avs Online

I recently wrote about problems in the Finnish ministry draft law for e-voting (in Finnish). The result was a longish description of things like a need for end-to-end audited systems, trusted user interfaces and various other issues which boils down to a simple, yet effective measure: we need to adopt e-voting systems that produce individual hardcopy (paper) printouts for each vote cast, and each printout must be voter-verified. The current draft does not require this, but makes vague attempts at restricting the problem without fully considering all threats along the line.

The Raw Story has an article on Diebold Election Systems, Inc. problems that they had with the development of their e-voting machines. Of course, information coming from a single whistleblower must be taken with a grain of salt, but if everything he says is true, all the more reason to demand voter-verified paper printouts.

Creating a security-aware company culture in an R&D organisation is hard work. For companies whose products are part of a critical infrastructure, be they voting machines or mobile phones, product security awareness at executive board level is essentially also a corporate social responsibility exercise.

In other news, a Finn is hacking US voting machines. I first heard of Mr. Hursti when I was a kid. He was featured in a magazine article where he was hailed as a technology whiz kid. This week's Talouselämä (a Finnish magazine on economic issues) says that after retiring in the ripe age of 33 as a multimillionaire, he seems to be spending his time with hacking e-voting systems and aikido. Now that's life!