Wednesday, August 08, 2007

The ghosts in the voting machines

Bill Thompson on evoting:

" When I started work as a professional programmer, writing in the C programming language, I sometimes wrote very bad code. It worked, but it wasn't what you'd call industrial strength, largely because it didn't do nearly enough checking.

As a result my programs would crash if you gave them unexpected input by typing a word into a field where a number was required, or because they failed to check whether a variable had been properly initialised before doing a calculation.

Fortunately I had talented and patient colleagues who showed me the difference between student programming and serious coding and understood that validating data, checking variables and handling all possible error conditions is not just a useful extra but at least as important as the part of the program that does the actual work.

The lesson has stayed with me, even though I now write little production code and only occasionally mess around with other people's programs.

Sadly, it seems that the developers behind three of the most widely-used electronic voting systems in current use in the United States have never grasped this important principle.

Following concerns about the accuracy of the electronic voting systems used in last year's the California state legislature commissioned computer science and cryptography experts at the University of California to review the main players and ensure that 'California voters are being asked to cast their ballots on machines that are secure, accurate, reliable, and accessible'.

Anyone looking for reassurance will have had their hopes dashed, as the recently published report into e-voting systems from Diebold, Hart InterCivic and Sequoia found massive security holes in the source code which, combined with poor physical security and badly-designed procedures, make it impossible to rely on them to record votes accurately...

Such problems are not confined to the United States, of course, though the campaign for more openness about the technology used in electronic voting seems to have made more progress there than elsewhere.

Here in the UK the Open Rights Group, resolute campaigners for civil liberties in the digital world, sent observers to several of the e-voting pilot projects in the May 2007 English and Scottish elections.

They had to fight through a bureaucracy which seemed to see openness as a dangerous aberration, where 'observers were frequently subject to seemingly arbitrary and changeable decisions via unclear lines of authority', but the final report makes chilling reading."

No comments: