Sunday, January 06, 2008

Devastating account of e-voting's flaws

Is anybody in Texas who can do anything about this paying attention?

The earliest critiques of digital voting booths came from the fringe — disgruntled citizens and scared-senseless computer geeks — but the fears have now risen to the highest levels of government. One by one, states are renouncing the use of touch-screen voting machines. California and Florida decided to get rid of their electronic voting machines last spring, and last month, Colorado decertified about half of its touch-screen devices. Also last month, Jennifer Brunner, the Ohio secretary of state, released a report in the wake of the Cuyahoga crashes arguing that touch-screens “may jeopardize the integrity of the voting process.” She was so worried she is now forcing Cuyahoga to scrap its touch-screen machines and go back to paper-based voting — before the Ohio primary, scheduled for March 4. Senator Bill Nelson, a Democrat of Florida, and Senator Sheldon Whitehouse, Democrat of Rhode Island, have even sponsored a bill that would ban the use of touch-screen machines across the country by 2012.

Gotta love that first sentence: "the fringe" are "disgruntled citizens".

Anyway, there's plenty to be appreciative of in this report...

If the machines are tested and officials are able to examine the source code, you might wonder why machines with so many flaws and bugs have gotten through. It is, critics insist, because the testing is nowhere near dilligent enough, and the federal regulators are too sympathetic and cozy with the vendors. The 2002 federal guidelines, the latest under which machines currently in use were qualified, were vague about how much security testing the labs ought to do. The labs were also not required to test any machine’s underlying operating system, like Windows, for weaknesses.

Vendors paid for the tests themselves, and the results were considered proprietary, so the public couldn’t find out how they were conducted. The nation’s largest tester of voting machines, Ciber Inc., was temporarily suspended after federal officials found that the company could not properly document the tests it claimed to have performed.

“The types of malfunctions we’re seeing would be caught in a first-year computer science course,” says Lillie Coney, an associate director with the Electronic Privacy Information Commission, which is releasing a study later this month critical of the federal tests.

In any case, the federal testing is not, strictly speaking, mandatory. The vast majority of states “certify” their machines as roadworthy. But since testing is extremely expensive, many states, particularly smaller ones, simply accept whatever passes through a federal lab. And while it’s true that state and local elections officials can generally keep a copy of the source code, critics say they rarely employ computer programmers sophisticated enough to understand it. Quite the contrary: When a county buys touch-screen voting machines, its elections director becomes, as Warren Parish, a voting activist in Florida, told me, “the head of the largest I.T. department in their entire government, in charge of hundreds or thousands of new computer systems, without any training at all.” Many elections directors I spoke with have been in the job for years or even decades, working mostly with paper elections or lever machines. Few seemed very computer-literate.

The upshot is a regulatory environment in which, effectively, no one assumes final responsibility for whether the machines function reliably. The vendors point to the federal and state governments, the federal agency points to the states, the states rely on the federal testing lab and the local officials are frequently hapless.

This has created an environment, critics maintain, in which the people who make and sell machines are now central to running elections. Elections officials simply do not know enough about how the machines work to maintain or fix them. When a machine crashes or behaves erratically on Election Day, many county elections officials must rely on the vendors — accepting their assurances that the problem is fixed and, crucially, that no votes were altered.

In essence, elections now face a similar outsourcing issue to that seen in the Iraq war, where the government has ceded so many core military responsibilities to firms like Halliburton and Blackwater that Washington can no longer fire the contractor. Vendors do not merely sell machines to elections departments. In many cases, they are also paid to train poll workers, design ballots and repair broken machines, for years on end.

“This is a crazy world,” complained Ion Sancho, the elections supervisor of Leon County in Florida. “The process is so under control by the vendor. The primary source of information comes only from the vendor, and the vendor has a conflict of interest in telling you the truth. The vendor isn’t going to tell me that his buggy software is why I can’t get the right time on my audit logs.”

Ugh. More bad news for democracy. Is there a solution? Sancho in Florida may have one:

Optical scanning is used in what many elections experts regard as the “perfect elections” of Leon County in Florida, where Ion Sancho is the supervisor of elections. In the late ’80s, when the county was replacing its lever machines, Sancho investigated touch-screens. But he didn’t think they were user-friendly, didn’t believe they would provide a reliable recount and didn’t want to be beholden to a private-sector vendor. So he bought the optical-scanning devices from Unisys and trained his staff to be able to repair problems when the machines broke or malfunctioned. His error rate — how often his system miscounts a ballot — is three-quarters of a percent at its highest, and has dipped as low as three-thousandths of a percent.

More important, his paper trail prevents endless fighting over the results of tight elections. In one recent contest, a candidate claimed that his name had not appeared on the ballot in one precinct. So Sancho went into the Leon County storage, broke the security seals on the records, and pulled out the ballots. The name was there; the candidate was wrong. “He apologized to me,” Sancho recalls. “And that’s what you can’t do with touch-screen technology. You never could have proven to that person’s satisfaction that the screen didn’t show his name. I like that certainty. The paper ends the discussion.” Sancho has never had a legal fight over a disputed election result. “The losers have admitted they lost, which is what you want,” he adds. “You have to be able to convince the loser they lost.”

That, in a nutshell, is what people crave in the highly partisan arena of modern American politics: an election that can be extremely close and yet regarded by all as fair. Not only must the losing candidate believe in the loss; the public has to believe in it, too.

The article makes the most cogent point possible, that the greatest concern isn't about the integrity of voting officials or hackers, but the vast potential for unintentional errors -- by the programmers, by the administrators, and by the voters themselves.

Can we take preventative action before next November to avoid the possibility of a catastrophic failure similar to 2000 in Florida, and 2004 in Cuyahoga County, Ohio? The only tool at our disposal is the continued agitation of those responsible for the decision-making. At every level of influence.

No comments: