Tuesday, May 29, 2007

Back to paper ballots?

Pokey Anderson has spent years studying electronic voting and arrived at these findings:
Even if a person could check hundreds of thousands of lines of software code and find hidden malicious code,
and even if software could be written bug-free,
and even if the hardware works properly and interfaces perfectly with the software and peripherals,
and even if the binary and source code match identically,
and even if each electronic voting machine were physically guarded every minute to prevent insertion of malicious code (including by insider vendors or subcontractors or election personnel or anyone with a key including the janitor),
and even if every software change has been clean and legitimate,
and even if unexamined ballot definition files are accurate and trustworthy,
and even if there were reasonable ways to make sure that the software previously checked is now the software running on each machine on the morning of election day
. . .
chinks in the voting system armor could allow intrusion DURING voting day and during tabulation.
Here's her conclusion:
Of course, if everything about an election computer system were disclosed and vetted from head to toe, it would be safer. But, given what’s at stake -- the reward for stealing an election could amount to control of a jurisdiction, or even the entire US treasury -- the threat level is quite high. The quality of software for elections to date has been unreliable and has not inspired confidence. And, experts admit that the task of protecting elections without some sort of paper ballot records is near impossible.

One of the experts for RABA spoke of the vulnerabilities of the Diebold DREs, which at the time had already been used statewide in Georgia:

William Arbaugh: “There’s no security that’s going to be 100 percent effective. But the level of effort was pretty low. A high school kid could do this. Right now, the bar is maybe 8th grade. You want to raise the bar to a well-funded adversary.”

Raise the bar? Tell ya what. Instead of shaking their secrets out of private election companies one by one, and exposing their insecure election systems mistake by mistake, let’s get elections that can be overseen by average citizens.

Poll workers and citizens shouldn’t have to know about rootkits and encryption keys and buffer overflows to protect our votes from wholesale theft with a few keystrokes. And, attaching printers or doing audits after the fact seem like a weak overlay onto a shaky, vulnerable electronic system. Sort of like putting leather seats into a car that doesn’t run. Or maybe, more in keeping with gambling our democracy, it’s like hanging a new pair of dice over the mirror of the junk car.

An election should be observable from start to finish, with human eyes unmediated by “help” from software. And human eyes should be able to tell if it’s honest. Get it right on election night. Send everybody home convinced of the final result.

Computers can’t do that. Paper ballots can.
[Full disclosure: Ms. Anderson is Mr. DQ's stepsister.]