Electronic Voting Machines: Unverifiable

Perhaps stung by The Guardian report on the many troubling aspects of electronic voting, from lack of security to the possibility that elections have already been stolen, Newsweek has entered the fray, becoming the first mainstream US publication I know of to take this on. And about time, too. The piece is written by Technology Correspondent Steven Levy, and to his credit, he gets right to the meat:

The machines have “a fatal disadvantage,” says Rep. Rush Holt of New Jersey, who’s sponsoring legislation on the issue. “They’re unverifiable.”

Yup, that would be a “disadvantage”, alright, especially as the Diebold CEO has opined that he and his company are “committed to helping” George Bush get re-elected. Makes you wonder what “helping” might include.

As discussed here last week, Diebold’s program is about as secure as a papier-mache fort, and Levy backs this up:

It gets scarier. The best minds in the computer-security world contend that the voting terminals can’t be trusted. Listen, for example, to Avi Rubin, a computer-security expert and professor at Johns Hopkins University who was slipped a copy of Diebold’s source code earlier this year. After he and his students examined it, he concluded that the protections against fraud and tampering were strictly amateur hour. “Anyone in my basic security classes would have done better,” he says. The cryptography was weak and poorly implemented, and the smart-card system that supposedly increased security actually created new vulnerabilities. Rubin’s paper concluded that the Diebold system was “far below even the most minimal security standards.”

Lots of bad news here, but a little good news as well:

After Rubin’s paper appeared, Maryland officials—who were about to drop $57 million on Diebold devices—commissioned an outside firm to look at the problem. The resulting report confirmed many of Rubin’s findings and found that the machines did not meet the state’s security standards.

So they canceled the contract, right? Well, not exactly:

However, the study also said that in practice some problems were mitigated, and others could be fixed, an attitude Rubin considers overly optimistic. “You’d have to start with a fresh design to make the devices secure,” he says.

Maryland appears to be leaning toward the “It’s Not As Bad As It Looks” school, so the contract is intact–for now (Maryland’s Republican Governor favors it). But Diebold is on the offensive just the same–not correcting its shabby code, no no no. In the true BushCo’s-America SOP, they’re fighting the perception of shabbiness. Once again, from Mark Crispin Miller, who’s been following this:

[B]oth [Black Box Voting] sites have had a string of takedowns for reasons ranging from Diebold cease and desist orders to hacking to bogus spam complaints.

And Diebold’s counter-attack, it seems, may include some govt collusion. Miller quotes an email from a software engineer who criticized Diebold:

[T]wo FBI agents came by my house last week asking for names of radicals and organizations. My email is being monitored. Anyone on this board should assume the same.

Apparently Mr. O’Dell meant what he said.

But back to the good news:

To remedy the problem, technologists and allies are rallying around a scheme called verifiable voting. This supplements electronic voting systems with a print-out that affirms the voter’s choices. The printout goes immediately into a secure lockbox. If there’s a need for a recount, the paper ballots are tallied. It’s not a perfect system, but it could keep the machines honest.

A major consideration in the event of another close election. Let’s hope the states who are moving toward electronic voting machines are listening–and that not too many of them are part of the conspiracy.

UPDATE: Chris Nelson says that GQ also has an article on this in their newest issue (pg 256). It’s a landslide, folks, and the dam is cracking.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s