darkreading: voting machines

[dwheeler at ida.org (David A. Wheeler)]

Jeremy Epstein:
> Interesting point.  I'm on the Virginia state commission charged with making
> recommendations around voting systems, and we watched the Princeton video as
> part of our most recent meeting.  The reaction from the election officials
> was amusing and scary: "if this is so real, why don't you hack a real
> election instead of this pretend stuff in the lab".  Pointing out that it
> would (most likely) be a felony, and people like Rubin, Felten, and others
> are trying to help security not go to jail didn't seem to impress them.
> Also pointing out that the Rubin & Felten examples used out-of-date code
> because vendors won't share anything up-to-date doesn't seem to impress
> them.  [This in response to Diebold's claim that they were looking at old
> code, and the problems are all "fixed".]

I'm willing to believe that the ELECTIONS are fixed.   Since they lack a
voter-verifiable paper trail, _no_ DRE can be trusted.  Period.

I used to do magic tricks, and they all work the same way - misdirect
the viewer, so that what they think they see is not the same as reality.
Many magic tricks depend on rigged props, where what you see is NOT the whole
story.  DREs are the ultimate illusion - the naive
THINK they know what's doing, but in fact they have no
way to know what's really going on.  There's no way to even SEE the
trap door under the box, as it were... DREs are a great prop for the illusion.
Printing "zero" totals and other stuff looks just like a magic show to me -
it has lots of pizazz, and it distracts the viewer from the fact that
they have NO idea what's really going on.

> I frankly don't think anything is going to impress the election officials
> (and some of the elected officials) short of incontrovertible evidence of a
> DRE meltdown - and of course, we know that there could well be a failure
> (and may have been failures) that are unproveable thanks to the nature of
> software.

I'm of the opinion that elections using DREs have ALREADY been manipulated.
No, I can't prove that an election HAS been manipulated, and I certainly
can't point to a specific manufacturer or election.  And I sincerely
hope that no elections HAVE been manipulated.  But there's a LOT of money
riding on big elections, and a small fraction of that would be enough
to tempt someone to do it.  And many people STRONGLY believe in their
cause/party, and might manipulate an election on the grounds that it's
for the "greater good" - it need not be about money at all.

It's crazy to assume that no one's done it,
when it's so easy and the systems are KNOWN to be weak. The whole problem
is that DRE designs make it essentially impossible to detect
massive fraud, almost impossible to find the perpetrator even if
you detected it, and allow a SINGLE person to control an entire election
(so there's little risk of a "squeeler" as there is with other frauds).
And if an unethical person knows they won't be caught,
it INCREASES the probability of them doing it.
Anyone who thinks that all candidates and parties are too honest to do this
need to discover the newspaper and history books.  Ballot-stuffing
is at least as ancient as ancient Greece, and as modern as Right Now.

These voting systems and their surrounding processes
would not meet the criteria for an electronic one-armed bandit
in Las Vegas.  Yet there's more at stake.

The state commissions cannot provide any justifiable evidence
that votes are protected from compromise if they use DREs.
And that is their job.

DREs are unfit for use in elections that matter.  They should
be decommissioned with prejudice, and frankly,
I'd like to see laws requiring vendors to take them back and give
their purchasers a refund, or add voter-verified paper systems acceptable
to the customer at no charge.
(The paper needs to meet some standard too, so that you can use counting
machines from different manufacturers to prevent collusion.)
At no time was this DRE technology appropriate
for use in voting, and the companies selling them would have known better
had they done any examination of their real requirements.
The voters were given a lemon, and they should have the right to get
their money back.

--- David A. Wheeler