463: Voting Machines
Title text: And that's *another* crypto conference I've been kicked out of. C'mon, it's a great analogy!
In the 2008 Ohio primary elections, there were numerous problems with electronic voting machines, which eventually required many districts to revert to pen and paper. Premier Election Solutions, the company that handled the machines, blamed these problems on McAfee anti-virus software.
It is not uncommon to see computer software contracts stipulating that the vendor will warrant that software and systems delivered will not contain any viruses or malicious code — a knee-jerk reaction to this is for novice management to include virus-scanning software for systems which otherwise are closed. From a computer programming standpoint, having anti-virus software on an electronic voting machine doesn't make sense because the machine shouldn't be accessing the Internet in a way that would leave it open to virus attacks. While there are a lot of ways that viruses can propagate, ultimately the computer still has to download an executable file and run it, which is something that no election machine should do in normal operation. Hence the question is whether the voting machine manufacturer has taken the proper precaution preventing any external access.
Ideally, voting machines (as well as ATMs and other single-purpose appliances) should be embedded systems, incapable of doing the things that might necessitate anti-virus software. However, in practice such devices are more commonly built as application programs running on ordinary Windows PCs (inside of custom-shaped cases), and they download software updates over the internet.
The comic makes an analogy to a teacher who reassures you that he always wears a condom when teaching. While a condom could be considered "protection", and therefore a good thing, common sense dictates that teachers should never end up in a situation where wearing a condom in school would be useful; this parallels the idea that while security in the form of anti-virus software on voting machines could also be considered protection and a good thing, it should never be required. The comment is more likely to make people worried about why the condom is there and what purpose it's serving. Similarly, informed people might worry why a voting machine is connecting to the internet.
- Premier Election Solutions (formerly Diebold) has blamed Ohio voting machine errors on problems with the machines' McAfee antivirus software.
- [Cueball is sitting at a computer, facepalming.]
- Cueball: Wait. "Antivirus software"? On voting machines? You're doing it wrong.
- [Cueball's friend enters the frame and speaks to Cueball.]
- Friend: Why? Security is good, right?
- Cueball: Of course. But, well—
- Cueball: Imagine you're at a parent-teacher conference, and the teacher reassures you that he always wears a condom while teaching.
- Friend: Ah. Strictly speaking, it's better than the alternative—
- Cueball: —Yet someone is clearly doing their job horribly wrong.
add a comment! ⋅ add a topic (use sparingly)! ⋅ refresh comments!