Archived Weblog Entry - 06/15/2004: "E-voting"

[Previous entry: "iVue"] [Main Index] [Next entry: "Barbie-wife"]

06/15/2004 Archived Entry: "E-voting"

For those of you who are interested in definitive background on the e-voting debate and controversy, I am reprinting in full a letter I just received from activist Bev Harris who is bird-dogging the issue.

BEGINNING of Bev's letter:
For more than three years I have been trumpeting the dangers and pitfalls of electronic voting. An introduction to the problems of electronic voting can be found on the Equal Justice Foundation web site. As many of you know, I've served on the IEEE Voting Equipment Standards committee virtually since it was formed. The IEEE committee, where I am one of about 30 active voting members, is attempting to develop national standards that would ensure the accuracy and security of electronic voting equipment, as well as working with local and state officials toward that end with groups like CAMBER. But no usable standards will be available before the end of 2005 at the earliest ,and no voting equipment will be built and certified to such standards before the end of 2006. Further, the standards now in work are incomplete and only cover voting equipment used in precinct voting. The real security problems for an election are in the county election departments and there are no effective standards for that equipment now or in work.

But the problems with electronic voting in the past year have cascaded beyond my ability to keep up with them.

In a March 2004 election in California, 40% of the Diebold electronic voting machines failed in San Diego County, with a population of over 3 million, as well as numerous problems in a number of other California counties. Fortunately, as a result the California Secretary of State decertified the Diebold DRE machines in that state. The response of several California county clerks has been to sue the Secretary of State.

In Garfield County, Colorado, the November 2003 election results were so mishandled by the county clerk using an optical scanner to count the votes that the Secretary of State found it necessary to issue a 248-page report and invalidate the results of two items on the ballot. And in Colorado the Secretary of State recently entered into a contract with Accenture (son of bankrupt Arthur Anderson of Enron infamy), a Bermuda-based company to develop a statewide voter registration database to be maintained over the Internet. This after Accenture's little project in Internet voting for the military, the SERVE program, was cancelled because of security concerns, to say nothing of various cost overruns and missed deadlines. And the Colorado SoS proposes not to tell citizens how the voter registration database is designed or how it works on the basis of "security by obscurity," the worst possible security device. But even when the IT manager for the Denver Election Commission was arrested for theft and fraud during the November 2003 election, the only response in Colorado has been ho-hum.

Incredibly, the only people I encounter who favor computer voting are the manufacturers (and those they give money to) and election officials (who are in CYA mode after having spent tens of millions of taxpayer dollars on equipment that often malfunctions and has failed every security test to date).

Two articles came my way in the past week that well document the current quagmire of electronic voting.

The first is by Bev Harris of Black Box Voting that deserves wider recognition before citizens lose all control over the election process.

Does anyone find it peculiar that, after reports like the RABA report, the SAIC report, and the original Johns Hopkins report by Avi Rubin and others in Maryland, the CompuWare report in Ohio, reports that show that software with "stunning, stunning security flaws" (hey, the New York Times said it, not me), and after two devastating reports demonstrating flaws with Diebold GEMS software and Sequoia central count systems, after all this, we are allowing the manufacturers send their "corrected" software versions right back to the same certification labs for approval?

328 security flaws, 26 deemed critical - SAIC report.
All four major manufacturers found to have critical security flaws - Compuware Report
Hacked in 5 minutes, left no trace - RABA report
Wyle Labs admits to certifying Sequoia software despite known flaws - discovery materials from a recent lawsuit

Hey, guys? Why are we sending the "new and improved" versions right back to the same places that missed all the problems the first time around?

Under the Help America Vote Act (HAVA), we were supposed to revamp certification procedures. Nice idea, but they failed to fund it.

I've been saying for many months now that what we have is an auditing problem, not a certification problem. We've been using the wrong model to ensure the integrity of our elections. We can examine source code until we're blue in the face, but (even with a voter verified paper ballot) that won't provide the safeguards we need. What we have to do is use that ballot to verify the correctness of the election results, and we need to run reports to compare the vote totals as they travel through the system.

This is called auditing. It's not rocket science. It's not computer science either. It involves things like:
Comparing the paper ballots against the voting machine totals;
Comparing the polling machine totals against the central count machine totals;
Using business reply mail (best) or postal receipts, to compare the number of absentee ballots received with the number counted.

I received this in an e-mail today, and it speaks directly to our flawed certification model:

"A programer friend gave me an interesting web site to look at the other day...Mr. Thompson is the co-creator of an operating system called UNIX...what he did was reveal to the world that for 15 years UNIX had a bug. The bug was installed by him when he wrote the code and it allowed him to override any password protection by his unique knowledge of the key. For all those years he had waited for someone to question his implanted bug and no one ever did, so he dropped it on his peers at this award ceremony."

His quote from this presentation pretty much tells the whole story...No amount of source-level verification or scrutiny will protect you from using untrusted code.

Think open source will solve it? Open source, which is the equivalent of writing the program in the town square, in plain view of all the computer programmers in the world who care to watch, is important. It can tell us if someone slipped something undesirable into the code.

Open source code, though, won't guarantee that the program is secure. Linux was compromised at one time simply by adding the "=" sign into one of the many thousands of code lines. That went undetected, and there are probably more eyes on Linux than any other program in the world.

Counting votes is just bookkeeping. As in accounting, we may use a computer to help us, but the computer can't dictate the procedures. Certification won't save us, but sensible, publicly observed, appropriately chosen auditing procedures will restore trust quickly.

END of Bev's letter
Best to all,
mac