[E-voting] Evoting fiasco rumbles on - Article by Joe McCarthy in The Irish Times

Joe McCarthy joe.mccarthy at arkaon.com
Mon Jul 10 07:40:30 IST 2006

Opinion article in The Irish Times - Monday 10th July 2006

Time to scrap the e-voting machines after a shocking waste of money

The detail in the official report on our insecure, error-ridden 
electronic voting machines shows we must scrap them, writes Joe McCarthy.


The fiasco of electronic voting rumbles on. Last week the Commission on 
Electronic Voting issued its second report and the position is far worse 
than has been portrayed by Government spin-doctors.

The commission had very narrow terms of reference set by the Government 
which limited its examination to secrecy and accuracy of the system. 
This means that nobody has tested the system to prove fitness for 
purpose or value for money. The commission itself stressed that 
extensive and rigorous further testing was required. Despite these 
constraints, the report makes 41 recommendations for change to the 
system before it could be used at all. They criticise everything about 
the system - the hardware, the software and the procedures.

It is now time to call a halt to the waste of public money on this 
ill-conceived system.

The constitutional guarantee of secrecy which we enjoy in Ireland makes 
it impossible for any computer programmer to guarantee that the voter's 
choice has been recorded correctly. The logical solution to this dilemma 
is the same solution proposed by the Chartists and by Daniel O'Connell 
in the 19th century, namely the secret paper ballot. The voter uses 
paper and pencil in secrecy in the booth and then casts the paper ballot 
in public into the black box. Votes become anonymous at that point and 
can be counted in public without fear of intimidation.

This combination of secrecy and openness with the same tangible piece of 
paper can never be replicated by intangible electronics. The commission 
said that "since the chosen electronic system does not have [a paper 
ballot] it is not subject to any meaningful independent audit of its 
vote-recording function. Thus the paper system is superior in this respect".

It also said: "The voter has no way of verifying that what appears on 
the display is what is actually recorded electronically on the ballot 
module within the voting machine, transmitted to the count centre, 
loaded onto the count computers, and actually counted in the correct 
manner. This is because what is counted, the electronic vote, cannot 
physically be observed." This finding goes to the heart of the question 
of trust. Without an assurance that one's vote is safe, how could 
anybody trust this machine?

The commission's criticism of the counting software is scathing. The 
department entered into private negotiations with a Dutch supplier with 
an inadequate specification to modify the Dutch straight-past-the-post 
software to handle our multiple polls with our single transferable vote. 
The software was developed by a single individual in a home office 
environment in Holland and heavy reliance was placed on his knowledge 
and memory of the product.

Among the commission's findings were that the software was complex and 
the code was not well structured, had inconsistent behaviour and had no 
documentation. Software development was iterative and continuous with 
over 130 versions released for testing. Worst of all, the commission 
found that the code still contained counting errors.

Security for the system was found to be totally inadequate.

A naïve security breach is found at the login screen to the system where 
the help page gives the username as ADMINISTRATOR and the password as 
MASTER. Also stored in clear text on disk is the password "vergeten" for 
the vote database. Someone has a sense of humour because "vergeten" in 
Dutch means forgotten!

The commission found that unauthorised access to the system is easy. 
Data stored on ballot modules and on CDs was found to be accessible with 
moderate ease, is stored as clear text and is not cryptographically 
signed to prevent unauthorised alteration. Tests indicated that votes 
transmitted on CDs could be altered without detection and, remarkably, 
no special hardware would be required to carry out such an attack.

The only obstacle to hacking is the set of procedures implemented by 
officials and the report found that some of these were hopelessly weak.

The exposures detailed by the commission mean that a determined and 
well-funded attack on this system would be catastrophic.

There are 41 recommendations in the report. Some of these require going 
back to the drawing board:

. Modifications are recommended for some aspects of the hardware.

. Operational flaws require redesign of the voter interface on the 
voting machine.

. Extensive modification of the embedded C software is needed.

. The Election Management Software should be scrapped.

. An audit facility should be added.

. An option to cast a blank ballot should be provided.

. Improve the specification for the PC used for vote management.

. Rectify the many security vulnerabilities.

The costs associated with these changes have not been estimated.

When openly and full tested from end-to-end I believe that we will find 
the system to be completely unsuitable for purpose.

For example, a voter who chooses a candidate and then in error presses 
the "Cast Vote" button too soon cannot retrieve the situation, even if 
he or she wants to go on to select further preferences. The presiding 
officer cannot help. That person's vote has gone into the system as a 
single vote for one candidate.

In other countries this potential for voter error has been overcome by 
having the voter choose preferences in the privacy of the voting booth, 
but then emerging to press a "cast vote" button outside it. This would 
be more in keeping with our Constitution which requires secrecy when 
choosing who to vote for, and our laws which require the casting of the 
ballot to be a public act.

This modification has not been called for by the commission because it 
is outside their remit.

The two reports from the commission are a complete vindication of the 
professional concerns expressed by myself and other computer 
professionals including Margaret McGaley. The grassroots campaign 
conducted by an unconnected number of citizens shows how democracy can 
be defended. We were considerably helped by using the internet to 
exchange ideas, by the Freedom of Information Act (although the fees 
cost me EUR 4,050) and by the media. In the end public pressure forced 
the Government to listen to the plain people of Ireland.

The Government responded with ad-hominem attacks. Ministers and 
officials accused us of "nit-picking" and of trying to "show off how 
indispensable we were". Our professional body, the Irish Computer 
Society, was accused in the Dáil by the Minister, Martin Cullen, of 
being linked to the anti-globalisation movement and of not being experts 
in this field. Mr Cullen had to subsequently withdraw his remarks.

The Taoiseach last week claimed in the Dáil that "the machines have been 
validated beyond question by an international commission". He was wrong 
in two respects.

. The commission was Irish, not international.

. The validation of the machines by the commission was significantly 
qualified and raises more questions than were answered.

The real problem for electronic voting in this country is the lack of 
openness by the Government in dealing with the issue and the resulting 
public distrust.

The Government wasted EUR2 million and two years by asking the 
commission to address the wrong question but perhaps that was the 
intention - the debacle has been kicked into touch until after the next 
election. As always in politics it is essential to ask the right question.

We now know from materials released to me under the Freedom of 
Information Act that the pilots had some serious failures. The 
commission's findings are so stark that the result in 2002, where TDs 
were elected in three constituencies using the Nedap/Powervote machines, 
must now be questioned.

The appalling vista is that this incomplete and unproven system would 
have been foisted on the whole country in 2004.

The contract for this system was hopelessly weak. It did not preserve 
the public interest. Who should be held to account for this shocking 
waste of money?We needan independent statutory electoral commission 
which should conduct its business in public, as exists in Australia and 
Malta, where the single transferrable vote system is used.

Since the foundation of the State we have developed all the rules and 
expertise needed to conduct open and fair elections. We should scrap 
these electronic voting machines and stick to what we know and trust - 
paper and pencil.


Joe McCarthy is an independent consultant with over 30 years' experience 
in the computer business and 20 years' experience as an election agent. 
He has tallied at elections since 1987.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.stdlib.net./pipermail/e-voting/attachments/20060710/a0092000/attachment.htm

More information about the E-voting mailing list