For Your Information - Information, Technology, Society
Issue - #5, July 29, 2003
At the last election, my family and I had a disturbing experience -- one that left us wondering how secure our voting system really is. The story has two parts: one about the people side and one about the technology side of the equation.
On the people side, there was a real snafu in the process that could have led to allowing people to vote more than once or allowing unauthorized voters to vote. On the technology side, there was an automated voting system that had no physical backup or 'receipt' to show you what your vote was. Both of these possibilities undermine the democratic process.
The people side
As you probably know, voters must "sign-in" at the polling place so that their voting status can be verified. At our polling place, your name is checked off two lists and you sign the register showing that you appeared to vote. Once this verification process has been completed, you then stand in a second line waiting to actually vote. The process is designed to first validate that you are eligible to vote and that you haven't voted before you can vote.
When our family arrived at the polling place, we saw a long line stretching out the door. The actual polling place was a small room at the back of our local recreation center. I had voted earlier, but wanted to accompany my wife and younger son who was voting for the first time. Once they had signed in, we were directed to go to the end of the line -- outside the polling room -- and wait their turn to vote. The end of the line was completely removed form the view of the polling officials; no one could see what was happening there. My wife and I immediately saw the problem and objected to the polling station workers that we would be out of their sight and that meant that anyone could stand in the line and vote or that someone could vote twice. They assured use that everything was OK and that, in any case, they would "...recognize us if we tried to vote twice."
Following their instructions we went to the back of the line, waited our turn, and my wife and son voted. However, I was offered the opportunity to vote, even though I had already done so much earlier in the day (!). I pointed out that I had already voted. Of course, the worker who had been so sure that she would "recognize us" had no clue, even though I had spoken to her just several minutes earlier.
Needless to say, we immediately called the Registrar's Office and filed a very strong complaint. Unfortunately, no one really seemed to understand the gravity of the situation, and it took several calls to galvanize a response. The response that my wife received from the Registrar's Office was marginally reassuring, although there was agreement that the process of forming two lines was a serious error.
The technology side
Our previous (manual) voting system had just been replaced with an automated, touch-screen system -- everything looked clean, neat, and efficient. The system had clear instructions, was easy to use, and seemed to be well implemented, at least on the surface.
The one glaring omission was the complete lack of a paper audit trail. In other words, you entered your vote and it went into the system, but you received absolutely no confirmation -- in the form of a printed receipt -- that your vote was entered correctly. Furthermore, we learned that there is absolutely no paper trail anywhere in the system, not even for the Registrar's Office to keep in case there are questions about the vote! As a computer professional, this is an appalling lack, and one I believe that threatens one of the basic tenets of democracy -- the right to a free and accurate voting process.
I know that the fear and loathing created by Florida's "hanging chad" situation is leading us away from the traditional voting systems -- and that's a good thing. But we have to be vigilant lest we throw out the baby with the bath water.
First, and most importantly -- NO COMPUTER SYSTEM IS FOOL-PROOF... PERIOD. Anyone who claims that their system cannot fail (is "bullet-proof") is (a) totally misinformed or (b) trying to fool you or (c) ingesting a mind-altering substance. If you have a technology background, you know what I mean. If you don't, just think about it.
Listen to what Microsoft itself says about computer bugs:
The key phrase here is "effective risk management" -- putting safeguards in place in the likely event that someyhing fails to operate as expected.
Second, even if the software were perfectly made (impossible), there is still the possibility that someone inside the company could compromise the system. Many of the stories of computer problems have been the result of trusted employees who couldn't resist making changes to the system to their benefit. There's the classic story of a programmer back in the days of large mainframe systems who worked on a bank's demand deposit (checking) system. When internal calculations are made (such as for adding interest) there is almost always a small "rounding" error; that is, the interest calculation doesn't actually come out to an exact dollars and cents figure. For example, 5% or $500 is exactly $25.00, but 5% of 525.17 is $25.25 with .85 cents left over. Where does that .85 cents go? Well, it usually was ignored, but this programmer modified the program to add those less that one penny differences to his own bank account. He was caught with about $300,000 in his bank account. The same thing could happen with a politically-motivated employee. One possibility: just take the voters who abstained from voting and add that vote to the candidate of their choice. There are a myriad of other possibilities.
