Security considerations for remote electronic voting over the internet by avi rubin. Avi rubin computer security expert avi rubin is a professor of computer science and director of the health and medical security lab at johns hopkins university. Electronic voting system is vulnerable to tampering. In section 4 avi rubin considers the feasibility of remote voting, especially when taking into account the current state of the art of platform and internet security or, more accurately. Build a secure online election for free election runner.
Computer scientist avi rubin talks about the plusses and minuses of electronic voting. Premier election solutions, formerly diebold election systems, inc. The challenges of digital voting scientific american. Software glitch in novembers election in virginia advanced voting solutions touchscreen machines voters in three precincts reported that when they attempted to vote for thompson, the machines initially displayed an x next to her name but then, after a few seconds, the x disappeared. Only alaska allows any voter to cast a ballot across the net, according to verified voting.
Evoting critic avi rubin talks about the inherent weakness of software, the critical need for audit trails and the perfect storm of the 2000. Electronic voting evaluating the threat and paper v. The battle to safeguard democracy in the age of electronic voting random house. Security considerations for remote electronic voting over the internet. Jul 25, 2003 then, even an ordinary voter could cast more than one vote for a candidate at a polling place that uses this electronic voting system, said avi rubin, technical director of the information. Critics say that with just weeks to go before the election, some serious flaws in electronic voting systems. A partial transcript of the interview in ieee security.
Avi s primary research area is computer security, and his. May 15, 2006 diebold has had a more turbulent relationship with states and security experts over e voting. Its an interesting read and exposes some potential security problems with electronic voting. December 16, 2005 a couple of weeks ago, i spoke at a voting system testing summit hosted by the secretary of state of california, bruce mcpherson.
Issues and research agenda, by internet policy institute, march 2001. Elections, computer security, and electronic voting. University researchers criticize electronic voting. Open source is necessary but not sufficient for trustworthy systems, said rubin, a computer science professor at johns hopkins. I think this country adopted electronic voting before some of the hard problems were solved, rubin said in an email. Pdf the business of electronic voting researchgate. His research is focused on the security of electronic records including medical and voting records. The software believed to be at the heart of an electronic voting system. Rubin puts it this way, this was one of the most in. Critics say that with just weeks to go before the election, some serious flaws in.
With a few test elections under our belt, we were totally sold. The first person to expose the vulnerabilities of electronic voting in his book brave new ballot. Some versions of electronic voting software could allow for ballot fraud on a massive scale, computer security researchers say. In the debut episode of the silver bullet security podcast, gary talks with avi rubin, professor of computer science and technical director of the information security institute at johns hopkins university.
Avi rubin, professor of computer science at johns hopkins university and. Get started with doodles free online voting software. Security criteria for electronic voting by peter g. Creating an online voting poll with doodle takes just a few simple steps. Rubin puts it this way, this was one of the most incredible days in my life. Because of the softwarebased and indirect character of elec tronic voting. Avi rubin, professor of computer science at johns hopkins university and technical director of the information security institute has analyzed the source code used in these voting machines and reports this voting system is far below even the most minimal security standards applicable in other contexts. Another subsidiary selling electronic voting systems in brazil is dieboldprocomp, with minor market share in that nation. Rubins extensive research and service encompass the full scope of information security issues from hacking and healthcare cybersecurity to hightech litigation. Trojan horses and voting machines malicious logic hidden by an insider might, e. Stephen bono, aviel rubin, adam stubblefield, and matthew green, security through. He is a graduate of the university of michigan and professor of computer science at johns hopkins university, technical director of the information security institute at johns hopkins, director of accurate, and president and cofounder of independent security evaluators. Evoting systems should be able to handle such cases in stride, altho preparing the ballot data files would clearly be more time consuming. Of course, the secure platform problem is not the only signi cant security.
Rubin, on the difficulty of validating voting machine software with software, in proceedings of the 2nd usenix. Avi rubin is a professor of computer science and director of the health and medical security lab at johns hopkins university. At one point he held in his hand the five memory cards containing all of his prec. In the accuvote software examined by the analysts, the ballot definition. Considerations for remote electronic voting over the internet by avi rubin. Desi, was a subsidiary of diebold that makes and sells voting machines. Aviel david avi rubin born november 8, 1967 is an expert in systems and networking security. The dirty little secrets of voting system testing labs by. In this article, security expert avi rubin warns of the potential hazards of this system. Electronic voting system software,electronic voting.
The certification of e voting technology by socalled independent testing authorities, borders on the comical rubin, shamos1. Security considerations for remote electronic voting over. People have jumped on the electronic voting bandwagon, thinking that will solve the problems, said avi rubin, a technology security expert and. It was an event that included members of the us election assistance commission, secretaries of state, local election officials, vendors, voting machine testers, representatives from nist, social scientists who study voting issues, and computer. Thats where adversaries attack the electronic voting machines themselves, altering the software inside the machines to favor one candidate. Avi rubins vita united states house of representatives. Electronic voting experts such as johns hopkins universitys avi rubin said open source development is no guarantee of trustworthy election software, but indicated open source code is one necessary component.
Dec 01, 2011 avi rubin is professor of computer science at johns hopkins university and technical director of the jhu information security institute. Avi rubin, professor of computer science at johns hopkins university and technical director of the information security institute has analyzed the source code used in these voting machines and reports this voting system is far below even the most minimal security standards applicable in. The companys ceo stepped down in december, a day before a law firm filed a shareholder suit against the company, claimingamong other issuesthat the company misled investors about the state of its evoting technology. For more than a decade, aviel avi rubin, a professor of computer science at johns hopkins university in baltimore and an evoting activist, has been a vocal critic of evoting systems across. Oct 27, 2006 computer scientist avi rubin talks about the plusses and minuses of electronic voting. A third advantage of evoting surfaces in cases where there are a great many races on the ballot, and, to a lessor extent, where the number of candidates is very large.
In particular, i note the report of the california task force on electronic voting 1, avi rubins note 7, and the internet policy institute report on internet voting3. Security criteria for electronic voting, by peter g. Another subsidiary selling electronic voting systems in brazil is dieboldprocomp, with. Electronic voting records an assessment by michael shamos, papers presented at cfp93 and cfp2004 respectively. Avi made headlines in 2003 when he revealed glitches in diebold electronic voting machines. Avi rubin, technical director of the information security institute at john hopkins, along with computer science. The itas are private companies, hired by the vendors and reporting back only to the vendors, who keep the reports confidential. Verify that the software is free of trojans and will work correctly on all future elections. But election rigging is a potential threat, says rubin. Reproduced under the fair use exception of 17 usc 107 for noncommercial, nonprofit, and educational use. The companys ceo stepped down in december, a day before a law firm filed a shareholder suit against the company, claimingamong other issuesthat the company misled investors about the state of its e voting technology.
Avi rubin has testified at congressional hearings trying to alert the government that it has put our democracy at risk by relying so heavily on voting machines without taking the proper precautions. First, there was the now infamous 2003 report analysis of an electronic voting system coauthored by avi rubin and dan wallach both ph. A partial transcript of the interview in ieee security continue reading show 001. Diebold election systems, one of the largest manufacturers of electronic voting machines, accidentally put its software on the internet briefly and avi rubin got hold of it. How would we defend a voting system against this kind of insider threat. Rubin is credited with bringing to light vulnerabilities in premier election solutions formerly diebold election systems accuvote electronic voting machines. Aviel rubin, a professor of computer science at the johns hopkins university. To create your account, all you need to do is enter your email address and a password of your choice, wait a couple of seconds for an account activation email to be sent to you, and then activate your account. For more than a decade, avi rubin has been a vocal critic of evoting systems across the nation. Rubin said that the software code is so flawed that, even if it has been updated, there is no easy fix.
