Re: Stealing an Election: What's it worth?

From: Jim March <jmarch_at_prodigy_dot_net>
Date: Sun May 29 2005 - 20:46:28 CDT

Paul missed something BIG.

Stock fraud.

Even without actual tampering, early knowledge of election results could
be used as a form of "insider trading" as it relates to bond measures,
local races, even some national races when it relates to matters such as
defense spending.

The stock market is a giant gambling arena, with the odds arrayed *very*
tightly. It doesn't take much to swing it over.

Jim

Arthur Keller wrote:

> Crypto-Gram Newsletter
> April 15, 2004
> by Bruce Schneier
> Founder and CTO
> Counterpane Internet Security, Inc.
> schneier@counterpane.com <mailto:schneier@counterpane.com>
> <http://www.schneier.com>
> <http://www.counterpane.com>
>
> A free monthly newsletter providing summaries, analyses, insights, and
> commentaries on security: computer and otherwise.
> Back issues are available at
> <http://www.schneier.com/crypto-gram.html>. To subscribe, visit
> <http://www.schneier.com/crypto-gram.html> or send a blank message to
> crypto-gram-subscribe@chaparraltree.com.
>
> *Stealing an Election*
>
> There are major efforts by computer security professionals to convince
> government officials that paper audit trails are essential in any
> computerized voting machine. They have conducted actual examination of
> software, engaged in letter writing campaigns, testified before
> government bodies, and collectively, have maintained visibility and
> public awareness of the issue.
>
> The track record of the computerized voting machines used to date has
> been abysmal; stories of errors are legion. Here's another way to look
> at the issue: what are the economics of trying to steal an election?
>
> Let's look at the 2002 election results for the 435 seats in the House
> of Representatives. In order to gain control of the House, the
> Democrats would have needed to win 23 more seats. According to actual
> voting data (pulled off the ABC News website), the Democrats could
> have won these 23 seats by swinging 163,953 votes from Republican to
> Democrat, out of the total 65,812,545 cast for both parties. (The
> total number of votes cast is actually a bit higher; this analysis
> only uses data for the winning and second-place candidates.)
>
> This means that the Democrats could have gained the majority in the
> House by switching less than 1/4 of one percent of the total votes --
> less than one in 250 votes.
>
> Of course, this analysis is done in hindsight. In practice, more
> cheating would be required to be reasonably certain of winning. Even
> so, the Democrats could have won the house by shifting well below 0.5%
> of the total votes cast across the election.
>
> Let's try another analysis: What is it worth to compromise a voting
> machine? In contested House races in 2002, candidates typically spent
> $3M to $4M, although the highest was over $8M. The outcomes of the 20
> closest races would have changed by swinging an average of 2,593 votes
> each. Assuming (conservatively) a candidate would pay $1M to switch
> 5,000 votes, votes are worth $200 each. The actual value is probably
> closer to $500, but I figured conservatively here to reflect the
> additional risk of breaking the law.
>
> If a voting machine collects 250 votes (about 125 for each candidate),
> rigging the machine to swing all of its votes would be worth $25,000.
> That's going to be detected, so is unlikely to happen. Swinging 10% of
> the votes on any given machine would be worth $2500.
>
> This suggests that it is necessary to assume that attacks against
> individual voting machines are a serious risk.
>
> Computerized voting machines have software, which means we need to
> figure out what it's worth to compromise a voting machine software
> design or code, and not just individual machines. Any voting machine
> type deployed in 25% of precincts would register enough votes that
> malicious software could swing the balance of power without creating
> terribly obvious statistical abnormalities.
>
> In 2002, all the Congressional candidates together raised over $500M.
> As a result, one can conservatively conclude that affecting the
> balance of power in the House of Representatives is worth at least
> $100M to the party who would otherwise be losing. So when designing
> the security behind the software, one must assume an attacker with a
> $100M budget.
>
> Conclusion: The risks to electronic voting machine software are even
> greater than first appears.
> This essay was written with Paul Kocher.
>
>--
>
>
> -------------------------------------------------------------------------------
> Arthur M. Keller, Ph.D., 3881 Corina Way, Palo Alto, CA 94303-4507
> tel +1(650)424-0202, fax +1(650)424-0424
>
>------------------------------------------------------------------------
>
>_______________________________________________
>OVC discuss mailing lists
>Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
>

_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Tue May 31 23:17:49 2005

This archive was generated by hypermail 2.1.8 : Tue May 31 2005 - 23:17:53 CDT