Information Technology Reference
In-Depth Information
Avi Rubin
Dr. Avi D. Rubin is a professor of computer science and the tech-
nical director of the Information Security Institute at Johns Hop-
kins University. Professor Rubin directs the NSF-funded ACCURATE
center for correct, usable, reliable, auditable, and transparent elec-
tions. He is also a cofounder of Independent Security Evaluators
(www.securityevaluators.com)
, a security consulting firm.
Dr. Rubin has testified before the US House and Senate on multiple
occasions. In January 2004,
Baltimore Magazine
named him Baltimorean
of the Year for his work in safeguarding the integrity of our election
process. He is also the recipient of the 2004 Electronic Frontier Foundation Pioneer Award.
Professor Rubin is author of several books, including
Brave New Ballot
(Random House, 2006),
Firewalls
and Internet Security,
second edition, with Bill Cheswick and Steve Bellovin (Addison-Wesley, 2003),
White-Hat Security Arsenal
(Addison-Wesley, 2001), and
Web Security Sourcebook,
with Dan Geer and
Marcus Ranum (John Wiley & Sons, 1997). He is associate editor of ACM
Transactions on Internet
Technology,
associate editor of
IEEE Security & Privacy,
and an advisory board member of Springer's
Information Security and Cryptography book series.
The Pacific Research Institute maintains that DRE voting machines are more secure than
traditional paper ballots, which they say can be tampered with by elections officials.
Presumably you disagree with their assertion?
I agree with them that paper ballots can be tampered with. I also believe that for an unsophisticated
attacker, it is probably easier to tamper with paper ballots than with the election results in DREs.
However, there are several reasons why I think the use of DREs poses a bigger threat to the integrity
of an election than paper ballots do. First, tampering with paper ballots is more likely to be detected
than tampering with software or electronic ballots. Second, if someone were to rig the software in a
DRE, that could impact ballots in thousands of places, while tampering with paper ballots has to occur
on a retail level, increasing the exposure for the attacker. But perhaps my greatest concern is that an
accidental bug in a DRE could result in the wrong election results being reported, without anyone ever
knowing it. Since paper ballots are not software based, an analogous threat does not exist for paper
ballots.
Proponents say that DRE voting machines eliminate errors that have plagued other
voting systems. Two common examples: punched cards can have “hanging chads,” and
paper ballots can't prevent a voter from accidentally voting for two candidates. Do these
benefits outweigh the potential risks?
The hanging chad is a problem related to punch-card systems, not paper ballots in general. I think
punch-card systems should no longer be used. Optical scan technology, a different form of paper
ballots, does not suffer the same problems. There are also systems that avoid voter error problems
such as voters voting for two candidates when they are only allowed to vote for one. For example, in
precinct scanners, the scanner can spit out a ballot that is marked incorrectly, giving the voter a chance
to fix it. There are commercial scanners that do this. Furthermore, ballot-marking machines, where
voters mark the ballot on a touch screen but then a paper ballot is printed and fed into a scanner, do
not suffer from any of these problems.
