When we wrote that Californias election used flawed voting machines, we got a quick, insightful reply from a "Concerned San Diego County Employee," who says, "Essentially, the only threat(s) to the voting machines are internal since the machines are not connected to the internet."
He wrote: I couldn't resist commenting on the voting machines. The security flaws are overblown! A number of techniques and procedures can (should) be implemented which can eliminate all but the most sophisticated attacks. In any event, such an attack would be an "inside job" by either someone at Diebold or the County where such an attack might take place. BTW, there have been no known incidents of tampering since these machines were utilized.
I can't comment about Alameda County's procedures. But I do work for San Diego County. San Diego County will be using these machines in the near future (March 2004). While my efforts to protect the County have been given limited consideration, it is possible to provide the necessary security. Whether that level of security will be implemented, I do not know. But I do have my doubts that it will be, given current budget constraints. SD County & its primary IT outsourcing contractor (Computer Sciences Corporation) do not utilize enough protective measures. This opinion is based on the fact that County systems as well as a few of CSC's other clients had recent major outbreaks of Welchia/Nachi virus. Fortunately, DOD & their other Federal Government clients were not affected.
All computers & computer based appliances are vulnerable to attacks of one sort or another. Those threats can be classified as "internal" or "external." An internal threat is one from a malicious programmer, technician or user. An external threat would be a virus/trojan/worm received through the internet, etc. There are ways to deal with all of these that can greatly reduce the threat. Software, hardware, and operating systems need to be standardized. The industry must adhere to those standards rigorously. Otherwise, vulnerabilities will continue to be found & exploited.
Another less appealing strategy would be multiple operating systems from different vendors capable of "common file" exchange. Each would be capable of communicating with the others & exchanging those "common file" types. But each OS would have their own vulnerabilities & idiosyncrasies. This would make it easy to exchange files, but difficult to attack systems using other OS's. MS Windows suffers from its large user base & flawed design. Some viruses can only attack certain versions of Windows, but not others. Even so, MAC OS's are not affected by Windows-based viruses (malware). The reverse holds true for viruses which target MAC OS's.
As for the county outsourcing IT, the county never spent more than 34 million a year on IT. Four years later, we are paying $110 million a year. There has not been a corresponding improvement in equipment or services. Some improvements were made, but some things got worse. Neither the county nor CSC are willing to invest the money needed to properly standardize & upgrade county systems, so they are doing it slowly, bit by bit. Unfortunately, it is more like the little Dutch boy trying to plug holes in a very leaky dike. My department has been getting new PC's & printers over the last few years because they were paid for by the state. Otherwise, we'd still be using 20-30 year printers & dumb terminals. Some of that equipment is still in use. It will be replaced by the end of 2005.
The State budget crisis can only be solved by cutting services, raising taxes, or a combination of both. Politics at the state level are more divisive than anywhere else in the U.S. Special interest groups & lobbyists have the legislature in their pocket. Reforms made a few years ago allowed them to subvert state politics. One lobbyist recently admitted how bad it is during a televised interview. Add the in-fighting between Democrats & Republicans, and you have a real mess. Wondering "if" I'll have a job in a year or two, with the state budget situation being so bad. Even scarier, is what will happen to our clients The trend we are seeing in our office is more needy clients. Increasing workloads, fewer personnel, more cases & applications, less aid available and more people slipping through the cracks. The situation is getting ugly.
NOTE: This Insight, previously published on our old site, will have any links removed.