After much speculation on the matter, Diebold has issued its mea culpa:
Premier Election Solutions (formerly Diebold Election Systems) admitted in a state hearing Tuesday that the audit logs produced by its tabulation software miss significant events, including the act of someone deleting votes on election day.
The company acknowledged that the problem exists with every version of its tabulation software.
Diebold's central tabulation software, called GEMS, has a sort of circular electronic audit setup, where one electronic system audits another. I'm inclined to be skeptical of this scenario to begin with, but now there is no doubt that the integrity of these systems is unsatisfactory. It's imperative that an election system be auditable. Without this recourse, existing election laws that trigger an audit have no purpose.
There are two changes that can be made to restore integrity to the system:
- Require a paper trail. This doesn't mean that we have to throw electronic systems out the window. They do provide advantages. Electronic systems can increase ease of use and improve access for the disabled. They can also help deliver totals quickly. Though there are other democracies that wait for days or even weeks for election results, this is America. Election night is the big show and we want instant gratification. We can stil have it, but a ballot receipt needs to be printed for each voter. This allows the voter to verify that their choices have been faithfully recorded and leaves a paper trail that can be used to audit the system when necessary.
- Demand ownership of the source code. This point may seem a bit esoteric for those that aren't familiar with the way that software is created, but I think it's an important one. We shouldn't have to wait through years of lawsuits, all as elections employing the use of these machines go by, to find out whether or not they lack integrity. Ownership of the source code by the people assures that we can audit the inner-workings of electronic voting devices as well as the results they produce. This doesn't mean that we have to exclude the private sector from the process, but we should require that all contracts made with a private vendor retain ownership of the source code for the people.
I would even go so far as to advoate that we make the source code public. Some might question the wisdom, but I would point to the many open source projects with security records that are as good or better than their closed-source competitors, like Apache, OpenBSD and Mozilla. Despite keeping the source secret, security holes are still frequently discovered in closed-source software. Many of Microsoft's products, like Windows, Internet Explorer and Office, are prime examples. While it could be argued that revealing the source to the public might provide an advantage to to those with subversive intent, it is likewise true that this allows many more eyes on closing security holes. Open-source software advocates argue that these circumstances favor the benevolent.
Regardless, the questions of ownership and availability of the source code are not mutually exclusive. If there is too much resistance to making the source code fully public, it is still possible for the government to restrict access to its own auditors. The important thing to recognize is that ownership dictates access. Unless we own the source code for these devices, we can't be assured that they've been properly audited.
If we don't take care that these systems have integrity, we might one day inexplicably wake up in a nation lead by President This Guy: