Tuesday, March 3, 2009

Electronic Voting: Entirely Untrustworthy

The California Government just finished a report analyzing how trustworthy electronic voting results are. The Cliff Note's version: not at all:
First, GEMS version 1.18.19 fails to record in any log important system events such as the deletion of decks of optical scan ballots after they have been scanned and entered into the GEMS election results database. Second, it records the wrong entry date and time for certain decks of ballots. Third, it permits deletion of certain audit logs that contain – or should contain – records that would be essential to reconstruct operator actions during the vote tallying process.
Let's think about this: someone can delete a bunch of ballots, and nobody will know, because this event isn't logged. It also lets someone access and edit the logs. In security, this is a huge, huge no-no.

There's an entire field of study around Computer Forensics - reconstructing events after the fact in a way that will stand up in a court of law. The evidenciary value of the data has to be preserved, or you won't have a case. If you don't have decent system logs, you've got no evidence of what happened.

Via Slashdot, where you'll find this comment that shows why this is Epic Fail:
The difference is numbers. A single programmer in the right place can hack an entire election, untraceable for anybody else. To perform a similar hack in a pen and paper system you would need thousands, if not tens of thousands of people. The chances of none of them talking are slim, thus there is a much better chance of people finding out about the fraud.
Electronic voting is simply not robust enough to avoid massive fraud. Not that anyone in the government might be willing to try that, of course.

In other breaking news, it seems that I'm not the only one with this opinion. A german physicist has sued the German government to stop how electronic voting is done there, and it seems that he's won:
Voting machines are not illegal per se, but with these machines it wasn't possible to verify the results after the votes were cast. The verification procedure by the German authorities was flawed, too: only specimens were tested, not the machines actually used in the elections, and the detailed results (including the source code) were not made public.
But hey, despite the complete lack of transparency, I'm sure that the results are all above board. What? You don't like it? What are you, a denier neocon racist sitzpinkler?

The really strange thing is that all this high-tech rush for a "solution" ignores a complete adequate, transparent, and proven solution to the problem:

You might think that the reason that both political parties rushed to electronic voting after the 2000 elections was so that they could more easily manipulate the results. But then you'd be a denier neocon racist sitzpinkler.


Sevesteen said...

Electronic voting doesn't have to be nearly as bad as it is--Premier has its roots in ATMs, and if they used even that level of security and auditing, it would be tremendously better than it is now.

With proper election procedure the only really mandatory feature of an e-voting machine is a voter-verified paper ballot that is placed in a ballot box. Procedure including sampling and audits will catch and correct significant errors.

Borepatch said...

Sevesteen, you are correct - paper verification and retention adds much of the transparency you'd need.

Quite frankly, it's astonishing that we keep going through this (ever six months or so, for the last 3 or 4 years). While I don't like to think that I hang out in the fever swamps, it's likely that this helps feed some of the more lurid rumors going around about e-voting.