Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/16/2020
11:00 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Meet the Computer Scientist Who Helped Push for Paper Ballots

Security Pro File: Award-winning computer scientist and electronic voting expert Barbara Simons chats up her pioneering days in computer programming, paper-ballot backups, Internet voting, math, and sushi.

Barbara Simons has been fighting for secure elections for two decades. But the award-winning computer scientist, who's also well-versed in voting technology and its security vulnerabilities, doesn't consider herself a security expert. Everything she's learned about election security, she says, came from hanging out with security experts.

"My job had nothing to do with security. My training is in computer science," she says. "I've never hacked [a] machine ... [but] I think I could learn [how to]," she says.

Related Content:

DEF CON Voting Village: It's About 'Risk'

Special Report: Computing's New Normal, a Dark Reading Perspective

New on The Edge: 5 Security Lessons Humans Can Learn From Their Dogs

Simons, 79, has been a major and influential player in the movement to institute paper-ballot backups for electronic voting systems and in warning about the security risks of Internet voting. She and many other computer scientists argue that computers and software alone can't properly handle the task of tallying votes.

"You can't trust computers to work properly [with voting systems]," says Simons, who has served on multiple projects and task forces on election security. "You need paper as a check on the computers."

In 2000, online voting in US elections had sounded like an exciting and promising prospect to Simons when she joined the Internet voting study task force convened by then-President Bill Clinton.

"In those early days looking at Internet voting, it was, of course, why not? I thought it was a good idea," recalls Simons.

But her enthusiasm quickly waned. Security experts from academia and government labs shared grim assessments of the major security risks in online voting, so the final report published by Simons and other members of the National Workshop on Internet Voting flatly rejected the notion of shifting to online voting in the new millennium.

"It basically said, 'No, not right now," she says. "It was a pretty negative report."

But soon after, new calls for Internet voting and expanded electronic-voting technology began to escalate in the wake of the punch-card "hanging and dimpled chads" fiasco of the 2000 presidential election. Some punch-card ballots had not properly detached the perforated paper in the casting of votes. As a result, they were unreadable, causing more confusion and consternation in the already extremely tight race in Florida between Al Gore and George W. Bush.

Suddenly, paper became the bane of vote-count accuracy, which helped usher in a new generation of electronic-voting systems, such as direct recording electronic (DRE) voting systems. These systems had no paper trail to protect vote counts - but unfortunately, plenty of security holes.

Thanks to high-profile hacks of voting equipment at DEF CON, as well as pressure from experts like Simons and policymakers in the wake of Russian election-meddling and data breaches in the 2016 election, old-school paper is now experiencing a comeback in the voting process, and DRE systems are gradually disappearing from polls due to security issues. Simons, her colleagues at Verified Voting (where Simon serves as Board Chair), and other election security experts are also pushing hard for adoption of so-called risk-limiting audits to be widely deployed.

It hasn't been an easy sell, Simons admits.

"A lot of people are put off by that," says Simons, who's officially retired but currently performs full-time pro bono work for both Verified Voting and the Association for Computing Machinery (ACM), where she also had served as president. "They don't realize scanners are computers that can be hacked."

A risk-limiting audit randomly selects ballots that are then manually checked against electronic machine results to basically provide an integrity check of vote counts. A statistical sampling of paper ballots are compared with the electronic records, and the vote counts are checked.

Ask Simons about the recent mobile voting experiments in states such as Washington, Utah, and West Virginia, where votes are cast by smartphone and processed over a blockchain infrastructure, and she argues that it's a nonstarter. It's just Internet voting by a different name, and "it's a terrible idea," she says.

'Ahead of the Game'
Simons blazed a path from mathematics to a Ph.D. in computer science in 1981 from the University of California, Berkeley, at a time when computing was new and there were few women to follow in the technology profession. Her dissertation solved an open problem in the so-called scheduling theory in computing, and she joined IBM Research in 1980, where she worked as a computer scientist.

Simons today is considered not only a computer science pioneer, but also one of the most influential women in technology. And as she describes it, she "fell into" the field. Simons never finished her undergraduate degree: After starting at Wellesley College as a mathematics major and then transferring to Berkeley, she got married and later dropped out to raise her children.

"I went back to school when my marriage was breaking up. I was out of school for nine years," she says. "My father, whose advice I hardly ever took, suggested that I learn how to program because as a mathematician he thought that would mean I would find programming easy."

(That's a fallacy, Simons says. Computer programming doesn't necessarily require math chops - something she says she and her dad didn't realize at the time.)

"I enjoyed programming and continued to aim slightly higher than where I currently was. One thing led to another, and I ended up getting a Ph.D. in computer science. If I had started off with the goal of getting a Ph.D. ... well, I never would have started off. It would have seemed impossible," she notes. "Instead, each time I set a new goal, I could say to myself that even if I fail, I'm already ahead of the game. That made me feel less intimidated than I might have felt otherwise."

Computer programming was still a new field when Simons entered it, and in launching a new career after taking time off with her family, she was well aware of the challenges faced by women in the same situation. So she co-founded the University of California Computer Science Department Reentry Program for Women and Minorities at Berkeley to help women join the field, and also served on diversity group boards at Berkeley and the national Coalition to Diversify Computing.

Women were among the pioneers in computer programming in the early days, she recalls.

"The first programmers were women and they were totally written out of history," she says, pointing to women such as the late Fran Allen, who in 2006 became the first woman to receive the prestigious Turing Award from ACM.

Programming "wasn't poorly paid" as a field at the time, but it also wasn't initially as highly regarded as it is today, she says. It wasn't until men started entering the field in numbers that salaries rose and women got squeezed out, Simons says.

"They started requiring calculus, which has nothing to do with programming [and] a lot of girls in high school weren't taking," she notes. "The doors were closing for women, and that's one of the reasons we started" the reentry program at Berkeley.

To this day, Simon remains the only woman to have won the Distinguished Engineering Alumni Award from Berkeley.

"Our goal was to produce more women and minority leaders, and we wanted them to get Ph.Ds," she says.

The reentry program gave women and minorities the opportunity to take regular computer science classes at Berkeley so they could apply to graduate school, but the passage of Proposition 209 in California - which banned educational benefit programs based solely on gender or ethnicity - ultimately killed the program, she says.

Paper and Patience
James Hendler, chair of ACM's US Technology Policy Committee, describes Simons' expertise as a unique blend of knowledge in computing technology and its policy implications that she has used to help forge election security policy. ACM recently awarded Simons its ACM Policy Award for her leadership of the organization and her work on election security issues.

"She realized before most others that the cybersecurity risks of electronic voting machines and, later, online voting could have implications that most politicians and the public were not aware of," Hendler says. "She realized there had to be a paper-based record to back up electronic voting machines and/or some kind of risk-based auditing for monitoring any kind of online election. Without these safeguards, an election would be virtually impossible to secure."  

Simons sees the shift away from paperless voting technology as a positive development for the upcoming election in November, but she worries about efforts to fast-track mobile voting if the move to mail-in paper ballots falters in some areas.

Mail-in voting is good for post-election audits, she says, and "hand-marked ballots are the best kind."

Even so, she says the potential for a protracted vote count given the increase in mail-in ballots amid the pandemic could cause confusion and even sow distrust in the outcome.

"Americans are going to have to learn a little patience" in learning the outcome of the election, she says.

___________________

PERSONALITY BYTES

Simons' biggest worries about election security: Just about everything. I'm especially worried about an attack on our voting technology: the electronic poll books, the voting machines, and the scanners that tabulate the ballots. If folks share the concerns of our intelligence community - and they should - that Russia wants to mess with our election, then allowing Internet voting, which is the most insecure form of voting possible, would be a gift to Russia, or China, or Iran, or North Korea, or indeed any nation/state or organization that wants to steal our elections.

'Aha' moment as a mathematician-turned-coder: I remember thinking, 'Wow, in math you're given a problem that you don't necessarily know has a solution. Is this theorem true or false?' You don't know. But with programming, you're asked to write software for a problem you know you can solve. This was pretty cool.

Retirement: I'm working really hard. I'm just not getting paid.

Favorite hangout before COVID-19: Bowen Island [British Columbia]

Comfort food: Sushi

Netflix pick right now: At the moment we're into Korean shows. We've seen "Crash Landing on You" and "Rookie Historian," both of which I recommend. We're now watching a show called "Vagabond."

 

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
janelee
50%
50%
janelee,
User Rank: Author
9/18/2020 | 3:04:10 PM
Risks to both paper and electronic voting systems
This was a great read! GO BEARS!

It'll be interesting to see how voting technology progresses in the future. While I do agree that electronic voting has its risks, I believe that paper/in-person voting has its downsides as well. Particularly with the recent confusion/disinformation being spread about mail-in votes, I can't help but think about whether having a more streamlined (electronic) voting system would be better. Additionally, I have never been asked to verify my ID during in-person voting in the past 14 years. In my opinion, this is a vulnerability that can be exploited by bad actors. 
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20934
PUBLISHED: 2020-11-28
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
CVE-2020-29368
PUBLISHED: 2020-11-28
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
CVE-2020-29369
PUBLISHED: 2020-11-28
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
CVE-2020-29370
PUBLISHED: 2020-11-28
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
CVE-2020-29371
PUBLISHED: 2020-11-28
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.