There’s been a lot of talk recently about electronic voting machines and the potential for fraud. To bring home just how serious this issue is, the always excellent Ars Technica has a chilling how-to guide on how to steal an election using electronic ballot machines. So simple, even a neocon could do it!
It amazes me how we’ve suddenly gone from a system that, while it may have its faults and has been abused in the past, at least is somewhat open. People would be able to stand at the polls and watch what was going on, and perhaps catch any fraud red-handed. In going to these electronic voting machines that do not leave any sort of audit trail, we have in effect, handed over the security of our democratic institutions to a private company. If we went to the average voter and said “hey, we’d like to hire this company that will collect and tabulate the all of the ballots in our election. You won’t be able to see what goes on within their company… you won’t be able to look at the ballots yourself… you’ll just have to accept whatever they say is the result of the election” I think most people would think it’s a lousy idea.
My ranting about the entire situation after the jump.
As a software professional (and someone who has done some writing about some aspects of system security) I’m simply amazed at how really shitty the engineering is behind these machines. I mean, this one fact from the article made my blood run cold:
The GEMS database stores all of the votes collected from precinct accumulators, and it’s used to do the vote tabulation for a county. Because it’s so sensitive, you might think it would be tightly secured. But you’d be wrong.
The GEMS database is a vanilla, unencrypted Microsoft Access database that anyone with a copy of Access can edit.
I’ve been forced to use Microsoft Access for a number of different projects. I’m fairly rabidly anti-Microsoft, but I will admit Access has its uses. A simple little database for tracking small amounts of non-mission critical data is fine. I’ve used it, for example, to log requests to my company’s website. It’s easy to use, but the trade off is that if the database gets corrupted you’re screwed. And it will, eventually… since Access lacks many of the features that keep more robust database systems (like Microsoft’s own SQL server, Oracles offerings, etc.) from becoming corrupted.
I can’t imagine anything more mission-critical to our country than honest and accurate elections. Access is simply not up to the job. It boggles my mind that anyone would certify Access as being capable of handling something as sensitive as elections. Would we use Access to launch the Space Shuttle? Does Microsoft itself use it in any mission-critical environment? Then what the hell is it doing tabulating votes?
If we’re going to go the electronic voting route (and we should) we have to have accountability. My not-very-well-thought-through idea is this. You go into a voting booth, and cast your vote. At the end, you get a receipt. This receipt contains a “vote ID number” that consists of information on what precinct of what state you voted in, when you voted (probably down to the millisecond) and in what machine you voted. There would also be a unique identifier for your vote (say, the number of vote cast so far on that machine) and a checksum number that represents your actual vote. Your vote, itself is stored on the machine (perhaps also printed out on paper) and electronically signed by the voting machine.
After the election, all of the votes from the machine are retrieved and uploaded to a central location where they are compiled and tabulated. Then, along with the election results, the entire electronic vote is made public. You can go to a website, punch in the number of your receipt, and verify that what you voted was what was recorded and counted. Having the entire voting public be able to check up on the election system is going to be the only way we can ensure our elections are fair.