SAN FRANCISCO, Calif. -- Hackers finding flaws, vendors reacting with threats: The relationships between security researchers and voting machine makers resemble the early days of the PC industry and that's not good, e-voting experts said at the RSA Security Conference on Thursday.
Computer scientists and academic security researchers have managed to find numerous and serious holes in the security of electronic voting systems in the past decade, despite the assurances of voting system makers that their machines are secure. It's no surprise then that rather than fostering a partnership between the hackers and the vendors -- as Microsoft managed to do over the past decade -- voting machine makers continue to be hostile to those that find vulnerabilities. That lack of a relationship has to change, a panel of five electronic voting experts told attendees.
"There is so much distrust between the academic community and the vendor community, that no one is working together," said Alec Yasinsac, associate professor of computer science at Florida State University. "I think it is essential for the vendor community to step up and engage the academic community."
A major issue with most electronic voting machines is that there is no way to do a software-independent audit of the election results. In the 2006 midterm elections, many states took extra security precautions after researchers found that Diebold's election systems contained a serious flaw. Another election system failure may have resulted in a loss for the Democratic challenger in a contest for one of Florida's seats in the U.S. House of Representatives, when the configuration of the electronic ballot likely resulted in a large number of people in a Democratic-leaning county failing to vote.
Given their history, vendors and researchers have their work cut out for them in creating a amicable relationship, said panelist David Wagner, an associate professor of computer science at the University of California at Berkeley.
"Voting system vendors are, today, where Microsoft was ten years ago," Wagner said.
And for Microsoft, it required a strong commitment from its CEO Bill Gates and hundreds of millions of dollars to better secure its software.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos