“How Do I Know that This Voting Machine is the Good One?”
John Sebes
It never ceases to amaze me how often, and in what varied circumstances, I meet people who are not only quite clued in about election technology reform, but also surprising aware of some of the devils that lurk in the details. Today’s devil: "field validation" of voting devices, or: if I went to vote in a precinct, and someone told me I was about to vote on the wonderful new trustworthy voting system that I had heard about, how would I know that that was the device I was about to use?
I was standing, dripping wet after a brief but very impressive downpour, in one of the wettest places (and most impressive) in the world. A chatty fellow traveller was asking me where I was from, what I do, etc. It look literally two minutes or less to get from that starting point, through my elevator-line about OSDV, and on to field validation. My companion took it as axiomatic that we need to trust computers used in elections, and that proprietary closed source systems provide no basis for trust. But he took it even a step further: even if there were some really high-quality, well-evaluated, certified but closed voting system, its hard to know whether the actual system you’re using is in fact actually that system. Good point! (He probably had heard some of the Diebold horror stories about last minute modifications to election systems having been suspected as part of a vote rigging scheme.) He said that open-source systems were a pre-requisite because of being able to see exactly what software the system was purportedly built with. But how to check a specific system to determine if it has all and only that software?
I had a snappy (but extremely geeky) answer for him, which seemed to satisfy. (For details, feel free to geek out on the wiki at: Field Validation of Voting Systems.) But leaving aside the details of boot media and checksums, there is a very important point about how a voting system’s baseline gets established and published: the Federal certification system. Like it or not, the certification process is at least clear on establishing exactly what a certified system is, and this can be used to create a "fingerprint" that you can check by examining a particular voting device, and seeing if its fingerprint matches that of the certified system. That’s easy to say, but for your typical PC or server, this is not easy. However, for a carefully designed dedicated system, the fingerprint-matching (or field validation) can be quite straightforward, given the right fingerprint — which the certification process does indeed provide.
Why, you might ask, is it so much harder to validate current voting systems? At the risk of a rat-hole, I’ll refer you to the wiki article, and simply say that when these systems were created, field validation wasn’t (and still isn’t) a requirement. So, it wasn’t built in to the system; and it is very hard (if not impossible) to "tack on" without redesigning the entire system — which of course there is no economic incentive to do. ‘Nuff said about that before, so we’ll let it rest there for today.
— EJS