Monday, November 15, 2004

Bruce Schneier on electronic voting, essential reading.

"After 2000, voting machine problems made
international headlines. The government appropriated money to fix the
problems nationwide. Unfortunately, electronic voting machines --
although presented as the solution -- have largely made the problem
worse. This doesn't mean that these machines should be abandoned, but
they need to be designed to increase both their accuracy, and people's
trust in their accuracy. This is difficult, but not impossible...

...Computer security experts are unanimous on what to do. (Some voting
experts disagree, but I think we're all much better off listening to
the computer security experts. The problems here are with the
computer, not with the fact that the computer is being used in a voting
application.) And they have two recommendations:

1. DRE machines must have a voter-verifiable paper audit trails
(sometimes called a voter-verified paper ballot). This is a paper
ballot printed out by the voting machine, which the voter is allowed to
look at and verify. He doesn't take it home with him. Either he looks
at it on the machine behind a glass screen, or he takes the paper and
puts it into a ballot box. The point of this is twofold. One, it
allows the voter to confirm that his vote was recorded in the manner he
intended. And two, it provides the mechanism for a recount if there
are problems with the machine.

2. Software used on DRE machines must be open to public
scrutiny. This also has two functions. One, it allows any interested
party to examine the software and find bugs, which can then be
corrected. This public analysis improves security. And two, it
increases public confidence in the voting process. If the software is
public, no one can insinuate that the voting system has unfairness
built into the code. (Companies that make these machines regularly
argue that they need to keep their software secret for security
reasons. Don't believe them. In this instance, secrecy has nothing to
do with security.)...


...Proponents of DREs often point to successful elections as "proof" that
the systems work. That completely misses the point. The fear is that
errors in the software -- either accidental or deliberately introduced
-- can undetectably alter the final tallies. An election without any
detected problems is no more a proof the system is reliable and secure
than a night that no one broke into your house is proof that your door
locks work. Maybe no one tried, or maybe someone tried and
succeeded...and you don't know it.

Even if we get the technology right, we still won't be done. If the
goal of a voting system is to accurately translate voter intent into a
final tally, the voting machine is only one part of the overall
system. In the 2004 U.S. election, problems with voter registration,
untrained poll workers, ballot design, and procedures for handling
problems resulted in far more votes not being counted than problems
with the technology. But if we're going to spend money on new voting
technology, it makes sense to spend it on technology that makes the
problem easier instead of harder."

No comments: