[wordup] Election rigging for pleasure and profit

[Adam Shand]

From: http://www.antipope.org/charlie/blosxom.cgi/2003/Sep/20#voting-1

The EFF is currently trying to raise the alarm over a deeply sinister 
development at the IEEE. In case you haven't heard of it, the Institute 
of Electrical and Electronics Engineers is an enormous and important 
professional body which, among other things, spawns committees that set 
out public standards for electronics, software, and hardware devices to 
conform to.

Normally, IEEE activities are nothing but praiseworthy, but this month 
something weird and nasty is happening in those hallowed halls -- 
something with poisonous implications for democratic government, 
world-wide.

You've probably heard about electronic voting machines. If you tracked 
the US presidential election you'll remember the hanging chads in 
Florida, the undesirable side-effects of using antique mechanical 
card-punch machines for filling out ballots. In the UK, Tony Blair and 
his panglossian ministers are getting all starry-eyed about internet 
voting, in an attempt to get the under-25 voters interested in the 
whole business. Anything that makes votes easier to count, and makes it 
easier for people to vote, would appear on the surface to be a good 
thing. However ...

As Rebecca Mercuri, professor of computer science at Bryn Mawr College 
(and a specialist in electronic voting systems) points out at length, 
electronic voting harbours potentially immense dangers. As she writes: 
"I am adamantly opposed to the use of fully electronic or 
Internet-based systems for use in anonymous balloting and vote 
tabulation applications. The reasons for my opposition are manyfold, 
and are expressed in my writings as well as those of other 
well-respected computer security experts. At the present time, it is my 
strong recommendation that all election officials REFRAIN from 
procuring ANY system that does not provide an indisputable paper 
ballot. A detailed explanation, along with my recommendation for 
appropriately configured voting equipment, is provided in the full text 
of this statement, available here."

In case you're too lazy to read professor Mercuri's opinion, here's her 
key point: "Fully electronic systems do not provide any way that the 
voter can truly verify that the ballot cast corresponds to that being 
recorded, transmitted, or tabulated. Any programmer can write code that 
displays one thing on a screen, records something else, and prints yet 
another result. There is no known way to ensure that this is not 
happening inside of a voting system." In a nutshell: software can be 
hacked. If you don't have a piece of paper to hold, you're stuffed. It 
can't be proven to be a democracy any more than a system where the 
ballot boxes are carted away from the polling station by workers from 
the governing party, re-packed, and then appear mysteriously at the 
count in the custody of those same party adherents.

Speaking as a sometime programmer with a master's degree in computer 
science, I agree with her. She's dead right. Electronic voting systems 
are dangerously easy to rig. So the only way to safely approach 
electronic voting is with complete openness. To be acceptable, an 
electronic voting system must meet at least the following requirements:

• 	It must print a paper record of the vote cast, which the voter must 
be able to see, and which must be retained, and which can be reconciled 
with the electronic record of the vote.
• 	The software used must be open to third-party auditors, to the 
extent that it can be verified and if necessarily formally proven to be 
above suspicion. (Translation: only open source need apply.)
• 	The hardware used must be open to third-party auditors, preferably 
conform verifiably to off-the-shelf standards, and may be challenged 
and replaced by the election commission with equivalent off-the-shelf 
equipment (to ensure that no sneaky hardware back doors are installed).

Needless to say, current electronic voting systems don't meet these 
requirements. They're almost all made by private commercial concerns 
like Sequoia Voting Systems or Danaher Corporation, Diebold Election 
Systems and ES&S. They're black boxes; in most cases the licence terms 
expressly forbid opening the hardware for inspection, let alone 
providing source code to the software. And the companies who make them 
may harbour conflicts of interest.

Now here's the EFF's beef with the IEEE:

   In the aftermath of the Florida election debacle, the IEEE took up 
the question of standards for voting
   equipment. It created a working group, called Project P1583, overseen 
by a Standards Coordinating
   Committee known as SCC 38. After passage by IEEE, this standard will 
go to ANSI for final validation.
  The substantive work is in its final stages, and the draft standard is 
currently out to ballot.

   This particular vote is extremely important, because the IEEE sits on 
an advisory committee to the
   forthcoming Election Assistance Commission established by the Help 
America Vote Act (HAVA). This
   means that this standard could ultimately be adopted broadly 
throughout the United States. In a very
   real sense, the future of democratic systems in the U.S. and around 
the world are implicated by this
   standard -- the stakes couldn't be higher.

   Problem: Unfortunately, instead of using this opportunity to create a 
performance standard, setting
   benchmarks for e-voting machines to meet with regards to testing the 
security, reliability, accessibility
   and accuracy of these machines, P1583 created a design standard, 
describing how electronic voting
   machines should be configured (and following the basic plans of most 
current electronic voting machines).
   Even more problematic, the standard fails to require or even 
recommend that voting machines be truly
   voter verified or verifiable, a security measure that has broad 
support within the computer security
   community.

   To make matters worse, EFF has received reports of serious procedural 
problems with the P1538 and
   SCC 38 Committee processes, including shifting roadblocks placed in 
front of those who wish to participate
   and vote, and failure to follow basic procedural requirements. We've 
heard claims that the working group
   and committee leadership is largely controlled by representatives of 
the electronic voting machine vendor
   companies and others with vested interests.

This is an enormously important issue. What the IEEE standard specifies 
will probably be taken up by the US government under the HAVA proposal 
and will set a benchmark that will be followed worldwide. The big 
players in the commercial e-voting systems market want to ensure that 
the playing field meets their requirements, not the requirements of 
representative democratic governments, and they're nobbling the 
committee in order to get a lock on the standard. If we're not lucky 
we'll be stuck with voting machines that provide no audit trail, give 
no opportunity to verify that they're impartial and record votes 
correctly, and are made by corporations whose owners are political 
partisans who favour one party over any other.

If you're an IEEE member, please go look at the EFF alert and do 
something, as soon as you can. Help preserve democracy: it may be the 
most important political act you ever make.