I've seen a lot of people talking about electronic voting machines and security.
Electronic voting machines pose a few unique problems when it comes to securing them. The short answer is - it's not possible....

/1

We we design systems, we always assume that somebody some day, could very well get unauthorized access. We do everything we can to harden the system and remove potential attack vectors, but we can only guard against what we know about today.

/2

So creating a "secure" system isn't just about making sure nobody can get in. It's about detection and tolerance. Building layers into the system that are constantly looking at what's happening, and detecting irrational behavior.

/3

Once you detect that irrational behavior, you can slam the door shut, raise warnings, and provide tolerance in the form of protecting the data. You've now minimized the damage, and mitigated the risk of a larger breach.

/4

Well, it comes to voting machines, that's not really good enough. Because what happens when a breach is detected, is you essentially lock the system down and initiate a disaster recovery plan. That takes people who know what to do a very long time. That would shut down voting

/5

There are very easy ways to build a system that could detect if someone compromised a voting machine and tried changing votes. It's seriously not that complicated. But what then? You just continue to let people use it? Let people use other machines prone to break in?

/6

Voting systems have two unique hangups.
Time and Cost.
They get used very infrequently. Maybe once or twice per year on average, and in some places not even that often.
That makes development of a truly functional system tricky.

/7

The people running these systems, are not tech people. They're election officials. They use these systems again, once a year? Then it goes back in the closet until next year. Now train somebody reliably on that system. It has to be dumb simple.

/8

The problem is - "dumb simple" makes that detection and tolerance virtually impossible. A system like that, requires somebody sophisticated enough to navigate those disaster recovery plans.

/9

The other issue, is when you have a system like a web app that's *always* online - you have a steady stream of data to work with. If somebody TRIES to gain access - you can see it, see where they're going with it, and preemptively patch the system before they fully get in.

/10

Security is a constant cat and mouse game. When the system is offline for 6-9-12 months at a time - you don't know if somebody out there has a machine set up in their office that they're hacking away on. They could have a 0-day you don't know about yet, until you fire it up.

/11

The other issue being money.
Is it possible to build a system that's reliably secure? Probably. But elections are run by states. And states simply do not have the budget to throw hundreds of millions or even billions at not only developing the system, but providing support.

/12

Again, it's not just the system - but also the people knowledgeable and savvy enough to run it securely, and provide the immediate support in case of a failure or a breach. That's *expensive*. That's an ongoing expense, not just a 1 time thing.

/13

If you got the top technology experts in a room and said "build this system" - they could probably do it. It would cost an arm and a leg, and take a few years.

But you know what those experts say?
"Don't do it - use paper"