Sunday, September 7, 2008

Secure Voting

The thing about security is that it's an end-to-end property. Pick your concerns, pick your model, and pick your budget -- then get at it. The security community loves to analyze e-voting, but seems to forget one of its main mantras. In this case, a secure machine is irrelevant if it's part of an unsecure (social) network.
"They want you to think that there’s one problem, which is electronic voting and paper ballots. By the way, that’s also racial. You talk to white voter activists, they talk about computers. You talk to black voter activists, and they talk about suppressing the vote. I want to repeat: There were virtually no computer voting machines in Ohio, and that’s where they stole it. There were virtually no computer voting machines in New Mexico. That’s where they stole it. There were virtually no computer voting machines in Florida in 2000. That’s where they stole it." - Palast
Statistical analysis (and automated whistles) on systemic voter registration & redistricting manipulations would hopefully be as interesting as any sort of analysis of the machines themselves, especially given the threat model. This is done by third-parties on economic policies to facilitate day-to-day financial predictions -- given an increasingly (?) global practice of voting, doing so for democratic processes seems like a compelling task. We can detect auction fraud patterns, fake click-through rings, and puppet websites -- why not rampant voter manipulation? It's all public.

Disclaimer: I am aware of various attempts to do this -- the comment is primarily directed at the security research community as a whole. In addition, both political parties have a history in voter manipulation; it's an unsurprising and unsolved part of the process. Finally, we're at an interesting point in public record keeping: aggregate information on an individual is dangerous, yet also would be a big boost in our ability to automatically detect abnormalities.

No comments: