Backdoors, barn doors, front doors...

Tue May 16 2006 00:00:00 GMT+0000 (Coordinated Universal Time)

elections

Today Dan Tokaji penned a post on the recent DESI DRE vulnerability ("Diebold: Not the Usual Suspecters") that highlights an interesting distinction between language that computer scientists are using in explaining this vulnerability and more technical definitions.

In his post, Prof. Tokaji says,

The flaw is a "backdoor" that was apparently put there deliberately, to allow election officials to update software more easily.

Some of the computer scientists interviewed for the variety of stories surrounding this recent development have used "backdoor", "front door" and "barn door" types of analogies to illustrate the risk involved with this vulnerability. Analogies are necessary in this case for two reasons: 1) this vulnerability involves aspects of computer technology that most people don't even know exist (e.g., bootloaders) and 2) computer scientists who know the gory details have been reluctant to say anything very detailed for fear of facilitating exploits.

Here's an example of this kind of analogy from ACCURATE PI Doug Jones (from the New York Times, "New Fears of Security Risks in Electronic Voting Systems")

"This is the barn door being wide open, while people were arguing over the lock on the front door," said Douglas W. Jones, a professor of computer science at the University of Iowa

With all due respect, I don't think that this flaw meets what technical folks would call a "backdoor". The analogies used and the technical definitions can be easily conflated.

The wikipedia entry on Backdoor is instructive. In the technical sense, a backdoor is a way into a system bypassing authentication methods or normal security protocols. They are usually intentionally placed for either malicious access (unauthorized access after the system has been designed and deployed) or for administrative purposes (to allow maintenance of the system regardless of the user's ability to remember the authentication details). While this design shortcoming was definitely intentionally placed in the system to ease system administration (upgrading, etc.) it doesn't bypass any authentication methods. In fact, the lack of authentication associated with this vulnerability is what causes this particular flaw to directly violate §4.2.2 of the 2002 Voting System Standards. (The fix that DESI will have in place will reportedly use some sort of cryptographic digital signature to ensure that non-compliant software could not be loaded onto these machines.)

Anyway, this isn't necessarily a correction because Prof. Tokaji statement isn't necessarily wrong... it's just a comment on the different uses of the term "backdoor". Those of us technical folks should take head to be more precise in our analogies.