Who Is This?

Frank, a forty-something software engineer in Southern California.
Weblogs Of Special Merit
Reciprocal Links
Referrers
Powered by
Movable Type 3.34
Valid XHTML 1.0!
Valid CSS!
www.blogwise.com www.blogstreet.com

www.blogmatrix.com
The TTLB Ecosystem

December 10, 2003

Government

Electronic voting in a nutshell.

As I think I have mentioned before, as a software engineer I regularly read the Risks Digest, a mailing list now nearly twenty years old that deals with risks to the public from computers and related systems. Naturally, the topic of electronic voting has received attention in that forum, and in fact Peter G. Neumann, the moderator, has spoken in public about the risks inherent in electronic voting.

The latest issue has a couple of especially incisive and succinct articles regarding this issue. First, Dave Brunberg asks, among other things,

Why not just admit that e-voting cannot be made secure without adding in somuch complexity that it becomes prohibitively expensive or self-defeating?

He points out a number of potential problems in the whole idea of electronic voting and suggests a potential fix for them. Peter Neumann responds:

Responding to the above message by Dave Brunberg:

ONE.  COUNT THE PAPER, and let the electronics appease the media only for an
      UNOFFICIAL PRELIMINARY count.  The official count would be paper.
      (Vendor arguments that paper is unreliable are largely bogus.  Vendor
      arguments that their systems CANNOT have erroneous results are of
      course COMPLETELY BOGUS, ignoring insider fraud, programming screwups,
      and configuration errors.  Instead, they tend to argue that no
      "hackers" can break in, which is not the primary concern for polling
      place voting -- although it would be a serious concern for Internet
      voting.)

TWO.  IF THERE IS A DISCREPANCY, the machine should be IMMEDIATELY DISABLED
      for the duration of the election.  No fooling around with machines
      that indicate on the screen that your vote has been recorded for a
      candidate you did not vote for, where you are told that it is an error
      on the screen but is correct in memory -- as happened in Florida in
      2002.)

THREE.  Why have electronic voting machines at all?  GOOD QUESTION.  The
      most compelling arguments are providing a nice voter interface and
      avoiding overvotes -- although we have reported cases of blank
      positions being counted as votes by miscalibrated optical scanners (or
      tampered ballots?), and there are also reports of chad knocked out of
      punchcards because of too-deeply-prescored chad slots, suggesting that
      some of the card-system overvotes are not the voters' faults.  But see
      the next message from William Ehrich, which has been said before but
      is worth saying again.  PGN

One should bear in mind when reading the above points that Peter G. Neumann is pretty much the expert when it comes to the risks of computers in society. If he says it, it should be taken very seriously indeed.

Finally, the comment from William Ehrich, who points out something that all software engineers should already know (and if they don't they shouldn't call themselves software engineers) and something that anyone interested in electronic voting systems should learn:

All the technical people seem to agree that a voting machine has to produce a piece of paper for audit trail, and some feel that that piece of paper should be the primary record of the vote.

It seems an obvious extension of this idea to have the voter simply mark the piece of paper with a felt marker.

That is in fact how we have been voting here. [Minnesota. PGN] It works well.

There is a counting machine at the voting place to count the ballots. If I don't trust that machine I can (in principle) recount them with a different machine or count them by hand.

There is a RISK in using a computer where it is not needed and can do more harm than good.

Emphasis mine.

As is so often the case, electronic voting is another situation in which "computers" are promoted as a panacea when in fact the problem, difficult recounts, "hanging chad" and confusing ballots as encountered in Florida in the 2000 election, cannot be solved by software, even when coupled with dedicated hardware. Over and over, I see people suggesting the use of optical-character-recognition methods (which are both electronically readable and readable by humans) or even older technologies, technologies that have been around long enough to have become very reliable, and I keep seeing those suggestions ignored or dismissed by people who seem to think that making the entire process electronic will be some kind of magic cure to all the problems. Unfortunately, making the entire process electronic will solve nothing and will instead add many new problems.

I will refuse to use the current crop of electronic voting devices. If necessary, I will vote absentee and I will certainly make my categoric refusal known to my Senators and Representative. After all, what is the point of voting if I have no assurance that my vote will be counted the way I intend? If I can't be sure my vote against Bush next November will in fact be a vote against Bush, because it could trivially be perverted by the hidden software inside the electronic voting mechanism, perhaps my time could be better spent camping outside my Senator's offices. Or maybe outside the White House, along with a few million others like me.

Posted by Frank at December 10, 2003 10:33 AM

All Rights Reserved