and Book Reviews
Are We Really Ready for
by Randall W.
Rice, CSTE. CSQA, CTFL
Realizing that the audience for this newsletter is international in
scope, this month I'm going to focus on a topic of concern to those of
us living in the United States of America.
Those of us that work in the field of software quality have probably
been keeping up with some of the discussions about the security and
correctness of electronic voting machines. Certainly, we all remember
the controversy of the 2000 election and the problems with the Florida
voting procedures. Who can forget the "hanging chad" disputes?
With a major national
election just a couple of weeks away I am growing very concerned about
the use of electronic voting machines based on some of the recent
testing information being published. As a disclaimer, I have not worked
directly with any of these machines or their manufacturers. This is not
a partisan political issue for me, but rather a matter of
constitutional integrity. Voting machines that can be manipulated, or
have software flaws could result in the election of people against the
will of the electorate. This is the 21st century equivalent of stuffing
the ballot box.
Perhaps one of the most interesting debates has been between Diebold,
the manufacturer of the AccuVote-TS machine and Princeton University
researchers. If you haven't seen it already, I strongly urge you to go
and watch the video of how these machines can be hacked.
Diebold issued a rebuttal of Princeton's findings on September 20,
2006. You can read Princeton's response at the above link for
Princeton. Here is an interesting quote from the Princeton team's
"Secure voting equipment and adequate testing
would assure accurate voting - if we had them. To our knowledge, every
independent third party analysis of the AccuVote-TS has found serious
problems, including the Hopkins/Rice
report, the SAIC report, the RABA
report, the Compuware
report, and now our report.
Diebold ignores all of these results, and still tries to prevent
third-party studies of its system.
If Diebold really believes its latest systems
are secure, it should allow third parties like us to evaluate them."
addition, there have been some recent incidents regarding e-voting
Security Under Fire in San Diego Lawsuit - Machine practices,
reliability in doubt
county struggles with e-voting 'fiasco'
All of this seems to be a set-up for disaster. If you think the 2000
election was bad, just wait.
I can only speak to what I know, and here it is. Some of what I have to
say may be offensive to some people, but I'm just trying to state the
situation as I see it.
1. Practically any software device can be manipulated by
creative and devious people.
These people are often more creative and effective in finding defects
than the people who write and test the software. Manipulation does not
have to occur on a network. It can be achieved with viruses spread by
memory cards. It can also be accomplished through social engineering
(getting people to provide information by deceiving them). In fact,
there is video testimony from a former employee of one of the software
providers of voting machines who claims he was offered payment to
insert code to manipulate the 2000 election.
2. The manufacturer is always going to vigorously defend
That is their business. To do otherwise would hurt, perhaps kill, their
business. They may not technically lie, but they may craft their
message in a way that can later be dismissed (e.g., "We never
As testers say, "In God we trust. Everyone else, we test."
3. Government procurement is a slimy process.
There are so many ways that the government can award business to
"friends" that it's not even funny. (I really know about that!) I heard
one person remark recently that our government has become "a group of
people with money and power that gives money and power to their
friends." A company can get the business of providing election
equipment with a less than perfect track record.
4. The bar of software quality is very low.
We have come to accept the practice of solving computer problems by
restarting the system. We know that software crashes and does other
weird things, but we still buy it. We know how testing is often
understaffed and rushed in most companies. However, these stakes are
much higher in dealing with election software and hardware.
5. The election officials are not generally computer
I admire and respect the people who selflessly volunteer their time to
work at polling places. May your numbers increase. However, these
people struggle with technology just like anyone else might. (And by
the way, the fault is not all their's. Technology has gotten complex.)
So when you are depending on a person at the polling location to
correctly configure and troubleshoot the voting machines, this opens
the door for other types of mistakes.
6. The voters are definitely not computer savvy.
Sure, the manufacturer tries to make the screens as user friendly as
possible, but there are people who will still press the wrong buttons
or press the right buttons in a wrong way. (I do have experience
testing touch screens.) Even these types of usability problems can
The cat is out of the bag. The specific code
vulnerabilities are widely known. All you need to do is watch the HBO
Democracy" or Princeton's
Security Analysis of the Diebold AccuVote-TS Voting Machine to learn how to hack a voting
machine on your own. There are few secrets left about how to manipulate
We're not ready for electronic voting with the current generation of
equipment and the out of control state of software quality and
security. The only way I would be comfortable in trusting electronic
voting machines would be for them to be validated at the same level of
rigor as medical devices. The testing of the equipment must be
independent and the actual voting process should be verified by an
independent paper record (not a paper tape produced by the voting
Plus, if any independent source can show the election machines to be
unreliable, the issues should be addressed with the full cooperation of
the independent source, the manufacturer and the government (even to
the extent of reverting to paper methods, if needed). Debating back and
forth in the media doesn't help anyone - it just adds more confusion.
It would be very
sad if the tradeoff between the speed of getting election results and
the accuracy of the election were based on our own impatience to get
quick results on election day. There are some processes that should not
be rushed. There are also some processes that shouldn't be computerized
- at least until reliability and security can be proven to be
bulletproof. Until then, just give me pen and paper, please.
are also concerned about the unreliability of these voting machines,
please make your concerns known to your local election officials. The
future of democracy is at stake. I'll keep you posted on new
Laws and Machines May Spell Voting Woes NY Times, Oct. 19, 2006
back to paper ballots, says e-voting expert - Avi Rubin, a Maryland
elections judge and professor, cites security woes –
Sept 20, 2006
Security Analysis of the Diebold AccuVote-TS Voting Machine
All materials on this site
copyright 1996 - 2009, Rice Consulting Services, Inc.
Consulting Services, Inc.
P.O. Box 892003
Oklahoma City, OK 73189
are made, they are not born. They are made by hard effort,
which is the price which all of us must pay to achieve any goal that is
worthwhile." -- Vince Lombardi
This site best
viewed with the Mozilla Firefox