[Newsletter] Electronic voting systems are too complex (#12)

Paul Suh paul.suh at ps-enable.com
Wed Nov 8 11:31:13 EST 2006 

Folks,

Problems Reported
--------------------------

I spent most of yesterday at the TrueVoteMD offices helping to  
monitor the election, speak at a press conference, and take a few  
hotline calls. Although it wasn't as bad as the primary election,  
when the Montgomery County Board of Elections forgot to include the  
voter access cards in the kits for the polling places, it wasn't  
good. The mainstream media are all reporting that there were "minor  
glitches" in many places, making it seem like no big deal. However,  
we need to look underneath what is going on.

The whole electronic voting system is horribly complex, with many  
more bits and pieces of gear that need to be set up, maintained, and  
work perfectly under field conditions. I think all of the people on  
this list can tell firsthand stories of how equipment and software  
that works fine in the office will be completely misused or fail with  
malicious glee when placed at a remote location. I think that we are  
seeing the results of the system complexity, in repeated, small  
breakdowns that actually are having the cumulative effect of the  
death of a thousand cuts.

The major bug this time around seems to be vote switching due to mis- 
calibrated touch screens -- a voter presses on the rectangle for  
candidate A but the selection box for candidate B lights up instead.  
Another problem that is showing up in reports is absentee ballots  
that arrived too late to be used, despite being requested well in  
advance. The State Board of Elections' less-than-helpful response is  
to say, "well, you can just go down to your county Board of Elections  
offices and turn in your ballot in person." That doesn't help the  
gentleman who is in Indiana and just received his ballot on the 7th,  
or the lady in Switzerland(!) who never received hers at all.

The biggest problem of all is the long wait caused by the various  
equipment malfunctions and the problems with the poll workers who  
have to deal with them. Election judges are working 20+ hour days to  
keep things going. This is insane. One of the big selling points of  
these electronic voting systems is that they were supposed to reduce  
the possibility for human error. In reality, they have *increased*  
the possibility for human error, by making the system so complex that  
it's impossible for it to work in the real world.

The Original SAIC Report
-----------------------------------

Another aspect you might be interested in is that the original SAIC  
report on the security of the elections process was leaked on the  
bradblog.com web site. This report was commissioned by the Maryland  
State Board of Elections in 2003. In fact, none of the actual board  
members had seen it until now -- Linda Lamone, the Administrator of  
the SBE, kept it secret from them as well as the public. The original  
report was nearly 200 pages long, but only a redacted, 38-page  
version was released to the public and the board members. There have  
been various claims made by Ms. Lamone and her staff that releasing  
the report would cause security breaches, to which I say, "bull."

I've been reading through the full report, and I'm about 3/5ths of  
the way through. A couple of points stick out:

1) The report recommends a total of 326 management, operational, and  
technical controls to secure the system. This is ridiculous -- any  
system that needs that many changes to secure it should be thrown  
out. It's simply too complex to work properly -- patch on top of  
service pack on top of bug fix on top of workaround.

2) I have yet to see any reason why this report should not have been  
released earlier, aside from embarrassing the living daylights out of  
Diebold. None of the recommendations or redactions cover information  
that is proprietary in nature. If the recommendations we carried out  
and were sufficient to secure the voting system, then releasing the  
full report should have no security consequences. On the other hand,  
if the recommendations were not fully carried out or were not  
sufficient to secure the voting system, then we the public, the  
members of the board, the Maryland legislature, and the governor darn  
well have the right to know that we are working with a voting system  
that has significant security problems.

If you want to read it for yourself, there are 5 PDFs at:

<http://www.bradblog.com/?p=3731>

The Original Problem
-----------------------------

In all of this, let's not lose sight of the original problem. It is  
impossible to tell from these electronic voting machines whether or  
not your vote has been properly counted. There is ZERO ability to  
audit the system -- to ensure that something (an ordinary, garden  
variety bug or someone trying to tamper with the election) hasn't  
caused vote totals to be changed.


--Paul


Paul Suh                                                          
http://www.ps-enable.com/
paul.suh at ps-enable.com                           (240) 672-4212



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2508 bytes
Desc: not available
Url : http://mail.goodeast.com/pipermail/newsletter/attachments/20061108/807298d1/smime.bin

More information about the Newsletter mailing list