He wrote his experiences immediately after the day was over. Depending on the particular implementation, e voting may use standalone electronic voting machines also called evm or computers connected to the internet. Keromytis, tal malkin, avi rubin, anonymity in wireless broadcast networks, international journal of network security ijns, january, 2008. Rubins analysis of the code and the dangers of electronic voting were disclosed six. List of internet sites with information about electronic votingincludes links to. Nov 22, 2018 avi rubin, professor of computer science at johns hopkins university and technical director of the information security institute has analyzed the source code used in these voting machines and reports this voting system is far below even the most minimal security standards applicable in other contexts. It may encompass a range of internet services, from basic transmission of tabulated results to full. Special issue on electronic voting, december, 2009. Electronic voting machines security risk infoworld. Information security expert avi rubin explains why we wont be voting on. Avi rubin performs a true patriotic duty with this book. Avi is credited for bringing to light vulnerabilities in electronic voting machines. The dirty little secrets of voting system testing labs by avi rubin 2005 avi rubin, johns hopkins university. Then, even an ordinary voter could cast more than one vote for a candidate at a polling place that uses this electronic voting system, said avi rubin, technical director of the information.
Voting machine software should most definitely be made publicly. Avi rubin talks about the plusses and minuses of electronic voting. Security researcher and evoting expert avi rubin has published a tech memoir of his threeyear study of diebolds controversial electronic voting machines. Report of the national workshop on internet voting. The battle to safeguard democracy in the age of electronic voting. Dill contacted avi rubin, a computer scientist at johns hopkins university and. Everything we know about voting machines electronic ones. A 15yearold computer enthusiast could make these counterfeit cards in a garage and sell them, said avi rubin, technical director of the information security institute at johns hopkins and one of the researchers involved in the study. Election runner provides a clean, attractive and easytouse voter interface that runs well on all internetenabled devices that weve tested.
Avi rubin is known for annoying large companies and important people. Neumann, 16th national computer security conference, september, 1993. Security researcher and e voting expert avi rubin has published a tech memoir of his threeyear study of diebolds controversial electronic voting machines. For more than a decade, avi rubin has been a vocal critic of e voting systems across the nation. Two years ago, the johns hopkins university professor first alerted the country to troubling vulnerabilities in electronic. Avi rubin and a team of researchers examined software. Analysis of an electronic voting system tadayoshi kohno. The battle to safeguard democracy in the age of electronic. In 2006 he published a book on his experiences since this event. Evoting critic avi rubin talks about the inherent weakness of software, the critical need for audit trails and the perfect storm of the 2000 election.
Last election washington post 116 software glitch in novembers election in virginia advanced voting solutions touchscreen machines voters in three precincts reported that when they attempted to vote for thompson, the machines initially displayed an x next to her name but then, after a few seconds, the x disappeared. Thats where adversaries attack the electronic voting machines themselves, altering the software inside the. Evoting flaws risk ballot fraud politics voting problems. In 2010, dominion voting systems purchased the primary assets of premier, including all intellectual property, software, firmware and hardware for premiers current and legacy optical scan, central scan, and touch screen voting. Security considerations for remote electronic voting over the. Washington, searching the internet for an electronic voting machine manual.
Their support system is unparalleled for the speedy, comprehensive and personal manner in which it is delivered. Electronic voting system is vulnerable to tampering headlines. The dirty little secrets of voting system testing labs by avi. University researchers criticize electronic voting machines as security risk. Rubin, an independent audit framework for software dependent voting systems, 14th acm conference on computer and communications security, november, 2007. Diebold has had a more turbulent relationship with states and security experts over evoting. As he has waged this battle, he has been attacked, undermined, and defamed by a prominent manufacturer.
262 681 1475 1015 430 121 857 179 1372 188 514 1047 1190 946 1278 529 1170 1249 1091 809 206 1192 1495 189 304 1089 983 1073 210 1667 534 486 366 1495 1205 1307 611 1490 575 1430 18