Here's an indictment of the IT profession, and a fine irony: the degree of independent hand-auditing of paper ballot records sufficient to verify the corresponding computerized vote tallies is comparable to the effort required to more accurately count all the ballots by hand in the first place, dispensing with the machines. But until that day arrives, the programs that the voting vendors actually distribute – as opposed to the software they may say they distribute - will continue to determine who takes power after the votes are tallied.
How does Diebold or ES&S software wind up in my precinct? Consider that while there are a relative handful of programmers at companies like Diebold or ES&S, there are hundreds of thousands of voting machines out in the field. After a programmer writes a piece of software, compiles it into binary form, and tests it well enough to say it's done and working properly, many additional people - dozens to hundreds of them, in fact - get involved in the long chain of events to get that software out to the polling station and election office, ready to be used.
This highly complex process includes the programmers who write the "application programs" that display ballots and counts votes electronically; the testers who install a copy of the application program as provided by the programmer, to run it for themselves to verify that the specified inputs correspond to the specified outputs; and the software deployment specialists who take a copy as provided by the tester to distribute to their customers (once they're told by management it's good enough to be used by the public).
Deployment specialists package the software so that it can be cloned thousands of times to be installed by vendor field representatives or election administrators on the vast number of precinct machines and central tabulators out in the field.
Vote counting application programs don't just run themselves: there's a vast array of supporting software modules, such as operating systems - rock-solid, dependable products like Windows; device drivers - software that hooks up to input-output devices such as wireless network cards and telephone modems (you did know that voting equipment can be accessed remotely) and firmware - the software that all other software depends on to interact with the physical world. Thousands upon thousands of software modules and hardware components from vendors all over the world all playing some supporting role in vote tallying.
If all this sounds complicated, well, it is. It's awesomely difficult to get this just right even within the relatively safe confines of a private network inside a bank. While Diebold, ES&S and other vendors certainly pay lip service to accepted professional standards of best practice for system development, testing and deployment, there are abundant indications that each link in the end-to-end software process has been compromised.
Software developers and other insiders pose the greatest risk Above and beyond the well-documented criminal records of some of the key programmers who wrote a large portion of our current voting systems (just start at http://www.bbvforums.org/forums/messages/1954/17305.html?1138394704 and go from there), there's ample room for insider misconduct in any organization. My profession has largely failed to adequately inform the public that the most severe security risks in any organization are from insiders. Quoting from Dan Verton's book "Identity Thieves:"' as excerpted at CSO Magazine Online(http://www2.csoonline.com/exclusives/column.html?CID=14346 ) :
"The modern American bank has recognized the security risks associated with the new electronic frontier and, as a result, has deployed all the state-of-the-art electronic security devices that one would expect to find in a security conscious enterprise - firewalls, intrusion detection devices, password management systems, and powerful encryption technologies. Yet banks and financial institutions continue to lose millions of dollars every year to trusted insiders who understand where the weaknesses are in the system. In fact, insiders accounted for approximately 70%, or $2.4 billion, of the $3.4 billion that banks lost as a result of both internal and external fraud and hacker incidents in 2004."
Electoral systems grant regulatory power over a $12 trillion economy and access to the world's largest checkbook: the federal procurement budget. By the Willy Sutton rule, voting systems are truly "where the money's at".
Constant, ruthless and highly sophisticated attempts by insiders to subvert voting software should be assumed as a given. And yet a representative from Diebold can still say - with a straight face, and without being laughed out of the room: 'For there to be a problem here, you're basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software,' he said. 'I don't believe these evil elections people exist.' (New York Times, 5/12/2006)
Testing can't prove software is safe The second link in the chain - testing - is no better. When it comes to computerized voting systems, internal and field software testers as well as external "certification labs" are one astonishingly lackadaisical and inattentive bunch, judging by the vast array of bugs in the public record (as tallied at http://www.votersunite.org/info/messupsbyvendor.asp and many other places). As a consultant to financial institutions I'd be fired - and then likely sued for gross professional misconduct - if I did my job so poorly and so publicly.
To be fair, of course, although bug reports show voting software testing is mind-bogglingly lax, all any software testing process can do is find problems that testers know to look for and report honestly. There are countless billions of internal states within all but the simplest of programs. Both practically and theoretically, it is impossible through testing to determine that any computer system has no flaws - much less, to rule out the existence of secret backdoor functions to be triggered on a future date. (This is no science fiction; see htttp://www.bbvdocs.org/reports/BBVreportIIunredacted.pdf ).
Software distribution: a shell game with an invisible pea It will come as no surprise that the third link from programmer to voter, field deployment, is also wide open to covert manipulation. As soon as the programmer is done typing, software becomes invisible - it lives on as magnetic and electrical impulses on silicon chips, disk drives, memory cards, and CD-ROMs. Specialized software called a "configuration management system" is then used to control which of the many versions of which of the thousands of software components are sent to which device in the field.
This is not a magic process ordained by saints and administered by angels.
Voting software is software distributed through use of software, vouched for by other software, that itself vouches for other software. Surely nothing can possibly go wrong with such a system, even though the highly complex logistics of installing thousands of software modules on tens of thousands of precinct devices and country central tabulators is under the full control of ordinary people fully susceptible to blackmail, greed, or the pursuit of their own ideological agendas.
Bruce O'Dell is a self-employed information technology consultant with more than twenty five years experience who applies his broad technical expertise to his work as an election integrity activist.
His current consulting practice centers on e-Commerce security and the performance and design of very large-scale computer systems for Fortune 100 clients. He recently spent a year as the chief technical architect in a company-wide security project at one of the top twenty public companies in America, led a multiple client projects for compliance with new credit card data security standards, and has designed secure "virtual cash" e-commerce protocols. In 2007 he was invited to testify on computer voting security issues to the Texas and New Hampshire legislatures.
He lives just outside Minneapolis, Minnesota, and shares a love of good books with his wife - and her beautiful garden, with their talkative cat.
For the impending election though, a strategic action may thwart their attempts as thefts...
Using a camera mobile phone and a friend, record your votes and consider shutting down by force if need be any machine that refuses to record fairly your vote.
But if you have photo evidence, of a machine not doing its job surely then you would be able to call in the FBI and force the machines off there and then as a defined crime is easily shown as being committed.
Or failing that a bucket of nice cold water down the back of the machine would stop any dodgy recording. The vote MUST happen so what happens if all the machines are incapacitated?
