> technology policy
24 August 2006 - Permanent link
Testimony of Clinton Eugene Curtis, a programmer, under oath before the U.S. House Judiciary Members.
Electronic voting systems are corrupt. Current systems are closed, uninspectable, and their processes are so complex and obscured that there is almost no way to ensure that they accurately tally the input of the voter. Not only does source code have to be open source, but the compilers and probably the chip design should be open source too. Everything must be generic, inspectable, and transparent.
A friend asked last month, about an article explaining Diebold's corrupt electronic voting machines:
can someone explain what the anti-paper record argument is about? wouldn't that make everyone happy? it can't cost much per unit. The unwillingness to implement some sort of non-digitial backup trail just seems so odd to me. it's difficult to avoid getting all conspiracy theory-y.
Paper isn't enough. You need totally open-source code so any engineer or organization can audit the code. The article criticizes Diebold's engineering on the grounds of "this model does not produce a voter verified paper trail so there is no way to check if the voter’s choices are accurately reflected in the tabulation." But simply outputting a paper trail means nothing.
If I were designing one of these systems to flip votes, I would program it so that all reflections of the tally accurately represent the voter's choices. Printouts - yes, have them so everyone feels good: "You voted for Al Gore." But somewhere in the back, at the single point where votes are recorded to be read back later, that's where I'd flip votes. Only here and there; only if the candidate of choice is losing; weighted by how many votes the candidate is actually getting so I don't skew the results unbelievably from exit polls. Without open source code, paper receipts will only provide a false sense of security. And a false sense of security is worse than no sense of security.
If paper is going to be at all useful you'd have to print out a human/machine readable copy, let the voter verify that it is correct, and then have the voter turn the form over to the election agency. Then, if there is a challenge/recount, the collected paper receipts can be matched to the machine-reported counts.
Still, if I were writing evil code, I would flip bits within the margin of error of human recounting. You couldn't necessarily guarantee any one particular election outcome, but over time you would skew power to the party of your choice in a much less obvious way than blatanly stealing a single election. So paper receipts should be printed in a machine-scannable way, and the code that reads the scanners would have to be outcome-neutral: so the Scantron wouldn't have the capacity to know whether choice A or B were associated with one or the other parties / candidates; it would be a dumb counting machine that would only spit back tallies. It would have to be a general-purpose counting machine -- in fact, the receipt printer should print out in the format that is readable by currently on-the-market scanner machines that are used to grade multiple-choice tests in schools. (Are they still using those things?)
The other huge problem with voting software that's not open source is that it only takes one intelligent and malicious person [with access to the source code] to control very very many voting systems (assuming that most precincts use one of a couple available systems). With old fashioned paper ballot systems, the most you can do is fuck with one or two precincts -- after that, there is too much manpower required, and too many logistical issues, to effect much change without getting caught. If you wanted to stuff ballot boxes in the Gilded Age, you had to physically access hundreds of boxes, and that's going to take a lot of collusion to pull off: only one person (of 5, 10, 20) has to spill the beans. But with closed-code systems, you can have just one engineer in the code: you have to pay off one person, you have one person mysteriously disappear, and the code is deployed to countless systems, affecting millions of votes.