Increased use of open source software could fortify U.S. election system security, according to an op-ed published last week in The New York Times.Former CIA head R. James Woolsey and Bash creator Brian J. Fox made their case for open source elections software after security researchers demonstrated how easy it was to crack some election machines in the Voting Machine Hacking Village staged at the recent DefCon hacking conference in Las Vegas. … “They confirmed what we already knew,” said James Scott, a senior fellow at the Institute for Critical Infrastructure Technology. “These are extremely vulnerable machines.” “Think of what a voting machine is,” he told LinuxInsider. “It’s a 1980s PC with zero endpoint security in a black box where the code is proprietary and can’t be analyzed.” Although the researchers at DefCon impressed the press when they physically hacked the voting machines in the village, there are more effective ways to crack an election system. “The easiest way to hack an election machine is to poison the update on the update server at the manufacturer level before the election,” Scott explained. “Then the manufacturer distributes your payload to all its machines for you.”
… A simpler solution to the security problem involves paper ballots and post-election ballot auditing, said Barbara Simons, president of VerifiedVoting. After all the votes are cast, a sampling of paper ballots would be compared manually to the electronic tally to determine the accuracy of the vote.
“Open source is good thing — we support it — but there are always bugs that are not going to be caught,” Simons told LinuxInsider. “What we need are paper ballots and manual post-election ballot audits,” she said.
“If we have those, even with proprietary software, we can protect our election from being hacked,” Simons maintained. “You can’t hack paper.”