Interview with Barbara Simons of Verified Voting
My guest today is Barbara Simons, Board Chair of Verified Voting and former President of the Association for Computing Machinery (ACM). Welcome to OpEdNews, Barbara.
JB: You wrote a piece, What if Volkswagen made Voting Machines? Many of our readers may not be familiar with Volkswagen's appearance in the news. Can you give us some background, please?
BS: On September 18, the Environmental Protection Agency accused VW of using software called a "defeat device" that cheated during pollution testing of its diesel cars. (A defeat device can detect when a test is being conducted, at which time it behaves correctly. Other times it may exhibit different behavior).
In the case of VW diesel cars, the defeat device detected when emission tests were being conducted and activated the pollution control system accordingly. When not being tested, the pollution controls were disabled, thereby increasing the car's performance, but also causing the car to spew as much as 40 times the pollution limit of the Clean Air Act. VW did not acknowledge its behavior until after U.S. regulators threatened not to approve VW's 2016 diesel cars.
The cost to VW will be huge, starting with a possible fine of as much as $37,500 for each U.S. car containing the cheating software. While the U.S. fines could amount to least $18 billion, we won't know for some time what the final cost will be, though it certainly will be increased by legal actions taken by other countries, together with lawsuits brought by unhappy customers and regulators. Meanwhile, large numbers of VW diesel cars have been withdrawn from the market, yet another cost to VW.
VW will be in the news for a long time. German prosecutors have initiated a criminal investigation of the former CEO, who resigned as a result of the scandal. Investigations also have been started by several other countries, as well as 27 U.S. attorneys general.
JB: It's a pretty dramatic and timely case of corporate malfeasance. Although it definitely makes a snappy headline, isn't it a bit of a stretch to connect VW's unethical behavior with the way our elections are run?
BS: Both modern cars and voting systems are significantly computerized. VW was playing a very high stakes financial game that led someone to installed cheating software (malware).
The stakes are also very high in modern elections. I continue to be amazed that some losing candidates either are pressured not to rock the boat - sometimes by their own party (I know of candidates to whom this was done) - or actually accept negative results without questioning the computerized voting machines that "declare" those results.
Any large software program contains undetected bugs. That's why software vendors such as Microsoft and Apple send out frequent software updates, many of them to fix security holes. Likewise, it also can be very difficult to detect cleverly hidden malware.
Computers can greatly facilitate both car performance and ballot tabulation. But just as laboratory tests are not adequate for testing pollution controls in the presence of malware, so too we cannot depend solely on voting system "certification" to verify that our voting systems are accurate and secure.
JB: That's true. But it's increasingly difficult to do. You have a distinguished advisory board at Verified Voting. Back in 2011, I interviewed Roger Johnston*, Leader of the Vulnerability Assessment Team at the Argonne National Laboratory, about election security or the lack thereof. Another member, Harri Hursti, featured in the 2006 HBO documentary, Hacking Democracy**, performed an easy and invisible hack on a voting machine. I wouldn't have believed it if the whole thing hadn't been filmed. And he isn't the only successful hacker. Yet another of your advisors, J. Alex Halderman***, was part of a team from the University of Michigan in 2010 that, with little advance notice, hacked into the District of Columbia internet voting system. Can you talk about these hacks in a little more detail to give our readers a sense of what we're up against?
BS: J. Alex Halderman and his team actually hacked a test internet voting election, not a real election. The team that wrote the internet voting software for DC insisted that their software be tested realistically to see if it could withstand some of the threats that every internet voting system is subjected to, namely attacks on the election official's system by anyone from anywhere. Because of the dramatic success of Halderman et al (they could modify votes that had already been cast, as well as future votes), no other internet voting vendor has allowed a test election to be attacked by anyone. My guess is that vendors fear that their systems would be shown to have vulnerabilities similar to the ones uncovered by the Halderman team. Internet voting vendors can get away with preventing security experts from truly testing their systems, because it is illegal to hack a real election. Consequently, the "good guys" have not attempted to demonstrate security vulnerabilities by hacking into any of the internet based elections that have been held in the U.S., such as in Alaska, where anyone who wishes is allowed to vote over the internet.