Internet voting advocates ignorant of software, says Simons

Tools

Advocates of Internet voting typically form their opinions without real knowledge of how software works, said Barbara Simons, a computer scientist and board member of VerifiedVoting.org. She gave an Aug. 8 talk to the research division of Microsoft (NASDAQ: MSFT); the company posted a webcast of her presentation online.

"They don't understand why when we say you can't find all the software bugs, you can't," Simons said.

An analogous public policy example of how software can permit inadvertent flaws that enable later malicious exploitation is the U.S. tax code, she said. Congress periodically approves well-intentioned updates to that complex system which, once implemented, "turn out to benefit a single company in ways that have not been anticipated before the update," she said.

Simmons also said that election officials can discount security risks such as insider threats--since they're insiders.

"When you mention insider threats, election officials sometimes get indignant, and think that we're accusing them of being criminal, which of course we're not," she said. But, there are all types of insiders, Simons noted. Anyone with access to the software code, or even just the computers running balloting software, can potentially throw an election.

Advocates also don't seem to connect the dots between news of highly sophisticated viruses such as Stuxnet and the possibility of cybersecurity flaws in Internet voting, she noted. Advocates in Canada don't even seem to have been deterred by their country's firsthand experience with Internet voting flaws, she said, citing a March distributed denial of service attack during a New Democratic Party leadership election held online.

"Throughout Canada there are towns and provinces that are still talking about having Internet voting. This seems to have gone over their heads," she said.

For more:
- watch Simons' Aug. 8 talk

Related Articles:
Denial of service attack mars Canadian party balloting
NIST: Internet voting not yet feasible
Internet voting not ready for elections, says DHS official
Small coding mistake led to big Internet voting system failure