E-Voting News and Analysis, from the Experts

Monday November 01, 2004

To Disclose Or Not?

Filed under: — Felten @ 3:48 pm UTC

Suppose, hypothetically, that I knew of a vulnerability that would allow someone to corrupt vote counts or interfere with voting on some e-voting system being used in tomorrow’s election. And suppose further that it was too late to get the vulnerability fixed. What should I do?

This is a special case of a more general issue that arises in computer security, regarding when it is proper to disclose vulnerability information. Most independent experts tend to be pro-disclosure, having learned by experience that vendors behave more responsibly when disclosure is the norm. But every situation is different, and it is often possible to withhold a little information while still getting the advantages (for the public) of disclosure.

In our hypothetical case, I think I would publish the vulnerability information once it could no longer do harm in this election. Depending on the nature of the vulnerability, that might be after the polls close in affected states, or it might be at some other time. Doing this would ensure that public officials and vendors have as long as possible to fix the problem before the next election, but that the information would be withheld during the brief window when it would help the bad guys more than the good guys.

I might want (still speaking hypothetically) to put a stake in the ground so I could prove later that I knew the vulnerability information before the election. One way to do that would be to write a short file or document describing the vulnerability, to compute the cryptographic hash of that file, which is a unique number that can be verified later but that conveys no useful information about the contents of the file, and then to publish the hash.

Perhaps I, or one of my colleagues, will publish the hash of a vulnerability report here, before the election is over.


The URI to TrackBack this entry is: http://www.evoting-experts.com/wp-login.php/wp-trackback.php/wp-trackback.php/wp-admin/wp-admin/wp-trackback.php/16

  1. That brings up an interesting question. How do you prove time/date accuracy on a computer system so that you can prove X happened at Y/Z time/date?

    My guess is that there’s a patent to the first person that can do this without special hardware.

    At least a document could be witnessed. To my knowledge, its unknown how to do that electronically.


    Comment by Kenneth Loafman — Monday November 01, 2004 @ 4:41 pm UTC

  2. Secure timestamping has been the topic of some research. One commercial system based on that research comes from Surety.

    Comment by Ed Felten — Monday November 01, 2004 @ 4:51 pm UTC

  3. The poster mentions a perfectly reasonable possibility. Using a md5 Hash(Or better, perhaps the pgp/gpg signature for a file) and posting that BEFORE the election.. then posting the file that it was derived from afterwards, proves that you had that file, with the same contents, at the time you computed the hash (Which had to have been before the election).

    This is essentially the same as the age-old method of copyright: Mail yourself a copy of your work, and leave the envelope sealed. This way it’s postmarked, and you can open it in front of a notary if there is a challenge to your copyright.

    Comment by Nathan O’Meara — Tuesday November 02, 2004 @ 8:39 am UTC

RSS feed for comments on this post.

Leave a comment

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>



Powered by WordPress