Sunday, July 20, 2008

Warning: This Product Is Hazardous To Your Freedom

Voting activist, blogger and citizen journalist Rady Ananda is a senior editor at OpEdNews and Executive Director for Re-media Election Transparency Coalition. Here she and Andi Novick have assembled the " Top shelf, the crème de la crème, the most succinct, in-plain-English, best quotes by computer security experts."

Warning: This Product Is Hazardous To Your Freedom

by Rady Ananda and Andi Novick

Originally posted at OpEdNews.

For full quotes and citations, see Debunking Pre-Election Testing Myths or read the 50+ reports listed in this bibliography.

"...testing to high degrees of security and reliability is from a practical perspective not possible."

"...insufficient to guarantee a trustworthy election."

"... provides the opportunity for new kinds of attacks, from new kinds of attackers."

"An attack could plausibly be accomplished by a single skilled individual with temporary access to a single voting machine. The damage could be extensive – malicious code could spread to every voting machine in polling places and to county election servers."

"..., numerous studies have shown that currently deployed voting systems are susceptible to undetectable malicious attacks....”

"Malware in a voting system could be designed to operate in very subtle ways.... be inserted at any of a number of different stages ... from the precinct all the way back to initial manufacture - and lie in wait for the appropriate moment."

"This is a classic computer security problem. Whoever gets into the machine first wins. So if the Trojan horse software is in there first, you ask it to test itself -- it will always lie to you and tell you everything is fine.”

"There would be no way to know that any of these attacks occurred…”

"...'logic-and-accuracy testing' ... will never be comprehensive; important flaws will always escape any amount of testing."

"The current certification process may have been appropriate [with] a 900 lb lever voting machine ...But software is different. ..[Y]ou cannot certify an electronic voting machine the way you certify a lever machine.... [W]e absolutely expect that vulnerabilities will be discovered all the time....”

"... A certification system that requires freezing a version in stone is doomed to failure because of the inherent nature of software."

"... vulnerability of the system to malware infection and manipulation. ... large possibility that they could implement malicious programming (malware) into the system with little chance of detection. ...could likely spread from component to component throughout the system.”

"... the lack of capability to detect and report potential malware attacks against the system makes it the single largest threat."

Authors' Note:

Do we really want to vote on this "crap?"