Elections idiocy
Last week, some researchers from Johns Hopkins published a paper [PDF] detailing numerous flaws in the source code for a Diebold electronic voting system. The mainstream press picked up on this and wrote a number of articles about it. The reaction from both Diebold and election officials was extremely disappointing. The Washington Post, for example, talked to a number of officials in the state of Maryland, which just signed a statewide contract for Diebold election machines after using a number of Diebold systems in selected counties in last year’s election. Among the comments from Maryland officials:
- The last election went well, so the machines are fine.
- Voters feel like they’re using modern voting machines, so electronic machines are an improvement.
- The state has a hundred years of data from its precincts, so if results change unexpectedly they’ll notice.
These comments are at best naive and at worst indicative of a willful ignorance of basic principles of elections and information security. If a computer system works once, that’s no proof that it will continue to be secure in the future. Voters may be happy because the machines look prettier, but they’ll certainly be far less happy if their votes aren’t counted correctly. And as anyone who has analyzed election returns knows, individual precincts can swing elections by fluctuating by small amounts. Additionally, any significant swing in a single precinct can be (and is) explained away as long as it’s plausibly correct.
Election fraud is a time-honored American tradition. We counter that, though, with persistent investigation of any signs of fraud and a system that’s designed to make cheating as difficult as possible. Somewhere in the transition to electronic voting machines we lost sight of that goal. When you read the Hopkins report, you see that the number of holes in the Diebold system is simply mind-boggling. Unfortunately, there’s no reason to think that Diebold is uniquely bad and its competitors are any better. Instead, with the politicians ignoring their technical advisers (who almost always advise against electronic systems), the manufacturers of voting systems have little incentive to produce machines with independently verifiable security designs. I wonder what it’ll take for political decision-makers to learn the fundamentals of computer security…and whether that’ll happen before the first election is stolen.
Marc Said,
July 28, 2003 @ 11:33 pm
After reading that paper I wonder how the designer of that system could be so pathetic. Whoever designed that had absolutely no clue whatsoever. I don’t see though how any system that doesn’t give a printout to the voter can ever be secure though.
Brian Said,
July 31, 2003 @ 11:20 am
What’s the benefit of the printout, other than you being able to bring all of the printouts and count them yourself; but the printouts are almost certainly forgeable, so don’t provide much additional security.
Counter that with the claim that usually comes up in digital voting circles, that providing voters with the ability to demonstrate how they voted will lead to abuses (unions or corporations insisting that they vote a particular way in order to maintain their seniority/job, for example).
One system design I’ve heard recommended is one that prints out a scantron like card, that the user can verify, and then drop in the ballot box. It’s machine generated in the common case, so should be more legible; if something goes wrong with the machines (e.g., power failure), or if people don’t trust them, they can fill it out by hand; it’s fairly easily checked by hand; and it’s exactly as secure as current systems.