Thursday, December 14, 2017

EVM security - asking the right questions

This is a difficult topic to discuss. A lot of people have opinions but opinions are NOT facts.

Here are some questions you can ask people in your government to determine for yourself what the "facts" pertaining to your EVM's security are.

Historical note - before EVMs, elections would be rigged by compromised returning officers or police officers. These people with the help of gangsters would stuff the ballot boxes with votes for a candidate that had paid them to fix the election for them. After EVMs came into play, people started rigging elections using GOTV and anti-GOTV operations. These operations involved using bribes to get voters out to the booth on polling day (Get Out the Vote) and running interference on such GOTV using various criminal agencies (anti-GOTV). The operations were difficult to hide and there was serious risk of discovery. This led to electronic hacking. Like all cyber crimes this was harder to detect.

The general experience in consumer electronics has been that secure devices can be built by well meaning manufacturers but secure systems (i.e device+ecosystem+users) are nearly impossible to build.The questions people should be asking are listed below, if the answers to these are "no" then the EVM is vulnerable.

1) Is 2+FA (multi-factor authentication) implemented on the actual EVM devices, on related communication servers and electoral commission consoles with access to EVM functioning and data?

2) Are all user accounts associated with the EVM and EVM system password protected? Are the passwords stored in salted and peppered form?

3) Are all the unused ports and services on the EVM turned off?

4) When the EVM communicates with other servers, is it using PGP style encryption?

5) Are servers associated with EVM data continuously monitored and audited for security breaches? is there a dedicated team that does this?

6) Is there a data fusion center that tracks activity patterns on the network and identifies unusual activity?

7) Is there an education team that ensures that all users on the EVM network are informed about best practices and infosec hygiene?

8) Are all updates to the EVM system rolled out with appropriate certification?

9) Is there a "White Hat" team that continuously monitors the EVM system for vulnerabilities and advanced persistent threats?

10) Is there a protocol for coping with a large information security emergency? Has the election commission drilled its operations staff in contingency responses?

Merely asserting security through obscurity doesn't make for actually secure EVM systems. Even if you control the source code rigidly - binaries can be hacked and you have to update the source code as hardware generations and firmware are changed. These updates have to be rolled out with appropriate certification and you have to verify that the EVM device providers carried out the actual updates you sent out.

This is a lot of work - and if your election commission is cutting corners or simply flaking out on some of these details, you will get evasive answers from them. This is a bad sign. It means your EVM is not secure.

What you do once you find out that your EVM is insecure, is up to you. I can't advise what will be appropriate in your situation, but I can tell you that knowing is half the battle.

In general - if enough people know what is going on with respect to their EVMs - the people messing about with them will very wary about the consequences of public discovery. This fear will induce them to make mistakes and that is where one can catch them.

No political system can afford exposure of the underlying EVM fraud - if enough people know about it - it will wither away.


Post a Comment

<< Home