Sunday, July 29, 2007

Open Source Voting Machines

The results are in, and 3 of 4 electronic voting systems used in California failed to prove themselves 'hacker-proof' in tests conducted by the University of California. Machines from Diebold , Hart InterCivic, and Sequoia had both their software and hardware security systems penetrated or bypassed. Election results were changed and internal processes corrupted. In fact, the only company whose machines were not compromised by researchers, ES&S, got away because they failed to supply equipment by the deadline imposed by CA's Secretary of State. Though there is no reason to believe that ES&S' equipment would have faired any better.

Predictably, with hearings on the findings and potential decertification looming, manufacturers complain that the tests were biased. Counties with multi-million dollar investments worry that they'll be forced junk their expensive little bundles of potential election fraud. But in all cases, the proponents of electronic voting systems make an economic argument at the expensive of the democratic argument: "We should be allowed to do business in any way we see fit." "We shouldn't be forced to make our systems available for testing." "We shouldn't have to junk expensive systems that we've already purchased."

Even the federal government is getting involved, attempting to deal with the electorate's 'crisis of confidence' regarding the reliability of electronic voting systems. As evidence of deliberate vote manipulation in 2000 and 2004 mounts, many people have become convinced that their vote no longer counts. So...in steps Congress to put a band aid on the issue with a law mandating a 'verifiable paper trail'. But what our leader's conveniently ignore is that once an electronic tally has been compromised, the paper trail can easily be forged to reflect the doctored results. Unless the voters themselves are put in control election audits (way too unwieldy to manage), this bill is worthless.

The only solution to these problems is to restore the public's confidence in the systems themselves. This means mechanical systems with physical results that are hard to manipulate. Or...if we must have electronic voting machines, they must be open-source systems that have been subjected to the scrutiny of security researchers and submitted to rigorous validation processes. In fact, I would go so far as to say that we must mandate open-source for electronic voting machines because only open-source can provide the transparency necessary for something as important as elections. The Diebolds of the world can still make money building and deploying machines, but we should never again hear an argument that goes: "Our machines contain proprietary IP that is too important for us to expose." This is an invitation to wide spread election fraud.

TAGS: , , ,

No comments: