An amazing confluence of events conspired to get me thinking about remote-controlled vibrators and electronic voting systems. It all started when the lovely ladies at Good Vibrations in San Francisco sent me some samples of their new wares, all of which happened to be vibrators that you can flick on and off with a remote.
One of these appealing little machines was even audio-activated: sound goes into a microphone and comes out in the form of vibrations. It's called the Audi-Oh!, and I've discovered through a process of trial and error that it works best if you blow into the mic. Sure, you can play music into it, but nothing's better than breathing heavily into a device that responds to your ardor.
You're probably wondering what vibrators have to do with voting. Well, I was perusing the excellent "Analysis of an Electronic Voting System," written by a group of civic-minded security geeks at Johns Hopkins University who just analyzed the hell out of some code that has been widely attributed to e-voting system manufacturer Diebold. It happens that I like to multitask, and while I was reading this report, I made the discovery that remote-controlled vibrators have a security flaw.
All of them operate on the same frequency. What does that mean for you, the end user? Well, if you happen to be in a place with a lot of people who are wearing concealed remotely activated vibrators -- which you might, one day -- you can turn them all on with one toggle of the switch. Likewise, a stranger could switch on your vibrator with his or her controller, and you wouldn't have any way to override it.
It's all fun and games until you realize that this is how electronic voting systems work too. OK, voting systems don't vibrate. But the Diebold system -- which many states such as California, Maryland, and Georgia are in the process of implementing -- has almost as few security measures as those remote-controlled vibrators and with far less pleasant results. Someone could zap your vote from afar, and you'd be helpless to stop it.
According to the Johns Hopkins team's report, one of the many flaws with the Diebold system is that it leaves no paper trail. You go into your local voting center, get a PIN or smart card, plug it into the voting terminal, and cast your votes. At no point are your votes printed out in hard copy for you to see, nor are your votes tallied from printouts. All tallying is done electronically. The problems this system raises are vast. Democracy, in this situation, is only as good as the software that implements it. And right now, Diebold's software sucks.
First of all, according to the report, Diebold's software is written in the notoriously hackable language C++, which leaves voting booths vulnerable to common buffer overflow attacks that a 13-year-old script kiddie could launch. What's ominous in this scenario is that elections could be hacked remotely, meaning Republicans in Florida could hire some mercenary techs to tip the California gubernatorial recall vote. Interestingly, Republicans have been some of the biggest investors in Diebold.
Another flaw in Diebold's system is that the privacy of the voter is unsafe: "Cryptography, when used at all, was used incorrectly," the researchers say. That means it's extremely easy for interested parties to spy on you while you are voting and figure out which candidate you voted for.
And then, of course, there are the smart cards, which are fairly easy to duplicate. This could lead to a high-tech version of ballot stuffing, in which the same person creates a thousand smart cards and votes for his or her candidate of choice.
Possibly the most ridiculous part of the Diebold system is that nobody is allowed to examine the software for security flaws before using it. The researchers at Johns Hopkins got hold of the code they analyzed by finding a poorly hidden private FTP site on the Diebold servers that was being used as a code repository. That they found this site so easily is telling in itself: Diebold plays so fast and loose with software security that it doesn't even bother to protect the code from being tampered with while it's being written. Anyone could come along and alter Diebold's code to make it easy to throw an election.
If Diebold made its software open source, people could examine the code and decide for themselves -- democracy-style -- whether they think it's safe to use for elections. It's worth asking why this software is a secret, given that it will determine our collective political future.
Not all software and hardware need to be open source, because sometimes security isn't a big deal. Who cares if you can turn on my vibrator without my permission? But if you can tamper with my votes, then nothing less than the future of political freedom is at stake.
Annalee Newitz (email@example.com) is a surly media nerd who never promised you a rose garden. Her column also appears in Metro, Silicon Valley's weekly newspaper.