[E-voting] Evoting fiasco rumbles on - Article by Joe McCarthy in
The Irish Times
joe.mccarthy at arkaon.com
Mon Jul 10 07:40:30 IST 2006
Opinion article in The Irish Times - Monday 10th July 2006
Time to scrap the e-voting machines after a shocking waste of money
The detail in the official report on our insecure, error-ridden
electronic voting machines shows we must scrap them, writes Joe McCarthy.
The fiasco of electronic voting rumbles on. Last week the Commission on
Electronic Voting issued its second report and the position is far worse
than has been portrayed by Government spin-doctors.
The commission had very narrow terms of reference set by the Government
which limited its examination to secrecy and accuracy of the system.
This means that nobody has tested the system to prove fitness for
purpose or value for money. The commission itself stressed that
extensive and rigorous further testing was required. Despite these
constraints, the report makes 41 recommendations for change to the
system before it could be used at all. They criticise everything about
the system - the hardware, the software and the procedures.
It is now time to call a halt to the waste of public money on this
The constitutional guarantee of secrecy which we enjoy in Ireland makes
it impossible for any computer programmer to guarantee that the voter's
choice has been recorded correctly. The logical solution to this dilemma
is the same solution proposed by the Chartists and by Daniel O'Connell
in the 19th century, namely the secret paper ballot. The voter uses
paper and pencil in secrecy in the booth and then casts the paper ballot
in public into the black box. Votes become anonymous at that point and
can be counted in public without fear of intimidation.
This combination of secrecy and openness with the same tangible piece of
paper can never be replicated by intangible electronics. The commission
said that "since the chosen electronic system does not have [a paper
ballot] it is not subject to any meaningful independent audit of its
vote-recording function. Thus the paper system is superior in this respect".
It also said: "The voter has no way of verifying that what appears on
the display is what is actually recorded electronically on the ballot
module within the voting machine, transmitted to the count centre,
loaded onto the count computers, and actually counted in the correct
manner. This is because what is counted, the electronic vote, cannot
physically be observed." This finding goes to the heart of the question
of trust. Without an assurance that one's vote is safe, how could
anybody trust this machine?
The commission's criticism of the counting software is scathing. The
department entered into private negotiations with a Dutch supplier with
an inadequate specification to modify the Dutch straight-past-the-post
software to handle our multiple polls with our single transferable vote.
The software was developed by a single individual in a home office
environment in Holland and heavy reliance was placed on his knowledge
and memory of the product.
Among the commission's findings were that the software was complex and
the code was not well structured, had inconsistent behaviour and had no
documentation. Software development was iterative and continuous with
over 130 versions released for testing. Worst of all, the commission
found that the code still contained counting errors.
Security for the system was found to be totally inadequate.
A naïve security breach is found at the login screen to the system where
the help page gives the username as ADMINISTRATOR and the password as
MASTER. Also stored in clear text on disk is the password "vergeten" for
the vote database. Someone has a sense of humour because "vergeten" in
Dutch means forgotten!
The commission found that unauthorised access to the system is easy.
Data stored on ballot modules and on CDs was found to be accessible with
moderate ease, is stored as clear text and is not cryptographically
signed to prevent unauthorised alteration. Tests indicated that votes
transmitted on CDs could be altered without detection and, remarkably,
no special hardware would be required to carry out such an attack.
The only obstacle to hacking is the set of procedures implemented by
officials and the report found that some of these were hopelessly weak.
The exposures detailed by the commission mean that a determined and
well-funded attack on this system would be catastrophic.
There are 41 recommendations in the report. Some of these require going
back to the drawing board:
. Modifications are recommended for some aspects of the hardware.
. Operational flaws require redesign of the voter interface on the
. Extensive modification of the embedded C software is needed.
. The Election Management Software should be scrapped.
. An audit facility should be added.
. An option to cast a blank ballot should be provided.
. Improve the specification for the PC used for vote management.
. Rectify the many security vulnerabilities.
The costs associated with these changes have not been estimated.
When openly and full tested from end-to-end I believe that we will find
the system to be completely unsuitable for purpose.
For example, a voter who chooses a candidate and then in error presses
the "Cast Vote" button too soon cannot retrieve the situation, even if
he or she wants to go on to select further preferences. The presiding
officer cannot help. That person's vote has gone into the system as a
single vote for one candidate.
In other countries this potential for voter error has been overcome by
having the voter choose preferences in the privacy of the voting booth,
but then emerging to press a "cast vote" button outside it. This would
be more in keeping with our Constitution which requires secrecy when
choosing who to vote for, and our laws which require the casting of the
ballot to be a public act.
This modification has not been called for by the commission because it
is outside their remit.
The two reports from the commission are a complete vindication of the
professional concerns expressed by myself and other computer
professionals including Margaret McGaley. The grassroots campaign
conducted by an unconnected number of citizens shows how democracy can
be defended. We were considerably helped by using the internet to
exchange ideas, by the Freedom of Information Act (although the fees
cost me EUR 4,050) and by the media. In the end public pressure forced
the Government to listen to the plain people of Ireland.
The Government responded with ad-hominem attacks. Ministers and
officials accused us of "nit-picking" and of trying to "show off how
indispensable we were". Our professional body, the Irish Computer
Society, was accused in the Dáil by the Minister, Martin Cullen, of
being linked to the anti-globalisation movement and of not being experts
in this field. Mr Cullen had to subsequently withdraw his remarks.
The Taoiseach last week claimed in the Dáil that "the machines have been
validated beyond question by an international commission". He was wrong
in two respects.
. The commission was Irish, not international.
. The validation of the machines by the commission was significantly
qualified and raises more questions than were answered.
The real problem for electronic voting in this country is the lack of
openness by the Government in dealing with the issue and the resulting
The Government wasted EUR2 million and two years by asking the
commission to address the wrong question but perhaps that was the
intention - the debacle has been kicked into touch until after the next
election. As always in politics it is essential to ask the right question.
We now know from materials released to me under the Freedom of
Information Act that the pilots had some serious failures. The
commission's findings are so stark that the result in 2002, where TDs
were elected in three constituencies using the Nedap/Powervote machines,
must now be questioned.
The appalling vista is that this incomplete and unproven system would
have been foisted on the whole country in 2004.
The contract for this system was hopelessly weak. It did not preserve
the public interest. Who should be held to account for this shocking
waste of money?We needan independent statutory electoral commission
which should conduct its business in public, as exists in Australia and
Malta, where the single transferrable vote system is used.
Since the foundation of the State we have developed all the rules and
expertise needed to conduct open and fair elections. We should scrap
these electronic voting machines and stick to what we know and trust -
paper and pencil.
Joe McCarthy is an independent consultant with over 30 years' experience
in the computer business and 20 years' experience as an election agent.
He has tallied at elections since 1987.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the E-voting