11.08.06

Electronic Voting

Posted in General at 3:40 am

I’ve been meaning to rant on this since I started hearing about the machines having problems.

These voting machines never should have been left in the hands of proprietary, corporate developers. The integrity of the voting process cannot be guaranteed when the device used to tabulate votes is a “black box”.

I don’t know the details of the law that was passed requiring more reliable methods of voting. All I know is it has resulted in an influx of electronic machines. The law should have called for open development of voting machines. Here’s a list of “should haves”:

• Should have required software to behave in a certain way and the source code be available to the general public for inspection. This ensures there is no “funny business” going on with vote tabulation.
• Should have had some sort of specification for the voting hardware. i.e. specifying that the hardware should be difficult to tamper with by unauthorized persons.
• Probably should have specified a minimum security level and provisions for making sure that the software installed on the machines had not been tampered with (it’s conceivable that someone could load a “hacked” version of the software on voting hardware).

Seriously, this is a disaster from a security standpoint. And I seriously believe it is morally wrong that the source code for the voting software is not available for general inspection. Not only would this ensure the integrity of the software, but it would give peace of mind to the voters.

Ideally the federal government would set forth specifications for voting software and hardware. The hardware would be manufactured by private corporations as it today. The specifications would ensure that all software (mostly) worked with (mostly) all hardware. Corporations could create their own software as long as they published source code. I’m sure that a number of publicly led open source projects would spring up as well, and then we would have to sort out how elections personnel will decide what software they want to load on their machines—but choice is good.

Security of the software and hardware is the most difficult part. With so many people working with so many different pieces of hardware and software there is a lot of room for tampering. I have a strong dislike for “trusted computing platforms” but this might be a legitimate use for them. It’s easy to make sure that a piece of voting software operates properly, but making sure that it’s installed on the machine without modification is more difficult. Also the hardware needs to be protected from tampering. Possible solutions:

• Some sort of MD5 sum on the software being installed. Requiring oversight and verification of the checksum when installing would be clunky but effective.
• Have the machines “net boot” off a central server with a verified (as above) piece of software
• For preventing/detecting hardware tampering, software might run a “self-test” where it randomly tallies votes and verifies the results. Trusted computing platforms might help here but I’m not familiar with how they work.

End rant. I hope there are a lot of problems with electronic machines so our leaders will see what a mistake they’ve made in foisting this upon us without really thinking about the consequences.

Permalink