Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

scrottie (4167)

scrottie
  scott@slowass.net
http://slowass.net/

My email address is scott@slowass.net. Spam me harder! *moan*

Journal of scrottie (4167)

Thursday January 10, 2008
04:48 PM

Electronic Gaming (Gambling) perspective on E.Voting

[ #35354 ]

Backstory: Years ago, Vegas gaming, or gambling, was run by the mob. They reported profits to the state, and the state taxed them, but not until they heavily skimmed off of the top. There was no transparency, only a set of nicely doctored books. Everyone knew this was happening but no one could prove it.

Eventually, the state got fed up. Gaming was big business, and they wanted their cut. Enough was enough.

There are a lot of places "gaming" is legal, especially electronic gaming. Vegas is only one of them. Almost all of them are regulated but none as heavily as Vegas. This has not put the industry of electronic game machine makers out of business. In fact, people continued to make games for outside of Vegas, but being certified for Vegas is a massive vote of confidence and that helps reassure your customer, whether he's Indian Gaming, in China, Central American, or off shore.

Now, let's talk about the regulations themselves.

Source code auditing:

E-Voting: Source code is not audited. Vegas: Source code is heavily audited and the device manufacturer pays for lab time for the state technicians. If you they're ever not satisfied with the security of some implementation, they have unlimited authority to make you jump through arbitrary hoops in the code to satisfy them.

Anti-tamper:

E-Voting: Inexpensive locks that can be defeated by bic pen cases are used with stickers. Vendors promise not to alter the code on the machines (that was never audited in the first place). Vegas: The code approved at the labs gets hashed and the size and hash of every file on the filesystem is recorded at the lab. Machines in the field are inspected to make sure that the size and hashes of the files have not changed. Any attempt to alter the code of a game on the casino floor carries a strong risk of detection.

Certification:

E-Voting: Vendors can make excuses to worm their way out. Multiple screw-ups are tolerated with nothing more than a vague promise to keep it from happening again through unspecified means. Time constraints are a valid excuse. Vegas: Swift, vengeful, kiss of death for any below board behavior. Time, money, and other excuses are meaningless.

Auditing:

E-Voting: Software written by the manufacturer prints off a total. This is taken as gosphel. Gaming: Every coin in, every pay out, every random number generated, periodicly, the seeds are logged so that Gaming can reconstruct the state of the random number generator through every step of game play should anything seem dubious. Data is not only accounted but examined statistically in spot checks.

Regulations in general:

E-Voting: fluffy. Vegas; Every time a machine is comprimised in any way, regulations are revised with multiple provisions in earnest effort to keep it from happening again. Through years and years of this, the regulations have become voluminous. It's extremely important to note that many times, Vegas gaming machines have been compromised, usually by inside jobs, but sometimes by well organized outside parties. PRNG prediction attacks have been mounted, extremely sophisticated timing attacks successfully executed, tiny probes with cameras and serial ports stuck through vents, and so on and so forth. Without thorough auditing and transparency, many of these attacks would have gone undetected and improvements to security never made. The unwillingness of the Federal Election Commission to audit is telling.

Computer security:

E-Voting: Removable flash storage that can contain autoexec.bats or otherwise automatically executed code. No encryption. No digital signing. Re-used passwords. Public ftp sites on the Internet where data is uploaded. Vendor personal are considered absolutely trusted. Vegas: Nothing in player is ever connected to the Internet at any point for even a moment. Physical separation is maintained, meaning sneakernets of flash dongles and CD-Rs are used during development (I assure you, this is a bigger pain than it sounds like). At numerous points, cryptographic singing, public/private key encryption, and other mechanisms are used. All openings of the cabinet are logged, along with the floor manager responsible and other data. Control systems have separate logging systems, required by law to be in separate rooms. Should the logging system go off line, the control system must boot all users and end all game related tasks within seconds. Both systems must be monitored by camera at all times with video footage archived indefinitely. In general, the requirements are designed such that no single personal would have any means available to them of tampering with the system. Multiple parties (the casino, the Gaming Commission, floor managers) are all able to independently validate the integrity of the systems.

Paper:

E-Voting: Paper vouchers are "too expensive". Gaming: Most casinos make heavy use of "paper in paper out", where rather than dispensing bills, the machines print coupons that can be inserted into another machine or cashed out at the pit. In the course of an evening, large numbers of these tickets might be generated for each player.

I'm sure I'll think of more later, or feel free to ask me about area of possible difference. I'll probably have something to say about it.

In short, though, it's disgusting to a dozen odd gaming companies get so many things so thoroughly right (and a few less than perfect, in my opinion, of course) while the two or three companies making electronic voting machines consistently get them wrong, and no one is held to count for it. The hubris is amazing. I don't think anything short of everyone taking up torches and pitchforks would motivate congress and the e-voting industry to raise their standards. Like so many broken things in government, they seem entirely too eager to keep things broken. Anyway, nothing that people have proposed -- cryptographic papertrail, auditing of votes, auditing of source code by trusted agencies, strong cryptography, physical tamper resistance, network isolation, logical tamper resistance, and so on and so forth -- can't be done and hasn't been done over and over. Someone with experience in the banking industry probably could make an equally scathing comparison. This is just disgusting. We've traded democracy away for some weak excuses from people who can't get security right but still somehow manage to claim to be experts.

-scott

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • It sounds like the gaming machine makers are missing out on a potential market here.

    I suspect the only barrier here is that gaming machines a profit centre (in Australia I believe the average profit per machine is around $60,000) whereas voting machines are a cost.

    But I bet there's a hell of a lot the gaming companies could bring to voting machines.

    I think the supreme irony here is that the Diebold machines are produced by a major manufacturer of Automatic Teller Machines...
  • The difference is that at the gambling casino, there are 2 assumptions. One is that the users are fools and losers and the other is that the organization is crooked and on the take.

    • The casino assume that it itself is on the take? Huh? Did you even read this article or did you just drive by paste your comments on? I talked at length about how the electronic games were repeatedly broken by customers and that only through good auditing are these attacks found. So I'm not sure where you got the idea that they assume that the patrons are "fools and losers". They *hope* they are, but certainly don't assume it. But, supposing that you were correct, what does this have to do with the an
    • Well that doesn't sound like any difference at all!