March 19, 2004
Many voting precincts are moving to electronic voting machines before the security issues are fully understood. We had a chance to examine the source code in one widely used machine and found it highly lacking in security and easily subject to tampering. There are ways to mitigate the insecurity in voting machines. One way is to provide a voter verifiable paper trail, and to have surprise recounts comparing the paper tally to the electronic one. We will discuss other mitigation strategies as well and explain why it is so difficult to design a fully electronic voting system that is secure. I was also on the government formed external security review committee for SERVE, designed for military and overseas civilians to vote over the Internet. We published an analysis of the security problems with the system and I will discuss these in the talk.
Dr. Avi Rubin is Associate Professor of Computer Science and Technical Director of the Information Security Institute at Johns Hopkins University. Prior to joining Johns Hopkins, Dr. Rubin was a research scientist at AT&T Labs. He is author of several books including Firewalls and Internet Security, second edition (with Bill Cheswick and Steve Bellovin, Addison Wesley, 2003), White-Hat Security Arsenal (Addison Wesley, 2001), and Web Security Sourcebook (with Dan Geer and Marcus Ranum, John Wiley & Sons, 1997). Dr. Rubin is Associate Editor of ACM Transactions on Internet Technology, Associate Editor of IEEE Security & Privacy, and an Advisory Board member of Springer's Information Security and Cryptography Book Series. He serves on the board of directors of the USENIX Association and on the DARPA Information Science and Technology Study Group. Dr. Rubin received BS, MSE and PhD degrees from the University of Michigan in Ann Arbor.