John's Blog: January 2004
Everyone and his dog has a 'blog these days, right? So why not me? If you are interested in anything I'm saying, great! Let's talk about it! (Leave comments.) If not, try one of my other links. Better yet, why are you wasting your time staring at your computer screen, go do something real!
Let me know if you'd like to be to be updated whenever I post a new article. It won't happen every day!
Introduction to E-Voting
In the wake of the disastrous US elections of 2000, I got very interested for a while in electronic voting, and did a little bit of research towards that end. My interest in electronic voting was based on the naive idea that electronic voting would be less ambigous, and therefore more accurate, than older systems such as mechanical levers and punchcards. While this is superficially true, I soon learned that "e-voting" will bring a whole new set of problems.
Although it's pretty easy to imagine that voting by Internet is nowhere near ready to use, from almost any perspective you could think of, even stand-alone electronic machines are still susceptable to technical problems and trust issues. While those of us who are computer professionals may be more used than most to trusting computer systems, because we feel we sort of understand them, we also know better than most where the risks are for data loss and tampering. In a situation as important as an election, backup systems and multiple validation steps are essential.
Many good articles have already been written about these dangers. Wired magazine has several good ones (More Calls to Vet Voting Machines, Did E-Vote Firm Patch Election?, E-Voting Blunder Creates a Stir, and Time to Recall E-Vote Machines?), and many more may be found by some simple Google searching.
The consensus that is developing among electronic voting experts is that, number one, a paper trail is essential. Should any irreparable data loss or corruption occur, either by accident or malicious intent, there must be alternate way of counting the votes. Not only that, a paper trail provides a very transparent confirmation of the computers' results. There must be some way to validate accuracy should questions arise, and it must be a method which an non-computer expert can understand. Anything short of that is placing too much trust in a small group of very technical people whose pronouncements cannot be questioned, because the public and most media lack the technical background to do so.
A second movement afoot is for all associated software, ideally including the operating system, to be "open source". That means that the source code, while it may still be copyrighted, is posted publically for anyone to look at. (Ironically, several of the above Wired articles mention the fact that leading company Diebold's proprietary source code was, in one instance, available by public FTP. The only real problem with this [unless you are Diebold] it that it was purely accidental on the company's part, indicating that they were careless in this, and who knows what other, regard.)
If you are not familiar with it, the "open-source" community is an informal and decentralized group of civic-minded computer programmers around the world who collaborate on building software whose source code is freely available. In many cases, it even permissable to compile this into an actual working program for free. There may be thousands of "open-source" efforts going on around the world; there are certainly hundreds. The most well-known among most programmers is the Linux operating system, the Apache web server, and the various GNU projects.
In many people's opinions, a great strength of open-source is that the wider peer review and creative input which is integral to the development effort results (ideally) in better and more secure software. In the case of voting software, the idea is that the amount of public input from "good" programmers, security experts (from a variety of companies), and elections auditors, will outweigh any benefit that malicious "hackers" could also gain by being able to examine the same code. Indeed, there is also already considerable interest in building open-source voting software, and in least one such case, involving an Australian open source effort, a potential bug (non-security related) really was found and reported by someone outside the development team, and subsequently fixed.
Tomorrow I will review the open-source projects which I have found to date, as part of my own education and potential involvement in one of them.
Update, 2/2/04: That review will be sometime this week, I hope. Meanwhile, the Christian Science Monitor has a new article about this issue today.
0 comments
