Tuesday, October 28, 2003
Open Voting Consortium
I have been on a mailing list for the Open Voting Consortium, where we are working on a design for Open Source software for touch-screen electronic voting machines. In the trade, these products are known as DRE (Direct Recording Electronic) machines, or jut DREs. The plan is to produce an auditable system in which the machines cannot be fiddled to count votes differently from what the voter told the machine to do. This means, among other things, producing a paper audit trail, and a printed ballot that the voter would have to verify before depositing it in the ballot box. In case of discrepancies between the electronic tally and the paper, the entire process could be checked over step by step.
Alan Dechert, the leader of the Consortium, handed out sample printouts from the demo version of the system at the UC Santa Cruz Forum on Electronic Voting.
Defects in current voting technology, law, and procedures became painfully evident in Florida in the 2000 Presidential election, where there were vehement allegations of misconduct from both the Democratic and Republican sides, and equally vehement rebuttals. For example, the Republicans complained vociferously that the Democrats wanted to disenfranchise troops overseas by throwing out illegal absentee ballots.
There was no doubt whatsoever that tens of thousands of voters did not have their votes counted in the way they intended, because of problems with ballot design, and the fact that punched card ballots could not be verified before being placed in the ballot box. Problems included unintentionally voting for the wrong candidate (Pat Buchanan, in allmost every case), double voting (for Buchanan and then Gore, in almost every case), and failure of the cards to punch cleanly, resulting in "hanging", "dimpled", and "pregnant" chads. Without these problems, Gore would have won Florida convincingly. As it was, the election was in doubt for several weeks, with the parties and the media variously estimating changing margins of victory for either Bush or Gore, and various Florida courts and the U. S. Supreme court contradicting each other on the proper procedures for resolving the matter, amid further partisan bickering.
Elections have been stolen or subverted for nearly as long as there have been elections, going back at least to the Athenian and Roman Senates. In modern times, no major party has shown itself to be better or worse than any other. Nixon's dirty tricksters were certainly no worse in intent than the way "Landslide" Lyndon Johnson won election to the U. S. Senate in 1948 by having 200 extra ballots mysteriously turn up several days after the polls had closed. The Democratic machine in Chicago used to go by the motto "Vote early and often", and relied heavily on the cemetery vote.
At any rate, after the Florida debacle, Congress passed the Help America Vote Act (HAVA), which provided Federal funds for upgrading voting systems, and mandated certain improvements in technology, including electronic touch-screen voting for the disabled, with auditory assistance and feedback for the blind and visually impaired. However, HAVA did not go far enough, in the opinion of election experts, in mandating security features and procedures to protect the integrity of elections.
We all knowr from experience that a computer can take your instructions and then do something completely different. Program bugs can cause incorrect computation, incorrect writing of files, loss and corruption of data, or outright crashes. Malicious code, whether inserted by trusted insiders or external attackers, could deliberately change votes as they are cast, and in the absence of hardware security measures, even fake an audit trail.
The record of the companies making voting machines is dismal, in every technology more complicated than marking a paper ballot, and particularly bad in DREs. One of the leading manufacturers, Diebold, inadventenly left a copy of much of its source code out on the Internet, where researchers downloaded and examined it. Although Diebold disputes the conclusions drawn in this research, the researchers stand by their analysis.
Paper ballots have their own problems. They are difficult or impossible for some disabled people to use without assistance, and they can be lost, stolen, replaced, or forged. Ballot boxes can be stuffed. A manual count takes too long and is too error-prone. Machines to count the ballots can shred them or crumple them up and jam. It is possible to design procedures to deal with all of these issues and with many other security hazards, but procedures are not always followed. Any good stage magician could game any of the obvious solutions, making ballot boxes disappear and reappear, and changing the contents of locked boxes under the noses of observers. Protections against these hazards are harder to design, but it can be done. Whether there will be the political will to follow the procedures is another question.
So use of DREs in at least some part of the election process is necessary, and the question is how to fix the security holes and still maintain accessibility for the disabled. Congress is considering legislation to correct some of these flaws in the earlier legislation, and will need to take up the matter again as further threats to elections are identified in the future. The Institute of Electrical and Electronic Engineers (IEEE, read I-triple-E) has a project to create a standard for voting machines in general and DREs in particular, to address design, security, testing, and voting procedures). The National Institute of Standards and Technology (NIST) of the U.S. government plans to consider making the IEEE work a government standard, once it is finished, if it stands up to public scrutiny.
In addition to improving the quality of voting machine software, another goal of the Open Voting Consortium is to make the machines much less expensive than they are at present. Proprietary systems cost thousands of dollars per unit. However, the voting functions could easily be performed on commodity PCs with commodity printers, and verified by commodity scanners. We could build such systems around Simputers. Of course, it is necessary to create reliable systems of high quality and ease of use, for election officials and poll workers as well as for voters. Governments have procurement procedures that often require them to buy extra-cost proprietary solutions rather than off-the-shelf products. But this is a billion dollar market, just in the U.S., and many times bigger worldwide.There is no question that it could be done right and at the same time achieve economies of scale comparable to secure office computing systems. I can't predict what the price will be, but I know that it can be less than governments spend now.
This is not the whole story. We still need secure procedures, partisan and impartial observers, and the rooting out of corrupt politics in general in order to achieve clean, fair elections. These are even more pressing issues than technology in many of the contries where the new machines will be used, sooner or later.
Comments:
Post a Comment