Why should we trust a private company to produce electronic voting systems if they won't show everyone how they work?
"We found some stunning, stunning flaws," said Aviel D. Rubin, technical director of the Information Security Institute at Johns Hopkins University, who led a team that examined the software from Diebold Election Systems, which has about 33,000 voting machines operating in the United States.
That, from the NY Times, is part of a scathing report about security and computerized voting machines. If you're not a computer geek, a lot of the talk about software may be difficult to understand, but think of it this way: would you trust someone who brought out a new mechanical voting machine but wouldn't let anyone see the inside to make sure it worked correctly? In a computerized system, the software is the largest part of the "inside", with the added danger that it can generally fail (or, in the worst case, be manipulated) in more subtle ways than a mechanical system.
More disturbing, I think, is this from Diebold (same article):
A spokesman for Diebold, Joe Richardson, said the company could not comment in detail until it had seen the full report. He said that the software on the site was "about a year old" and that "if there were problems with it, the code could have been rectified or changed" since then. The company, he said, puts its software through rigorous testing.
Testing isn't the problem. Well, it's a problem. But it's not the big problem. If the software has design flaws (and that's what Rubin and his team found, primarily), then testing -- which typically is done to make sure the code works as designed -- isn't going to help at all. The question isn't whether the code works "correctly", but whether Diebold's notion of "correct" is appropriate and adequate to the required security to ensure that election results are accurate and can't be tampered with.
"We're constantly improving it so the technology we have 10 years from now will be better than what we have today," Mr. Richardson said. "We're always open to anything that can improve our systems."Apparently Diebold is "open to anything" as long as it doesn't involve actually showing people how the code works. I cannot conceive of anything that is more directly pertinent to the rights of an American citizen than the ability to ensure that elections are conducted accurately and fairly. If Diebold doesn't want to show the citizens how their machine works, that's their right. It is their proprietary code. But I think it should be made law that any system, mechanical or computerized, used in casting or tallying votes should be completely open for inspection by interested citizens.
The move to electronic voting — which intensified after the troubled Florida presidential balloting in 2000 — has been a source of controversy among security researchers. They argue that the companies should open their software to public review to be sure it operates properly.
Mr. Richardson of Diebold said the company's voting-machine source code, the basis of its computer program, had been certified by an independent testing group. Outsiders might want more access, he said, but "we don't feel it's necessary to turn it over to everyone who asks to see it, because it is proprietary."