Trkingmomoe: Finance and Society
Maiello: A Blog Called Crime and Punishment
After much speculation on the matter, Diebold has issued its mea culpa:
Premier Election Solutions (formerly Diebold Election Systems) admitted in a state hearing Tuesday that the audit logs produced by its tabulation software miss significant events, including the act of someone deleting votes on election day.
The company acknowledged that the problem exists with every version of its tabulation software.
Diebold's central tabulation software, called GEMS, has a sort of circular electronic audit setup, where one electronic system audits another. I'm inclined to be skeptical of this scenario to begin with, but now there is no doubt that the integrity of these systems is unsatisfactory. It's imperative that an election system be auditable. Without this recourse, existing election laws that trigger an audit have no purpose.
There are two changes that can be made to restore integrity to the system:
I would even go so far as to advoate that we make the source code public. Some might question the wisdom, but I would point to the many open source projects with security records that are as good or better than their closed-source competitors, like Apache, OpenBSD and Mozilla. Despite keeping the source secret, security holes are still frequently discovered in closed-source software. Many of Microsoft's products, like Windows, Internet Explorer and Office, are prime examples. While it could be argued that revealing the source to the public might provide an advantage to to those with subversive intent, it is likewise true that this allows many more eyes on closing security holes. Open-source software advocates argue that these circumstances favor the benevolent.
Regardless, the questions of ownership and availability of the source code are not mutually exclusive. If there is too much resistance to making the source code fully public, it is still possible for the government to restrict access to its own auditors. The important thing to recognize is that ownership dictates access. Unless we own the source code for these devices, we can't be assured that they've been properly audited.
If we don't take care that these systems have integrity, we might one day inexplicably wake up in a nation lead by President This Guy: