[E-voting] Digital voting fears are grounded in facts
cansbro at eircom.net
Sun Dec 4 15:28:28 GMT 2005
(from BBV admin: I cannot find the author's name in this beautifully
written article. This piece contains many new analogies and sound bytes.
Consider borrowing a few jewels from it if you will be speaking in
public about these machines. I would like to get the name of the author,
however, so he/she can be credited for this excellent work. Anyone know?
By the way, the WINvote machines are made by Advanced Voting Solutions)
New River Forum - Sunday, December 04, 2005
*Digital voting fears are grounded in facts*
I wanted to comment on two articles I have seen on your Web site, both
concerning the WINVote machines specifically and paperless electronic
voting in general.
The first, "Voter paper trail might be a blind alley," contains a
relatively standard defense of paperless machines from Registrar Randall
Wertz, based on security steps the state and localities take against
All of these steps are useful and necessary, but in the grand scheme
they are nothing more than a sugar pill. The software that collects and
tallies votes is complex, written to meet poor standards and has a
history of failure. We, as computer scientists, know how to write good
code -- it runs our airplanes, our pacemakers and our military equipment
-- but we don't know how to do it on the cheap. Boeing spent $2 billion
over five years to write the control software for the 777, and the final
product contains less than one-fourth of the total amount of software
that runs on your voting machines.
If airplane code were written to the same standards of reliability as
voting machines, every day about 10 planes flying out of
Baltimore/Washington International would experience a software failure
Testing can only reveal the presence of problems, not their absence.
Otherwise, automakers and other companies would never have to issue a
recall; their testing would be sufficient.
Hacking is not the primary threat. Failure due to an honest mistake is,
such as the one in the 2004 general election in North Carolina. Election
officials carried out all the steps Wertz described, but a single
mistake led to the permanent loss of 4,500 votes, throwing two statewide
races into disarray for nearly a year.
"I know we'll always have conspiracy theorists," he said. "They're sure
the government people are out to get 'em."
Do these "conspiracy theorists" include the Association for Computing
Machinery, the largest and most prestigious organization for
professional computer scientists? The ACM supports strong development
standards combined with a non-electronic (i.e., paper) record of every
vote. This position is supported by more than 95 percent of its members:
Again, honest mistakes have been far more damaging than the bogeyman of
"hackers" that election officials mock and use as a strawman argument.
The second article, by Dave Price titled "Voters need not fear the
digital age," contains chest-thumping bluster, but few facts. I -- and
the other members of the ACM -- do not fear the digital age. We just
understand the limitations of the technology.
Price wrote, "I have a degree in information systems management, a
national certification in computer repair and am fluent in several
computer programming languages. The one thing I am sure of is that once
you write a program and extensively test it, as Advanced has done, the
darn thing works the same way every time."
For this statement alone, his certificates should be revoked. Program
correctness depends on how well it was written and if the programmers
considered every possible event, along with the correct way to respond.
What if someone mashes the screen too hard and holds his finger down?
What if the disk is full? Will it tell the voter to come back, or will
it just throw his vote away? There are literally millions of "what ifs,"
and unless the programmers have the correct course of action for each,
the machine will fail.
Price asserted that "Without a connection to the Internet, or a place to
insert a floppy disk, they can never be subject to the horrors of
identity theft, Trojan horses or e-mail phishing ... ."
This statement would be comforting if it had any basis in reality. Every
WINVote machine has a wireless connection that it uses to get ballot
layout information and report final results (WIN stands for "Wireless
Information Network"). A van parked out of sight of election officials
and protective procedures could connect to these machines, or at the
very least observe the traffic between them, unnoticed.
Price referred to a summary screen as a way for voters to check
accuracy. The machines in Carteret County, N.C., showed that kind of
screen, too. Right before they discarded the electronic copy because
there was no room on the hard drive, and flashed a message to the voter
saying, "Thank you. Your vote has been successfully recorded."
"No identity theft, no Trojan horses, no e-mail phishing, no fraud. I
made sure of that," Price wrote.
It's a relief to know he performed a source-code audit and confirmed
that the code was written to military standards, checked the audit logs
and did a forensic analysis on every machine to ensure that no tampering
or errors occurred, and did extensive usability testing to ensure that
no voter was confused by the interface on the machine. Perhaps Price
could share his techniques with the rest of the computer science
community, which has struggled to understand how to do these things in a
quick and reliable way for seven decades.
Unless he didn't do all of those things, in which case this final
statement is meaningless bluster, akin to kicking a car's tire and --
assuming it fails to explode -- declaring it a well-engineered piece of
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the E-voting