Realizing that the audience for this newsletter is international in scope, this month I'm going to focus on a topic of concern to those of us living in the United States of America.

Those of us that work in the field of software quality have probably been keeping up with some of the discussions about the security and correctness of electronic voting machines. Certainly, we all remember the controversy of the 2000 election and the problems with the Florida voting procedures. Who can forget the "hanging chad" disputes?

With a major national election just a couple of weeks away I am growing very concerned about the use of electronic voting machines based on some of the recent testing information being published. As a disclaimer, I have not worked directly with any of these machines or their manufacturers. This is not a partisan political issue for me, but rather a matter of constitutional integrity. Voting machines that can be manipulated, or have software flaws could result in the election of people against the will of the electorate. This is the 21st century equivalent of stuffing the ballot box.

Perhaps one of the most interesting debates has been between Diebold, the manufacturer of the AccuVote-TS machine and Princeton University researchers. If you haven't seen it already, I strongly urge you to go to and watch the video of how these machines can be hacked.

Diebold issued a rebuttal of Princeton's findings on September 20, 2006. You can read Princeton's response at the above link for Princeton. Here is an interesting quote from the Princeton team's response:

"Secure voting equipment and adequate testing would assure accurate voting - if we had them. To our knowledge, every independent third party analysis of the AccuVote-TS has found serious problems, including the Hopkins/Rice report, the SAIC report, the RABA report, the Compuware report, and now our report. Diebold ignores all of these results, and still tries to prevent third-party studies of its system.

If Diebold really believes its latest systems are secure, it should allow third parties like us to evaluate them."

In addition, there have been some recent incidents regarding e-voting irregularities:

E-voting Security Under Fire in San Diego Lawsuit - Machine practices, reliability in doubt

Maryland county struggles with e-voting 'fiasco'

All of this seems to be a set-up for disaster. If you think the 2000 election was bad, just wait.

I can only speak to what I know, and here it is. Some of what I have to say may be offensive to some people, but I'm just trying to state the situation as I see it.

1. Practically any software device can be manipulated by creative and devious people. These people are often more creative and effective in finding defects than the people who write and test the software. Manipulation does not have to occur on a network. It can be achieved with viruses spread by memory cards. It can also be accomplished through social engineering (getting people to provide information by deceiving them). In fact, there is video testimony from a former employee of one of the software providers of voting machines who claims he was offered payment to insert code to manipulate the 2000 election.

2. The manufacturer is always going to vigorously defend their products. That is their business. To do otherwise would hurt, perhaps kill, their business. They may not technically lie, but they may craft their message in a way that can later be dismissed (e.g., "We never said…"). As testers say, "In God we trust. Everyone else, we test."

3. Government procurement is a slimy process. There are so many ways that the government can award business to "friends" that it's not even funny. (I really know about that!) I heard one person remark recently that our government has become "a group of people with money and power that gives money and power to their friends." A company can get the business of providing election equipment with a less than perfect track record.

4. The bar of software quality is very low. We have come to accept the practice of solving computer problems by restarting the system. We know that software crashes and does other weird things, but we still buy it. We know how testing is often understaffed and rushed in most companies. However, these stakes are much higher in dealing with election software and hardware.

5. The election officials are not generally computer savvy. I admire and respect the people who selflessly volunteer their time to work at polling places. May your numbers increase. However, these people struggle with technology just like anyone else might. (And by the way, the fault is not all their's. Technology has gotten complex.) So when you are depending on a person at the polling location to correctly configure and troubleshoot the voting machines, this opens the door for other types of mistakes.

6. The voters are definitely not computer savvy. Sure, the manufacturer tries to make the screens as user friendly as possible, but there are people who will still press the wrong buttons or press the right buttons in a wrong way. (I do have experience testing touch screens.) Even these types of usability problems can cause confusion.

7. The cat is out of the bag.  The specific code vulnerabilities are widely known. All you need to do is watch the HBO documentary, "Hacking Democracy" or to learn how to hack a voting machine on your own. There are few secrets left about how to manipulate an election.


We're not ready for electronic voting with the current generation of equipment and the out of control state of software quality and security. The only way I would be comfortable in trusting electronic voting machines would be for them to be validated at the same level of rigor as medical devices. The testing of the equipment must be independent and the actual voting process should be verified by an independent paper record (not a paper tape produced by the voting machine itself).

Plus, if any independent source can show the election machines to be unreliable, the issues should be addressed with the full cooperation of the independent source, the manufacturer and the government (even to the extent of reverting to paper methods, if needed). Debating back and forth in the media doesn't help anyone - it just adds more confusion.

It would be very sad if the tradeoff between the speed of getting election results and the accuracy of the election were based on our own impatience to get quick results on election day. There are some processes that should not be rushed. There are also some processes that shouldn't be computerized - at least until reliability and security can be proven to be bulletproof. Until then, just give me pen and paper, please.

If you are also concerned about the unreliability of these voting machines, please make your concerns known to your local election officials. The future of democracy is at stake.  I'll keep you posted on new developments.