Wednesday, February 6, 2008

How to Prevent Magic Pens ?

Sometimes happens something of really funny and you... can't do anything. 
Is it useful working hard to increase the security of electronic vote ? Today during one of our weekly meeting comes out a real story bout MAGIC pens and Electronic Voting. The story is the following one:

" During the super day, the people who have decided to vote, reach the polling place to cast theirs votes following two ways:
1) Voting through Voting Machines
2) Voting through Paper Ballots which will scanned by VM
Usually older voters prefer cast theirs own vote through classical paper ballot rather then "complicated" electronic voting machineries; for that reason they ask to the pool worker the paper and the pen. The pool worker, who is a volunteer (so, he may be "sponsored" by some political people ?? ) say to the voter:
' Here we go! This is the paper ballot, and this is the MAGIC PEN. You know, the polling worker to the voter, today thanks to these machines the privacy is the most important issue to respect, so they build this MAGIC PEN with a particular ink that only the voting machine can read. So let use it like a normal pen and then put your ballot inside this slit (Voting Machine's Scanner). The Voting Machine will read through its special sensors your vote and it'll sent your casted vote directly to the central.
The unwitting old voter will put some invisible signs on the ballot using the fake PEN and, at the end of the fake voting phase he'll try to cast his vote through the voting machine's scanner and he'll go away. The Voting Machine's scanner unable to read the paper will reject the paper, the pooling worker will refill the ballot with his favorite runner and here we are ! Another faked vote. "

In my opinion, this scenario is very interesting to analyze. First of all, every body can become poll worker, that means we cannot absolutely assume that the pool worker is a trusted entity into the complex chain of voting. Said that, I wanna point out it's pretty difficult in US arresting some one for "ignorance attempt".. :) .. So this kind of attack is possible, it's easy and it works. Let me make this question:
Is it true that improving Voting Machine's Security we can improve the voting process ??
I really don't think so. This is another easy social engineering example which bypass every security measure... Again, let me say that: at the end of the day, voting through voting machines is still not secure, everybody know Diebold and Hart cases (if not let see this picture),voting through paper ballot may be too.

So, can we ever guarantee a safe election ?

No comments: