Last week, researchers at the National Institute of Standards and Technology recommended to those drafting the 2007 Voluntary Voting Systems Guidelines (also at NIST) that voting systems be required to be "software independent". Officially, that's a system such that "a previously undetected change or error in its software [assuming it has such] cannot cause an undetectable change or error in an election outcome". Unofficially, that's a system with a voter-verified paper trail.
The take-home line from the report, concerning software-dependent Direct Record Electronic systems:
Potentially, a single programmer could “rig” a major election.
The problem is not just that DRE systems are presently insecure, but that there is no feasible way of making them secure:
[V]oting systems in general are not developed according to rigorous models of secure code development nor tested with the rigor of other security-critical applications. Experts reject that even these measures would be sufficient for reliably detecting all errors or malicious code hidden in a voting systems.
Hence the need for a software-independent audit trail. Of claims that software independence isn't necessary since "there is no evidence of intentionally-introduced malicious code or fraud in voting systems" and "election procedures are effective at keeping voting systems free of intentionally introduced fraud", the writers note
[These claims] do not hold up against the enormous evidence of computer fraud that has occurred in other areas of IT and that has or is likely to occur in voting systems, given the billions spent on elections as well as the rich history of electoral fraud.
Moreover, claims that everything is A-OK are suspect, given that there isn't any way, independent of the system being tested, to check the results. As Barbara Samorajczyk put it, after conceding a House of Delegates seat to her marginally-ahead opponent, "there wasn't any meaningful way to do a recount [...] we cannot recount the machine". (Exit polls can do some work here, of course, but their results are approximate and subject to manipulation.)
The committee in charge of drafting the VVSG 2007 guidelines rejected a proposal adopting the recommendation that all systems be required to be software independent; however, they later unanimously accepted a revised proposal which required that future systems be so. Existing systems are to be "grandfathered in"; one hopes this doesn't mean Jenna for Prez.
Overall this strikes me as very good news, even though VVSG 2007 is still at the draft stage, and even though these guidelines (hence "requirements") are voluntary. When word gets out about the need for software independence those forced to vote on DRE machines will rightfully raise hell with their state election officials and representatives, and U.S.ers will slowly but surely free themselves from this new form of tyranny.
Recent Comments