[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

11/13 NY Times/David Pogue: Diebold e-voting concerns

Tech savant, author and Mac expert David Pogue highlights various concerns about e-voting in his Nov. 13 New York Times column, which focused on Diebold, one of the four finalists in Boulder County's voting machine selection process:

* Horrible lack of security: secret, proprietary source code - company jewels - posted on an insecure FTP server!

* Code analyzed by researchers: sloppy, shows "no evidence of rigorous software engineering discipline", cryptography weak

* No way of knowing that the programs built from the certified code are what's installed on the actual voting systems; vendors compromise credibility of certification process by installing uncertified software updates - "patches" - before elections! (Questions: What, if anything, have election officials and legislators done about such tampering with the election process? Has any attempt been made, for example, to certify the code *after* the fact?)

* No paper trail + data stored on a memory card in proprietary format = no means of verifying digital results

* 8 million voters will be using these Diebold systems in 2004 elections (Wired News: 33,000 machines in service)

While concerns have been raised about this one vendor, clearly such questions - and many, many more - should also be asked about other systems under consideration for purchase, and maybe for the e-voting systems already in use. Perhaps no system yet available can pass all the many requirements of the concerned public. 

---

<http://www.nytimes.com/2003/11/13/technology/circuits/13POGUE-EMAIL.html>
From the Desk of David Pogue: Maybe Hanging Chads Weren't So Bad After All
New York Times
Published: November 13, 2003 

If there's one thing you learn as you grow older, it's that life is painted in shades of gray. I find it harder and harder to view any issue in black and white; if you really think about it, you can almost always see the other guy's point of view.

Take electronic voting, for example. In 2000, it sure looked like the old voting systems--punch cards, hanging chads, all that--were desperately in need of upgrading. It seemed pretty obvious that electronic voting systems would have avoided the whole Florida ballot controversy. I, for one, spent two months walking around muttering, "Gimme a break. They can drive the Nasdaq to 5,000, but we're still voting with punch cards?!"

Then came last Sunday's New York Times, which presented a terrifying report on Diebold, a leading maker of paperless touch-screen voting machines. Eight million of us will be tapping on Diebold computers in the next Presidential election.

So what's wrong with that?

Wrong Thing 1: Wally O'Dell, the company's chief executive, is a Republican fundraiser. He writes letters to wealthy Bush contributors vowing to "deliver" his state's electoral votes to the Bush campaign. He hosts campaign meetings at his house. He's also a member of Bush's "Rangers and Pioneers" club (each member of whom must contribute at least $100,000 to the 2004 re-election campaign).

No matter what your politics, you can't deny that there's a strong whiff of conflict of interest here.

Still, Mr. O'Dell wouldn't and couldn't go so far as to program his voting machines to deliver the next election to Mr. Bush, right? Even Oliver Stone would laugh at that conspiracy theory. But then:

Wrong Thing 2: The code in these machines is so insecure, somebody managed to copy a version of it from Diebold and post it online. Two studies--one by professors at Johns Hopkins and Rice University, one by engineering firm SAIC--found the current code to be sloppily written, with weak cryptography and "no evidence of rigorous software engineering discipline."

Wrong Thing 3: This one boggles the brain: The Diebold systems don't print. There's no paper trail, no "voting receipts." Data is transferred to the election precinct on a memory card in a format that only Diebold can read. If an election is ever in dispute, nobody can compare the digital results against a backup system. As an individual, you'd have no way of confirming that your vote was properly recorded.

(My favorite part of the Times article was the story told by New Jersey Representative Rush D. Holt, who's trying to make electronic voting more transparent: "Someone said to me the other day, 'We've had these electronic voting machines for several years now, and we've never had a problem.' And I said, 'How do you know?'")

Without a paper trail, there's all kinds of opportunity for mischief.

Wrong Thing 4: Diebold points out that the software is inspected and tested by election officials before it's certified. There's only one problem: Diebold engineers can slip in and make changes to the software even AFTER it's been certified.

Worse, they do exactly that. A Wired article quoted a Diebold engineer as saying that his team made no fewer than three rounds of software changes to the machines in Georgia's 2002 election for governor--after the machines had been certified but before the election began. (That election "ended in a major upset that defied all polls and put a Republican in the governor's seat for the first time in more than 130 years.")

But Ren Bucholz of the Electronic Frontier Foundation (action.eff.org) told me that this kind of thing--casual, uninspected software updates to voting machines that have already been certified--goes on all the time.

The bottom line: Diebold's voting machines appear to present an undetectable, easy, and tempting target for manipulating elections.

See what I mean? Even electronic voting turns out to be a gray area.

No, wait -- come to think of it, maybe it's a black-and-white issue after all.