Treat Voting Systems Like Gambling Systems

By Rich

Electronic voting seems to be popping up again thanks to our favorite digital ostrich, Diebold. Martin Mckeay’s also writing on this a bit, and it’s well worth reading.

This isn’t the first time I’ve mentioned this, and I didn’t come up with the idea, but with the most recent Diebold gossip I think it bears repeating.

Gambling systems, electronic or physical, undergo extensive testing, validation, and auditing. We’re not just talking hacking, they shock the darn things with cattle prods and attack them using such phenomenally creative techniques that I’m awestruck the few times they show it on Discovery channel specials. And it’s the complete system that’s tested and audited constantly- even the odds distributions among video poker clusters in casinos (which are audited externally by various gambling commissions in the sin city of your choice).

What does this have to do with voting?

Gambling systems are somewhat unique in that pretty much everyone involved has an incentive to cheat everyone else. Were talking about a system where no one can really trust anyone. Sure, casinos (at least in Vegas) are on the up and up, but do any of you really trust them? They sure can’t afford to trust us, and pretty much no one trusts the government.

The result? Some fracking good security.

So here we have a highly secure system of numerous specialized electronic devices operating in a networked (or non-networked) environment with near-perfect auditability. Hmm, where else might we want a similar system? Heck- they even already have testing labs and audit standards. Funny how closely related gambling and politics are. I wonder if cattle prods are illegal in voting booths?

I wonder how long Diebold would survive in Vegas?

(I’ll be the first to admit us security types have a habit of blabbing on any topic we can possibly stuff into the security bucket, but electronic voting happens to be one of the areas where our experience is directly applicable. I don’t know too many (any) security types that try to justify Diebold’s positions. They’re either criminal or mentally incompetent.)

((And speaking of casinos- one of my favorite memories of Defcon was how none of the stores in the casino would take credit cards during the event.))

No Related Posts

[...] At the same time should communication disconnect from either intent or capability Apple places then places both their trust relationship, and their customers, at risk. Take my favorite snake-oil salesmen at Diebold- by having no intent to secure their products, no security capabilities in their products, and communicating that the products are secure they create huge potential for security failures. Less educated customers buy products thinking they’re secure, but the products are so flawed it places these customers (as in the voting public) at extreme risk. Software vendors have done this in the past- claiming products are secure and covering up failures in the hopes the customers and prospects won’t notice. [...]

By Apple

If you like to leave comments, and aren’t a spammer, register for the site and email us at and we’ll turn off moderation for your account.