The Great Electronic Voting Debate

[shadron]

I have recently been sucked up professionally in the Great Voting Debate.

After the disaster in Florida some time back, many states decided it was time to come up to the twentieth century and start using some of this technology to do the voting thing our country cherishes so. A number of companies charged into the fray, with what are now known as DRE - Direct Recording-Electronic machines, and *surprise!!*, it didn't work so well. The problems were thoughtlessness ("We already have a plush toy doggie that talks - if we tweak the ears, he can count a vote") and rush-to-profit, first of all, and later complacency. Diebold accidentally left their source code for their tabulator (the vote taking machine) out where a university team could find it and rip them to shreds over its lack of - you name it - security, requirements analysis, knowledge in use of cryptography, programming style, perhaps even goto's considered harmful.

The current big fight is over the source code. The EFF, whose causes I've long supported in my bleeding liberal heart, seeing what a boon the Diebold error was to the debunkers of computerized doggy/DREs, is trying to get the idea of total open source across - that the machine builders should completely bare their software to any and all for examination. This seems good, until you look into the fine print. Diebold, for example, used Windows CE as an operating base for their code. EFF therefore wants the source code for Windows CE to be exposed on the net. See a problem here?

For those who have read this far but are not software specialists, let me just say that as much as I'd like to see it happen, it won't. Short of Diebold buying out Microsoft, it simply will never happed - voting machines are just not Mr. Ballmer's reason for rising in the morning. No source code for Windows, not now and not ever, not for voting machines, anyway. One could turn this into a great argument for Open Source Linux systems, I suppose. The one thing that Windows does have, however, is millions of customers beating the code to death every single day. On the other hand, there are those patch Thursdays...

A lot of the other problems appear to me fixable. One company has the user fill in an old-style paper ballot, which is then immediately read into he machine, scanned and tabulated. The voter gets immediate feedback on whether there is an under- or over-vote (no more hanging chad) and a summary printout of his vote before he has to say "cast" or "redo", and then the cast ballot is automatically dropped into a locked ballot box. The ballots become the primary basis of the voting; the machine just gives a quick tally that is documented and recountable. There are lots of other bells and whistles, and the current devices still have not been rethought from he ground up for the intended use (or at least it doesn't look like it to me), but they're getting there. The old lever machines, by the way, would have never stood up to this sort of scrutiny even in their day.

Anyway, anyone have any comments on all this?

 

[LawnOven]

Perhaps Diebold should just program their software to work with Linux systems, like you proposed, and not use Windows CS at all. That is, perhaps it should be a requirement that voting software be coded with open source operating systems in mind.

This is our democracy we are talking about here. It seems fair that voters should have access to that sort of information.

 

[drkitten]

Diebold, for example, used Windows CE as an operating base for their code. EFF therefore wants the source code for Windows CE to be exposed on the net. See a problem here?

Anyway, anyone have any comments on all this?

Yeah. Use Linux or it's equivalent.

It really is that simple; I see contracts and grants all the time that recommend (or demand) as a condition of acceptance that the software be fully open-source and licenced under one of [insert list of licensure variants]. If you want to bid on that contract, you HAVE to use Linux or an equivalent, and everyone accepts it. (Actually, every so often, someone doesn't accept it, and usually makes a big fuss about it, basically making themselves look like idiots.)

Diebold, like everyone else, would have two choices. Port the software to Linux, or not bid.

But the last time I checked, there is nothing in the US Constitution that mandates that Diebold gets to make voting systems.

 

[GodMark2]

The current big fight is over the source code. The EFF, whose causes I've long supported in my bleeding liberal heart, seeing what a boon the Diebold error was to the debunkers of computerized doggy/DREs, is trying to get the idea of total open source across - that the machine builders should completely bare their software to any and all for examination. This seems good, until you look into the fine print. Diebold, for example, used Windows CE as an operating base for their code. EFF therefore wants the source code for Windows CE to be exposed on the net. See a problem here?

No problem whatsoever. Without the underlying operating system source code, it cannot be verified, even by Diebold, that the machine will preform as required.

So make your own OS (not difficult for a single use machine such as these). The use of a general purpose operating system for a single use machine is simple laziness. The more complicated GP OS will be more prone to error than the simple single purpose one. You don't need HTTP processing, or TCP/IP, or COM+ event managers, or Distributed Link Tracking, or Universal Plug and Play. You don't even need the ability for those processes to be included. Why use an OS that was designed to have those things added? Each capability just adds more points of exposure for possible failure.

 

[GodMark2]

But the last time I checked, there is nothing in the US Constitution that mandates that Diebold gets to make voting systems.

Someone once told me "The law grants you the right to have a business. It does not grant you the right to stay in business. Your customers have to do that."

 

[drkitten]

Someone once told me "The law grants you the right to have a business. It does not grant you the right to stay in business. Your customers have to do that."

Someone was very smart.

 

[shadron]

All of what you all say is very true. At present, Diebold attempted to sell its business, but found no takers (the CEO's comment about helping win the election in Ohio for Bush in 2004 did nothing to enhance the prospects), and so it was sort-of shoved over into a corner to expire quietly as Premier Election Systems. Diebold acquired the system concept and hardware/software by buying General Election Machines. It also turned out that the GEMS processor (which designed the ballots and then received all the "take" from the tabulators after the election) was programmed with an MS Access jet database, and there are instructions on the net about how one can hack into it given MS Office, bypassing the security. Some Diebold emails describe how they knew this was a problem and how they finessed it with a government testing contractor. High capitalistic crimes and misdemeanors; it's a wonder how a bunch of them avoided jail time.

The reason why they wanted to do it with Windows is because it was quick to market. As GM points out it is (fairly) easy to create a dedicated system running on a micro-controller in firmware to handle a voting tabulator; there one out there that uses a micro-controller version of Linux to anchor the unit.

If anyone is interested in some of the history, see http://www.nytimes.com/2008/01/06/magazine/06Vote-t.html .

 

[ddt]

As GM points out it is (fairly) easy to create a dedicated system running on a micro-controller in firmware to handle a voting tabulator; there one out there that uses a micro-controller version of Linux to anchor the unit.

The main type of voting machine that was in use in the Netherlands was built around 1980s technology with a 8- or 16-bit microcontroller and no OS to speak of.

A group of Dutch hackers has been active in the last 2 years to expose the risks - a.o. they were featured in a TV news program, where they showed how easy it was to rig the machine and have it play chess instead . The government just decided to stop using the old voting machines and not to look into new generation machines.

Personally I agree with them that electronic voting solves a problem that does not exist. The paper-and-red-pencil system we had before worked fast enough and the manual vote counting was transparent - I remember as a kid I once attended the counting at the local polling station - and secure.

I understand the US situation is a bit different - often, you get to vote for many different positions at a time, not just for Parliament or just for the Municipal Council as we do - and you can also have write-in votes (who the hell invented that?). So, manual vote counting is indeed more awkward. At least the site may give you some inspiration.