Sunday, August 26, 2007

The Virus Did It

I attended Crypto in Santa Barbara this past week, and I was talking to a colleague of mine from another university. He had served as an expert witness in an interesting case involving a man who had been accused of having illegal pornographic images on his computer. His defense was that his computer had been infected with a malware virus and that "the virus did it." This may seem a little far fetched. However, my friend is a top security expert, and he had disassembled and reverse engineered the virus code, and he showed that indeed the virus was designed to download pornographic images from the Web.

The "virus did it" defense is likely to become more popular as increasingly nefarious online activity is uncovered. In a society where you are innocent until proven guilty, the possibility that a virus performed a malicious action from someone's computer, and that the person was not aware of this, may be enough to provide plausible deniability of almost anything.

Consider the implications of this for electronic voting machines. While the Princeton team showed how a malicious virus could copy itself to infect a precinct full of voting machines, and whereas the California top to bottom review team showed how even a single infected voting machine or memory card can compromise a back end tabulating system, in light of "the virus did it" phenomenon, the attacker's job in disrupting an election is even simpler. All an attacker has to do is leave evidence that casts suspicion that there may have been a virus. If an election audit reveals signs of a possible virus, the results are thrown into doubt, and a losing candidate has a legitimate claim that a virus may have tampered with the results.

The evidence of a possible virus can be created anytime prior to the audit, even after the election is complete. In a computerized system such as a paperless DRE, it is much easier to concoct false evidence that raises suspicion than it is in a paper ballot or end to end cryptographic system.

To visualize how scary this could be, let's take the example of Sarasota County, Florida in the 2006 election. Congressional District 13 was an extremely close race with the strange anomaly that an abnormally high number of undervotes were found in an important race. Several studies and audits were conducted, but the reason for the problem has never been conclusively determined. Now, imagine if an audit had turned up virus code on some of the voting machines. Even if no virus had ever executed or propagated, the mere existence of such code would have created chaos. Taking this idea a step further, imagine if such evidence were found in the Virginia Senate race in 2006. This extremely close race singlehandedly determined the party majority in the Senate.

When defending the use of DREs, vendors and some election officials argue that it would be very difficult to tamper with a voting machine in an undetectable way to change the outcome of the election. While I disagree with this statement, the truth is that it grossly overestimates the job of the attacker. All an attacker has to do is to create the impression that something went very wrong. The losing candidate will do the rest.

If in a future election we begin to suspect that "the virus did it," things are going to get very ugly.