What is very interesting (and scary) is that people seem to take the assurances of the voting system vendors at face value when they claim that their software is "bullet-proof".Since there's no such thin
Finally, there needs to be some form of backup. How do you perform a recount in a system where there is only an electronic image of your vote? Do you just add up the same numbers and come up with the same results and call it a recount? At least with a paper trail, one could count the paper copies and validate the results.
I've been thinking about this issue for some time now, planning to write an article raising these questions. Fortunately, researchers at Johns Hopkins University were able to analyse some of the source code from a version of an election tally system offered by Diebold Systems, one of the contenders in this very important area. They list a number of "significant and wide-reaching security vulnerabilities", including:
Their report goes on to say:
Read the Johns Hopkins' report yourself; also, check out the original response by Diebold. [Editor's Note: This morning, 7/29/2003, I tried this link and found it. This afternoon, it now shows as "Not Found". They have updated their web site with a new response. It is interesting to note that one of Diebold's claims in their updated rebuttal states that the report: "Failed to recognize that both federal and state election training procedures are designed to ensure the integrity of elections, regardless of the voting technology. Of course, that didn't happen, as reported in the first part of this article.]
Diebold attempts to counter these arguments in their rebuttal report. The extent of the rebuttal really boils down to claiming that Johns Hopkins report:
Once you've read both reports, I think you'll agree that something needs to be done to ensure that our vote really counts! There is an article in the San Jose Mercury News, 7/29/2003, which covers this issue, and from which I gained much of the specific contact information referred to here.
I should note that our Registrar of Voters pointed out that giving a hard copy to the voter to take out of the polling place could lead to buying the vote. However, the Registrar did not address the option of allowing the voter to view the receipt and then filing it in a secured container to be used for recounts, if necessary. Such verification of the vote would preclude votes that were made in error because of confusion, for example.
So, what else can you do?
I've been using my new GPS/Navigation system for several months (and almost 14,000 miles :) now and all I can say is "I love it -- most of the time!" Even though I'm very good at finding my way around places, the GPS makes it incredibly easy to get anywhere I want to go... no sweat, no hassle, no getting lost and having to retrace my steps.
It's true that the Navigation system sometimes doesn't pick the most efficient route: it often will take a much more round-about route than is necessary. This happens particularly at the end of the travel: rather than going straight for 3 blocks and turning right for 1 block, it will direct me to go right for 6 blocks, turn left for 3 blocks, and then left again for 5 blocks. On one occasion, it had me go down the freeway for 2 miles beyond my turnoff, do a loop-ti-loop and get back on the freeway and come back to the exit! Strange. The only thing I can postulate is that the exit or road was closed when they entered the data into the DVD that is the memory bank of the system, particularly since it happens every time I take those particular routes. I've learned (been trained?) to check the route in advance to see if it's making one of those strange loops and just adjust my travel and let the system catch up with me.
However, that's all trivial, since it does get me where I want to go.
The most wonderful -- and unanticipated -- part of the GPS experience is that I discovered that what I have is a telephone book for the entire United States in my car, with a reasonably effective search engine at my fingertips. So... I'm at a strange location waiting for my son's soccer game to start and I want a latte. Easy! I punch "Places", "By Name", type in S-T-A-R-B-U-C-K-S and Voila! I see that there is one 1.31 miles away off to my right and another one 2.18 miles back and to my left. Now that's convenience. If I need gas, I just punch in C-O-S-T-C-O or C-H-E-V-R-O-N and again I'm in business. If I want to find a restaurant, I can type it in by name or look for a particular kind of food (I'm partial to Thai restaurants) and it's all right there -- often along with phone numbers so that I can even call ahead.
Now, there is a downside (there always is with technology or the supporting elements). The data entry is inconsistent, so "Starbucks" could be simply "Starbucks" or "Starbucks Cafe" or "Starbucks Coffee Co" or ... There's no way -- in my system, at least -- to get every possible "Starbucks" in a list: you have to help the system out by trying several different possibilities. If you give up too soon, you'll miss one right next door.
Could it be better? Absolutely!
Do I love it? You betcha!
edp consulting, inc.
3373 Guido Street
Oakland, CA 94602