The Bishop and the Butterfly: Murder, Politics, and the End of the Jazz Age
    DF's picture

    Restoring Integrity to Electronic Voting Systems

    After much speculation on the matter, Diebold has issued its mea culpa:

    Premier Election Solutions (formerly Diebold Election Systems) admitted in a state hearing Tuesday that the audit logs produced by its tabulation software miss significant events, including the act of someone deleting votes on election day.

    The company acknowledged that the problem exists with every version of its tabulation software.

    Diebold's central tabulation software, called GEMS, has a sort of circular electronic audit setup, where one electronic system audits another.  I'm inclined to be skeptical of this scenario to begin with, but now there is no doubt that the integrity of these systems is unsatisfactory.  It's imperative that an election system be auditable.  Without this recourse, existing election laws that trigger an audit have no purpose.

    There are two changes that can be made to restore integrity to the system:

    1. Require a paper trail. This doesn't mean that we have to throw electronic systems out the window.  They do provide advantages.  Electronic systems can increase ease of use and improve access for the disabled.  They can also help deliver totals quickly.  Though there are other democracies that wait for days or even weeks for election results, this is America.  Election night is the big show and we want instant gratification.  We can stil have it, but a ballot receipt needs to be printed for each voter.  This allows the voter to verify that their choices have been faithfully recorded and leaves a paper trail that can be used to audit the system when necessary.
    2. Demand ownership of the source code. This point may seem a bit esoteric for those that aren't familiar with the way that software is created, but I think it's an important one.  We shouldn't have to wait through years of lawsuits, all as elections employing the use of these machines go by, to find out whether or not they lack integrity.  Ownership of the source code by the people assures that we can audit the inner-workings of electronic voting devices as well as the results they produce.  This doesn't mean that we have to exclude the private sector from the process, but we should require that all contracts made with a private vendor retain ownership of the source code for the people.

    I would even go so far as to advoate that we make the source code public.  Some might question the wisdom, but I would point to the many open source projects with security records that are as good or better than their closed-source competitors, like Apache, OpenBSD and Mozilla.  Despite keeping the source secret, security holes are still frequently discovered in closed-source software.  Many of Microsoft's products, like Windows, Internet Explorer and Office, are prime examples.  While it could be argued that revealing the source to the public might provide an advantage to to those with subversive intent, it is likewise true that this allows many more eyes on closing security holes.  Open-source software advocates argue that these circumstances favor the benevolent.

    Regardless, the questions of ownership and availability of the source code are not mutually exclusive.  If there is too much resistance to making the source code fully public, it is still possible for the government to restrict access to its own auditors.  The important thing to recognize is that ownership dictates access.  Unless we own the source code for these devices, we can't be assured that they've been properly audited.

    If we don't take care that these systems have integrity, we might one day inexplicably wake up in a nation lead by President This Guy:

    Comments

    I agree with the importance of a paper trail, but any solution would have to address vote-buying. It would be nice to think that such practices are archaic, but it's not a far cry from street money, which is still used in places like Philadelphia. Vote-buying could particularly effect local elections where several hundred votes can make a difference.

    Some M.I.T. profs have proposed an allegedly "ingenious" solution whereby voters receive someone else's random ballot which they can check online. But I don't see how this is any better than an internal paper record that the voter never sees. In either case, the software could be hacked to print incorrect receipts.

    You could force voters to deposit their receipts on the way out, but you could't permit election workers to verify the receipts without violating voter privacy, which means that voters could deposit fake receipts. Perhaps you could print out a sealable receipt. They could still in principle be counterfeited, but in that case, the counterfeits could be discovered and the votes rejected.

    Another solution would be to print a receipt that the user could see, perhaps through a transparent cover, but not take.


    I've voted using a system where you go into a booth, mark up your ballot, and then -- in front of poll observers -- run it through a scanner that records how you voted. It's face down, so secrecy is preserved. The poll officials then retain your original ballot. In effect, it's paper voting, with electronic counting. In the event of a glitch or discrepancy -- say, the total electronic vote doesn't match the total of paper ballots -- the latter can be recounted. Seems to work.

    Vote-buying is another kettle of fish entirely. Let's make sure that every vote cast gets counted first.


    Optical scan is prevalent around here.  I'm fine with that, too.  I don't think electronic systems are necessary, but I wouldn't throw them out entirely because they do provide accessibility features that paper doesn't.


    Yeah, they don't need to take the receipt.  The voter checks it, but it is retained by the election staff just like a paper ballot.  There are already systems that have implemented a "window" approach as you suggest.