

Here is a link to Jim’s site

A link to the C|NET article

Ed Felton’s view at Freedom to Tinker