"Secure voting equipment and adequate testing
would assure accurate voting - if we had them. To our knowledge, every
independent third party analysis of the AccuVote-TS has found serious
problems, including the Hopkins/Rice
report, the SAIC report, the RABA
report, the Compuware
report, and now our report.
Diebold ignores all of these results, and still tries to prevent
third-party studies of its system.
If Diebold really believes its latest systems
are secure, it should allow third parties like us to evaluate them."
In addition, there have been some recent incidents regarding e-voting irregularities:
E-voting
Security Under Fire in San Diego Lawsuit - Machine practices,
reliability in doubt
Maryland
county struggles with e-voting 'fiasco'
All of this seems to be a set-up for disaster. If you think the 2000
election was bad, just wait.
I can only speak to what I know, and here it is. Some of what I have to
say may be offensive to some people, but I'm just trying to state the
situation as I see it.
1. Practically any software device can be manipulated by
creative and devious people.
These people are often more creative and effective in finding defects
than the people who write and test the software. Manipulation does not
have to occur on a network. It can be achieved with viruses spread by
memory cards. It can also be accomplished through social engineering
(getting people to provide information by deceiving them). In fact,
there is video testimony from a former employee of one of the software
providers of voting machines who claims he was offered payment to
insert code to manipulate the 2000 election.
2. The manufacturer is always going to vigorously defend
their products.
That is their business. To do otherwise would hurt, perhaps kill, their
business. They may not technically lie, but they may craft their
message in a way that can later be dismissed (e.g., "We never
said…").
As testers say, "In God we trust. Everyone else, we test."
3. Government procurement is a slimy process.
There are so many ways that the government can award business to
"friends" that it's not even funny. (I really know about that!) I heard
one person remark recently that our government has become "a group of
people with money and power that gives money and power to their
friends." A company can get the business of providing election
equipment with a less than perfect track record.
4. The bar of software quality is very low.
We have come to accept the practice of solving computer problems by
restarting the system. We know that software crashes and does other
weird things, but we still buy it. We know how testing is often
understaffed and rushed in most companies. However, these stakes are
much higher in dealing with election software and hardware.
5. The election officials are not generally computer
savvy.
I admire and respect the people who selflessly volunteer their time to
work at polling places. May your numbers increase. However, these
people struggle with technology just like anyone else might. (And by
the way, the fault is not all their's. Technology has gotten complex.)
So when you are depending on a person at the polling location to
correctly configure and troubleshoot the voting machines, this opens
the door for other types of mistakes.
6. The voters are definitely not computer savvy.
Sure, the manufacturer tries to make the screens as user friendly as
possible, but there are people who will still press the wrong buttons
or press the right buttons in a wrong way. (I do have experience
testing touch screens.) Even these types of usability problems can
cause confusion.
7.
The cat is out of the bag. The specific code
vulnerabilities are widely known. All you need to do is watch the HBO
documentary, "Hacking
Democracy" or Princeton's
Security Analysis of the Diebold AccuVote-TS Voting Machine to learn how to hack a voting
machine on your own. There are few secrets left about how to manipulate
an election.
Conclusion
We're not ready for electronic voting with the current generation of
equipment and the out of control state of software quality and
security. The only way I would be comfortable in trusting electronic
voting machines would be for them to be validated at the same level of
rigor as medical devices. The testing of the equipment must be
independent and the actual voting process should be verified by an
independent paper record (not a paper tape produced by the voting
machine itself).
Plus, if any independent source can show the election machines to be
unreliable, the issues should be addressed with the full cooperation of
the independent source, the manufacturer and the government (even to
the extent of reverting to paper methods, if needed). Debating back and
forth in the media doesn't help anyone - it just adds more confusion.
It would be very
sad if the tradeoff between the speed of getting election results and
the accuracy of the election were based on our own impatience to get
quick results on election day. There are some processes that should not
be rushed. There are also some processes that shouldn't be computerized
- at least until reliability and security can be proven to be
bulletproof. Until then, just give me pen and paper, please.
If you are also concerned about the unreliability of these voting machines, please make your concerns known to your local election officials. The future of democracy is at stake. I'll keep you posted on new developments.
Related Links
New
Laws and Machines May Spell Voting Woes NY Times, Oct. 19, 2006
E-voting
Whistleblower Testimony
Princeton's Security Analysis of the Diebold AccuVote-TS Voting Machine
All materials on this site copyright 1996 - 2008, Rice Consulting Services, Inc.
Rice
Consulting Services, Inc.
P.O. Box 892003
Oklahoma City, OK 73189
405-691-8075