This has not been a good week for e-voting companies. First came the report
out of California that the security had
problems on every machine tested by independent security experts, followed
quickly by security experts finding problems with
other machines in Florida. This should come as no surprise. Every time a
security expert seems to get a chance to check out these machines, they find
problems. What was odd, though, about the announcement on Monday coming out of
California, was that the state had only
released some of the reports. It left out the source code review. However,
late Thursday, the source code reports were finally released and things don't
look much better. Apparently all of the e-voting machines are
vulnerable to malicious attacks that could "affect election
outcomes." The report also points out: "An attack could plausibly be
accomplished by a single skilled individual with temporary access to a single
voting machine. The damage could be extensive -- malicious code could spread to
every voting machine in polling places and to county election servers."
This, of course, is what others have been saying for years, and which Diebold
always brushes off. Ed Felten has gone through the reports and is amazed to find that all of
the e-voting machines seem to have very similar security problems -- and
that many problems that Diebold had insisted it fixed in 2003 were still
present. Remember how Diebold had used the master password
"1111" in their machines? Now their machines use hard-coded
passwords like "diebold" and (I kid you not) "12345678." At
some point, isn't it time for Diebold (and the other e-voting machine makers)
to stand up and admit that their machines aren't secure and, in fact, were
never secure? At the very least, the company owes the world a huge apology --
but somehow, given its past behavior
whenever its machines are shown as insecure, that seems unlikely to happen.
Can someone please explain to me why a machine is needed to record and/or
count ballots? It seems a perfect example of using technology where it is not
needed. Coloured paper, cardboard boxes and pencils marking an X next to a name
or Yes/No question. That's how it works in Canada and we always have the
results the same night. Results are phoned into a central spot and everything
is finalized officially within a couple of days.
Every party has scrutineers at every polling station who supervise the counting
and everywhere, two or more people are watching each other to make sure there's
no funny business. Every position or proposition uses a different colour of
paper, which go into different boxes that are supervised by two little old
ladies or students who are picking up a couple of extra bucks for working that
day and a couple of evenings previously for 'training'. How can any machine
beat that idiot-proof, low-tech, inexpensive, extremely simple system?
While personally I think the overall system of party-based democracy has lots
of problems, the one thing I don't doubt is that the vote totals reported are
legitimate and represent the intention of those who have chosen to vote. If I
had to trust a machine, I would be extremely leery of trusting the results...
(reply to this comment) (link to this
comment)