[E-voting] Digital voting fears are grounded in facts

Catherine Ansbro cansbro at eircom.net
Sun Dec 4 15:28:28 GMT 2005


http://www.bbvforums.org/cgi-bin/forums/show.cgi?tpc=8&post=14732#POST14732
(from BBV admin: I cannot find the author's name in this beautifully 
written article. This piece contains many new analogies and sound bytes. 
Consider borrowing a few jewels from it if you will be speaking in 
public about these machines. I would like to get the name of the author, 
however, so he/she can be credited for this excellent work. Anyone know? 
By the way, the WINvote machines are made by Advanced Voting Solutions)

New River Forum - Sunday, December 04, 2005

*Digital voting fears are grounded in facts*

I wanted to comment on two articles I have seen on your Web site, both 
concerning the WINVote machines specifically and paperless electronic 
voting in general.

The first, "Voter paper trail might be a blind alley," contains a 
relatively standard defense of paperless machines from Registrar Randall 
Wertz, based on security steps the state and localities take against 
tampering.

All of these steps are useful and necessary, but in the grand scheme 
they are nothing more than a sugar pill. The software that collects and 
tallies votes is complex, written to meet poor standards and has a 
history of failure. We, as computer scientists, know how to write good 
code -- it runs our airplanes, our pacemakers and our military equipment 
-- but we don't know how to do it on the cheap. Boeing spent $2 billion 
over five years to write the control software for the 777, and the final 
product contains less than one-fourth of the total amount of software 
that runs on your voting machines.

If airplane code were written to the same standards of reliability as 
voting machines, every day about 10 planes flying out of 
Baltimore/Washington International would experience a software failure 
during flight.

Testing can only reveal the presence of problems, not their absence. 
Otherwise, automakers and other companies would never have to issue a 
recall; their testing would be sufficient.

Hacking is not the primary threat. Failure due to an honest mistake is, 
such as the one in the 2004 general election in North Carolina. Election 
officials carried out all the steps Wertz described, but a single 
mistake led to the permanent loss of 4,500 votes, throwing two statewide 
races into disarray for nearly a year.

"I know we'll always have conspiracy theorists," he said. "They're sure 
the government people are out to get 'em."

Do these "conspiracy theorists" include the Association for Computing 
Machinery, the largest and most prestigious organization for 
professional computer scientists? The ACM supports strong development 
standards combined with a non-electronic (i.e., paper) record of every 
vote. This position is supported by more than 95 percent of its members: 
www.myacm.org/opinion/poll.cfm <http://www.myacm.org/opinion/poll.cfm>.

Again, honest mistakes have been far more damaging than the bogeyman of 
"hackers" that election officials mock and use as a strawman argument.

The second article, by Dave Price titled "Voters need not fear the 
digital age," contains chest-thumping bluster, but few facts. I -- and 
the other members of the ACM -- do not fear the digital age. We just 
understand the limitations of the technology.

Price wrote, "I have a degree in information systems management, a 
national certification in computer repair and am fluent in several 
computer programming languages. The one thing I am sure of is that once 
you write a program and extensively test it, as Advanced has done, the 
darn thing works the same way every time."

For this statement alone, his certificates should be revoked. Program 
correctness depends on how well it was written and if the programmers 
considered every possible event, along with the correct way to respond. 
What if someone mashes the screen too hard and holds his finger down? 
What if the disk is full? Will it tell the voter to come back, or will 
it just throw his vote away? There are literally millions of "what ifs," 
and unless the programmers have the correct course of action for each, 
the machine will fail.

Price asserted that "Without a connection to the Internet, or a place to 
insert a floppy disk, they can never be subject to the horrors of 
identity theft, Trojan horses or e-mail phishing ... ."

This statement would be comforting if it had any basis in reality. Every 
WINVote machine has a wireless connection that it uses to get ballot 
layout information and report final results (WIN stands for "Wireless 
Information Network"). A van parked out of sight of election officials 
and protective procedures could connect to these machines, or at the 
very least observe the traffic between them, unnoticed.

Price referred to a summary screen as a way for voters to check 
accuracy. The machines in Carteret County, N.C., showed that kind of 
screen, too. Right before they discarded the electronic copy because 
there was no room on the hard drive, and flashed a message to the voter 
saying, "Thank you. Your vote has been successfully recorded."

"No identity theft, no Trojan horses, no e-mail phishing, no fraud. I 
made sure of that," Price wrote.

It's a relief to know he performed a source-code audit and confirmed 
that the code was written to military standards, checked the audit logs 
and did a forensic analysis on every machine to ensure that no tampering 
or errors occurred, and did extensive usability testing to ensure that 
no voter was confused by the interface on the machine. Perhaps Price 
could share his techniques with the rest of the computer science 
community, which has struggled to understand how to do these things in a 
quick and reliable way for seven decades.

Unless he didn't do all of those things, in which case this final 
statement is meaningless bluster, akin to kicking a car's tire and -- 
assuming it fails to explode -- declaring it a well-engineered piece of 
equipment.

article: http://www.roanoke.com/news/nrv/columns/forum/wb/wb/xp-43263
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://dochas.stdlib.net./pipermail/e-voting/attachments/20051204/7fc68fd4/attachment.htm


More information about the E-voting mailing list