We Are The Change We Seek
"i got this" - Kenny Wyland

This isn't where I thought I was going to be when I looked forward into my life, but here I am....

Yes We Can

Previous Entry :: Next Entry

Read/Post Comments (10)
Share on Facebook





Paperless Electronic Voting Machines are BAD

As we move toward the Presidential election, expect to hear more and more about voting machines.

I am a geek. Not only am I a geek, I'm a computer geek... and even I'm telling you that paperless electronic voting machines are BAD.

BAD BAD BAD BAD BAD.

Let's hit a couple of the big points:

The maker of the machines Premier Election Solutions Inc (aka. Diebold) explicitly stated that they are "committed to helping Ohio deliver its electoral votes to [President Bush] next year." You cannot, CANNOT have the maker of your voting machines telling one political party that they are committed to help your candidate.

That's a political issue. The technical issues are the real reasons that they are bad. Let's go there..

How do you know that your vote was cast for your intended recipient?

Without paper, you don't. The screen can show you ANYTHING it wants, regardless of whether it reflects what it stores in the database. The operation of showing something on the screen and storing it into a database are two operations. Each of them happen separately and each of them can do different actions.

How do you know the right software is running on the machine?

There is no way to know. All of these voting machines are just computers running Microsoft Windows. If you want to rig an election, you write some software and stick it on a USB flash drive. You go in to vote in the morning and while you are behind the curtain, you stick that into a USB port on the machine. The software on your USB drive invades the machine and takes it over. This isn't fiction... it's been done: Researchers were able to surreptitiously load a trojan horse onto the system by using a USB flash drive partitioned and formatted in a manner that would enable it to trigger Windows autorun functionality.

Aren't the machines designed to prevent you from tampering with them?

Sort of... but would you drive a car designed by a 4 year old? The people who are "designing" the software and physical security for these machines are not security experts. The public government is generally very far behind cutting edge technology. In the tests conducted in California, Hackers were able to bypass software and physical security measures on nearly every model of voting machine.

What happens when the machine crashes?

While working at Google we dealt with constant computer malfunction. Once you move past a certain number of computers, there is no possible way to avoid hardware malfunction. It's just a statistical impossibility. Someone has to reinstall Windows and the voting software, which is generally done with a CD or DVD which has what we call a disk image. That image is essentially copied onto the machine, it's rebooted and put back into service. So the question comes back to... what was on that disc? Was it the right software? Was it written by the original company or a hacker? Assuming it was the original company, was it the most recent version? Does it have all of the latest bug fixes or is it an old copy from 6 months ago? No one knows. That's the big problem with all of these stuff... no one knows.

Let's assume no voters hack the machine, is it safe then?

No. At the end of the day, those machines are transported to a central location where their data is downloaded to a central database. During any of this movement, those machines can be reimaged (as described above) and the results completely rewritten without ANY evidence. A hard drive is just a series of 0s and 1s. If you overwrite all of them, there aren't any logs to show that you changed something. Those logs get replaced with your new, fake logs.

Let's assume no voters hack the machine AND no one reimages the machine during transport, is it safe then?

No. Once the data has been downloaded into the central database, there is nothing to prevent someone from altering that data. The data is all anonymous, it doesn't say that Kenny Wyland voted for Barack Obama, it just there was X number of votes for Obama and X number of votes for McCain. All someone has to do is change the numbers in the central database... none of which can be audited. Again, think this is fiction? In Texas, the Hart Intercivic voting system used in Harris County allows anyone with access and a passcode to modify vote totals from an election without leaving any record of the modification. There are lots of different systems in place at the moment, so not all of them are going to behave the same... but I can tell you as a software developer that these kinds of back doors and such are everywhere. When you are developing the software, you need an ability to check the data, test it, manipulate it so you can run certain tests, etc. These aren't tools created for malicious purposes, they are created as a standard part of the development process... but they CAN be used for malicious purposes.

How does a paperless voting machine vs. a paper receipt voting machine going to fix all of these software problems?

It doesn't solve the problems above, but it does give us some physical evidence to verify the electronic results. A paper receipt machine gives us the ability to challenge the results. If someone alters the results in a paperless situation, there is no way to know. If someone alters the results in a paper receipt situation, we can count the paper ballots up and compare them with the electronic results. There is nothing wrong with accountability. If someone wants to do away with accountability in something as important and influential as the election of the President of the United States of America.... you shouldn't EVER trust them. Ever.

Whoever you want to vote for is the person for whom your vote should be counted. Obama, McCain, whatever. A paperless electronic voting machine takes away your ability to vote. You might as well go to an arcade and play video games.


Read/Post Comments (10)

Previous Entry :: Next Entry

Back to Top

Powered by JournalScape © 2001-2010 JournalScape.com. All rights reserved.
All content rights reserved by the author.
custsupport@journalscape.com