States’ Testing of Voting Technology
Gregory Miller
Confidence – or maybe it’s about lack thereof, if you look at from the point of view of commentator Rady Ananda. While she produced another nicely compiled report today in OpEdNews.Com on several states that have conducted additional detailed studies of the security involved in software-driven election systems, she did little to instill any confidence in the outcomes. Consider her statement, I quote here:
“However, if the Pentagon is unable to deter hackers from its computers, surely our less-protected and less-funded election systems are much more vulnerable to attack. There is no doubt that winning elections in the most powerful nation in the world is strong motivation for anyone willing to do what it takes to win.”
Just a tiny bit sensational IMHO; I mean on the one hand I concur about the vulnerability, but the thought of anyone willing to attempt to throw an election seems like a bit of stretch – at least until we accrue some hard evidence (not circumstantial) that such has, in fact, occurred (can anyone enlighten me?).
In any event, there is good learning about a selection of states in her latest annotation that tested and evaluated technology from Diebold (now known as Premier), Election Systems & Software (ES&S), Hart InterCivic, Sequoia, and Nedap (also known as Liberty). This report is a good informative read, and complements her earlier report on several “Expert Reports” from last January.
As Rady points out, her supplement should “serve to further inform the lay public about the continuing failure of computerized election systems to provide a basis for confidence in reported results.” Well, here is where sparks fly from my Axe as it grazes the grind wheel.
I completely agree that this stuff needs to be documented; published, posted, and pushed into the hands of the public. But it’s also time to start talking about how to fix the problem. Admittedly, it will be some time before a general commentator is ready to report on solutions. There aren’t even any technology savvy journalists, editors, or pundits talking about solutions. But we need to start.
So, tell me what you think.
Thanks!
GAM|out
This post has me seriously concerned about your organization. How could you be in the space of creating election system proposals and exhibit such a lack of concern about election integrity?
>but the thought of anyone willing to attempt to throw an
>election seems like a bit of stretch – at least until we
>accrue some hard evidence (not circumstantial) that such
>has, in fact, occurred
An election system should exhibit robustness against attempts to throw the election. In my view it should do so even when the attempts are made by those in power and administrating the election.
>(can anyone enlighten me?).
Some helpful links:
http://www.rangevoting.org/PresFraud.html
http://www.rangevoting.org/FraudHist.html
Note that there is active research and some light deployment of voting systems that ensure end-to-end verifiability without compromising the secret ballot. Voters can be confident that their vote was counted-as-cast and not dumped in the garbage dump.
Systems that do that are called end to end verifiable. One such system is PunchScan.
Some end-to-end verifiable systems involve voting machines. Some do not. A common theme is that voters take home some sort of ‘receipt’ with which they can verify that vote was counted as cast but where the receipt does not reveal how they voted.
I do not think end-to-end verifiable voting systems are yet ready for wide deployment. I do think:
* that they should be discussed and seriously considered
* that additional funding for basic research of E2E verifiable technologies should be supported
* that limited deployment of E2E verifiable systems should be allowed and encouraged
* laws that frustrate any of the above are misguided
Mr. Wolfe–
Thanks for your comment; I’ve been away this past week plus on assignment and missed your important remark.
First, thanks for the helpful links! I erred in failing to write carefully enough that I was looking for real evidence of compromised computing machinery that resulted in demonstratble vote fraud. That clarified, I knew (from back in law school days) that there are plenty of examples of general election irregularities and outright fraud, but I was looking for examples of digital fraud in elections (read on, I’ve found it).
Bear in mind, 2004 and 2006 are not lost on me. I simply wanted to see real hard evidence of digital fraud and not conspiracy theories and innuendo. Well, I’ve been enlightened there too, thanks to David Earnhardt. I’ve since seen UNCOUNTED, the documentary film now being released (and owe a blog post to that point, but did put up some information on our Facebook page). Mr. Earnhardt and I have actually been in e-Mail communication. I’ve purchased a copy of the movie for the Foundation and one for myself. I now have no doubt that election fraud in a digital world is real and can be evidenced.
So, to be clear: I have religion on this point. I believe digital fraud is possible and probably has already happened. I still think its difficult only because I believe, especially going forward, this will require a well orchestrated effort, and conspiracies generally fail because in absence of superior blind transfers of information, someone will always talk. That, in of itself, does not and will not prevent this Foundation from supporting work, that… to your point… demonstrates integrity and a complete intolerance for any tampering, digital or otherwise.
But to your comment, more specifically: Any misunderstanding of my posting is my bad for writing on the fly (and not doing the compose, edit, rest, edit, post cycle 🙂 For instance, at the outset I pointed out that her writing was "Just a tiny bit sensational IMHO" and just that: a "tiny bit." And I also importantly went on to write that, "…I concur about the vulnerability…" I did then, and I do more so now.
Is it hard to compromise machines? In fact, Ed Felton recently demonstrated that its too easy. Are current systems vulnerable? Absolutely. Should machinery be built that exhibits robustness against attempts to compromise integrity? Absolutely! And to your point, we take that further by ensuring that the common points of social engineering, or as you suggest — an inside job — are also faults that machinery must resist. I actually prefer to think of it as "fault intolerant."
So in the end, I hope you will remain concerned, interested, and question things as you see them. I am not immune to misstatements. And I am open to being called on my opinions and enlightened as well. This Foundation is not and never will be based on my viewpoints. I am merely a shepherd of a larger cause. Success will require thoughtful individuals, such as yourself, to step up and make the cause and efforts of OSDV a responsible reality.
Blogs tend to be a free form commentary device, and I clearly need to do a more careful review and edit of my comments to prevent misinterpretation of my actual view points.
So, my bottom line: I now have religion that digital voting fraud is totally possible and may have already happened. I still think its a challenge to successfully do so, but far from impossible. And finally, I can assure you (and encourage you to speak with our CTO for further assurance) that matters of integrity matter to OSDV, considerably.
Cheers
GAM