[ale] Thoughts on Electronic Voting
Jeff Hubbs
hbbs at attbi.com
Tue Nov 5 21:36:54 EST 2002
I've read a lot of the messages here and taken in some other information
and I'd like to weigh in with some of my conclusions.
I don't have the practical expertise of the Bob Toxens of the world (not
to belittle those of the rest of you who have similar geek stones of
titanium), but I am an IT manager who has dealt with difficult issues of
processing classified information, and in the course of that I developed
mental approaches that served me well in that realm.
Let me start off by informing your intuition with a true story. Ronald
Dale Harris was a software engineer for Nevada's Gaming Control Board,
and his job was to write software to prevent cheating in slot machines.
He hacked the slot machine code to produce cash jackpots when a certain
sequence of coins was inserted. He and his accomplices hacked over 30
slot machines and would likely have gotten away with it except for those
meddling kids...whoops, excuse me, I am the parent of a seven-year-old.
Anyway, one of Harris' buddies fingered him when the buddy was busted
for trying to rig a Keno game.
What can we learn from this? The responsible agency for protecting the
integrity of slot machine gambling hired several people who were
motivated and determined to rig the machines to benefit them personally;
there was no higher overseeing authority. Except for the fact that one
of them was caught committing another crime and then sang like a canary,
the hack would very likely have never been detected. Those of you who
code or have coded, ask yourself: could you determine if a program of
significant size and complexity did something other than or in addition
to what it is supposed to do, especially when you have no idea what that
additional behavior might be?
A few years ago, a professional magician supposedly angered magicians
anywhere by going on national television, under cover of a mask and the
nom de voyage "The Masked Magician," and performing these marvelous
magic tricks and then revealing in great detail how they were done. I'm
no magic aficionado, but I watched the shows with great interest and
afterwards I pondered about the purported controversy that The Masked
Magician caused. While I realized that TMM was deflating the
professional magician's stock in trade with each segment of his shows,
it occurred to me that TMM was serving a higher purpose. He was
exploring the nature and methods of mass deception, with magic as his
medium. Viewers who watched his shows - even viewers of average
intelligence - might be just a little bit more likely to believe or at
least wonder if a given occurence is some sort of trick. TMM's tricks
often had common elements to them, e.g., the "palm," misdirection,
substitution, concealment. It isn't hard to see those same kinds of
things going on in any other kind of deception that gets the lid blown
off of it (Enron, "We had no warning prior to 9/11," "I did not have
sexual relations with that woman," "I am not a crook," "freedom to
innovate")
And now we have a computer-based voting system in which voters don't
even have a way to verify that the card they turn in actually has their
vote encoded into it. When I ask myself questions like "Who has the
ability to manipulate these results?" or "Who has write access to the
code these machines run?" I realize that not only do I not know the
answers, but I have no WAY to know the answers. When I ask myself "At
what points in the process could the process be manipulated?" I come up
with lots of answers - there are points that I *can* observe there in
the polling place and there are points that I *cannot* observe. So, the
conclusion that I come to is that the opportunity for one or more people
to deliberately subvert the election process has grown and that the
likelihood of any subversion being executed out of view has likewise
grown.
Inasmuch as I know that it would be possible to design and deploy
electronic voting systems with a high level of integrity, their inherent
complexity makes auditability by reasonable means impossible. You can
write in all the crypto you want, and it can be "walked around" by
simple trickery (is it not possible that these voting machines are
wirelessly networked?).
I therefore call for an end to "black box" voting systems of all sorts.
I want it to be possible for independent parties to audit voting results
incontrovertably. I don't care if the systems use nothing more advanced
than brass cogs; I want something that's examinable in full.
- Jeff
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list