The reviewers were given an unrealistic timetable and had trouble getting much documentation. The fact that major security vulnerabilities were found in all machines is a testament to how poorly they were designed, not to the thoroughness of the analysis.
He goes on to say,
While this is a good effort, it has security completely backward. It begins with a presumption of security: If there are no known vulnerabilities, the system must be secure. If there is a vulnerability, then once it’s fixed, the system is again secure. How anyone comes to this presumption is a mystery to me. Is there any version of any operating system anywhere where the last security bug was found and fixed? Is there a major piece of software anywhere that has been, and continues to be, vulnerability free?
…It’s all backward. Insecurity is the norm. If any system — whether a voting machine, operating system, database, badge-entry system, RFID passport system, etc. – is ever built completely vulnerability-free, it’ll be the first time in the history of mankind. It’s not a good bet…
Basically, [he continues] demonstrate that your system is secure, because I’m just not going to believe you otherwise…
Assurance [in security] is expensive, in terms of money and time for both the process and the documentation. But the NSA needs assurance for critical military systems; Boeing needs it for its avionics. And our government needs it more and more: for voting machines, for databases entrusted with our personal information, for electronic passports, for communication systems, for the computers and systems controlling our critical infrastructure. Assurance requirements should be common in IT [information technology] contracts, not rare. It’s time we stopped thinking backward and pretending that computers are secure until proven otherwise.
As Bev Harris wrote in Black Box Voting: Ballot Tampering in the 21st Century,
This is not a computer-programming problem. It is a procedural matter, and part of the procedure must involve keeping human beings, as many as possible, in control of our own voting system. Any computerized voting system that requires us to trust a few computer scientists and some corporate executives constitutes flawed public policy. It doesn’t matter whether they come up with perfect cryptographic techniques or invent smart cards so clever they can recognize us by sight. The real problem is that we’ve created a voting system controlled by someone else.
Add to that the vendors’ perfectly lousy track record, unsavory business practices, hiring of felons, the billions of tax dollars at stake, and the revolving door between elected officials and vendor lobbyists and the entire system lacks credibility.
It is not sound business practice to reward the very companies that have continually fallen far short of professional standards, and have sprinkled their actions liberally with shoddy products and missed deadlines. Do they deserve lucrative contracts for new machines to replace the old, broken systems that they sold us before with such fulsome promises? The time-honored concept of accountability must be revived, not cavalierly disregarded. In this instance, it seems that crime does pay.
Present legislation for election reform is poised to leave the gate in September, after the summer recess. Be aware that, despite the hype, both HR 811 (Rep. Holt’s bill) and S. 1487 (Sen. Feinstein’s bill) have further entrenched the very same electronic voting machine vendors who have been trashed in every single independent report and review. Although these bills have some redeeming elements, do we seriously want to consider shoveling billions more of our hard-earned tax dollars to companies whose track record is so dismal? These bills offer the vendors a huge, undeserved dividend – select individuals will be allowed to examine the innards of their machines only after signing a non-disclosure agreement threatening stiff penalties if they reveal what they found.
This reminds me of the Chinese proverb, “Fool me once, shame on you. Fool me twice, shame on me.” Will we be active participants in pulling the wool over our own eyes? George Santayana might have been describing our present predicament when he said, "Those who cannot remember the past are condemned to repeat it." We simply can’t afford to repeat our past mistakes regarding our elections. We need to restore our feelings of pride about our country. This starts with full voter confidence in the fairness and accuracy of our elections, necessitating election reform that returns the voting process to the American voter. Turning this iceberg around is excruciatingly slow but it’s the only hope we have to prevent what is surely yet another recipe for election disaster.
Let’s end with an excerpt or two from the Rather special. These comments hit the nail on the head.
It all sounds familiar, too familiar. Taxpayers being asked to throw out millions of dollars worth of voting equipment, start over again, and pick up the tab. With no guarantee the new equipment will provide a solution to the problems. Technology can often offer a solution to a complicated process, in this case, accurately recording votes. But technology poorly conceived, designed, integrated and tested is a recipe for failure. In this instance, subsidizing the same outfits that couldn't get it right the first time, giving them more chances could lead to the further waste of millions upon millions of taxpayer dollars. And just as important, the further loss of confidence in our nation's ability to use technology to provide solutions for mission-critical applications, none more important to our nation than accurately recording each of our votes…
What's more important to you: knowing that your vote is recorded as you cast it? [O]r the profits of voting machine manufacturers? It's an obvious question, but when citizens try to get to the bottom of how these machines, bought with your taxpayer money, either work or don't work, manufacturers continually hide behind the wall of "trade secrets." Are these machines that determine who decides our laws, who runs our states, and who sits in the White House with the power to direct our armed forces, no different from say the formula for Coca Cola, or McDonald's special sauce? We don't think so, and that's why we tried to get answers tonight and raise questions about accountability.
But, unlike Congress or prosecutors, we aren't armed with subpoena power, we can't force companies to prove that they take concerns about their machines and their ballots seriously. Their message is "trust us," but the information we have been able to obtain suggests that trust has not been earned, and that voting machines warrant, at the very least, much closer scrutiny than they have received so far. Because, as we heard Florida's governor Crist ask, " what could be more important in democracy than making sure that the right to vote is one that we can have confidence in?"
