Glass Box Voting

Speaking of machines that handle money, a commenter on slashdot reminded me of a graphic comparing gaming machines to voting machines.  From the intro:

It’s easier to rig an electronic voting machine than a Las Vegas slot machine, says University of Pennsylvania visiting professor Steve Freeman. That’s because Vegas slots are better monitored and regulated than America’s voting machines, Freeman writes in a book out in July that argues, among other things, that President Bush may owe his 2004 win to an unfair vote count. We’ll wait to read his book before making a judgment about that. But Freeman has assembled comparisons that suggest Americans protect their vices more than they guard their rights, according to data he presented at an October meeting of the American Statistical Association in Philadelphia.

Not going to hotlink their image, so click the link.

The folks at verifiedvoting.org have a useful page that shows what voting systems are in place across the country. You can drill down to the county level, learn exactly what equipment is in use, and learn contact information for elections administrators.

Thanks to Brad Freidman for the link.

Ars Technica reports on difficulties with voting machines being used in today’s primary elections.  A primary complaint is the failure of U.S. Rep Rush Holt’s proposal to fund conversion of machines to include a paper trail.  It failed in the house last week.  I’m not sure why a 2/3 vote was required for it, but it fell 39 votes short of that measure.  Voting was on party lines.

I am not sure why integrity of voting machines is a partisan issue, can someone explain that to me?

As a counterpoint, Professor Michael Shamos of Carnegie Mellon calls paper trails (aka Voter Verified Paper Audit Trail or VVPAT) a red herring in an interview published yesterday.  I tend to agree with him that paper does not prevent fraud, but my position is that a cryptographically protected electronic audit trail generated on a device whose security can be demonstrated, along with a VVPAT, provides redundancy and the separation of duties that a well secured system requires.  The electronic records can be used to audit and cross check the paper records, while also providing fast results, flexible ballots, and other characteristics that have made DREs popular in recent years.

A New Jersey state judge has subpoenaed county clerks in six NJ counties to turn over voting machines.  Brief AP story here.  Sequoia voting systems, the vendor, plans to fight the subpoena.  The plaintiff in the case plans to have the machines tested by voting system researcher Ed Felten.  Here is his summary of the discrepancies.

Sequoia is pushing back, claiming that their trade secrets will be violated, but they probably object in particular to the choice of Felten (see here for a little bit of the history between Sequoia and Felten).

Voting systems should be available for public scrutiny and testing.  The argument that the secrecy is mandatory to protect the company’s intellectual property is a fallacy and a smokescreen - a good IP lawyer should be able to design terms by which the design is transparent for independent testing purposes but not permitted to be used for commercial development.  Such terms would not meet the full definition of Open Source as defined by the Open Source Initiative, but they would still enable a much greater level of transparency and scrutiny than is currently permitted.  Of course, that’s probably why the existing vendors resist such an approach - because their systems cannot stand up to the scrutiny.

Bruce Schneier had an excellent post on his blog this week about the security mindset.  The reason that existing voting machines are not secure is because the basic engineering mindset does not include the sneaky attitude required to design a secure system.  From the post:

The lack of a security mindset explains a lot of bad security out there: voting machines, electronic payment cards, medical devices, ID cards, internet protocols. The designers are so busy making these systems work that they don’t stop to notice how they might fail or be made to fail, and then how those failures might be exploited. Teaching designers a security mindset will go a long way toward making future technological systems more secure.

Wired’s 27b-6 column on the Ohio voting machine story.

The article.

Why would you possible build a voting machine for which audit could be disabled?

Ed Felten received an email from Sequoia Voting Systems warning him not to participate in an upcoming New Jersey system test.

Sender: Smith, Ed [address redacted]@sequoiavote.com
To: felten@cs.princeton.edu, appel@princeton.edu
Subject: Sequoia Advantage voting machines from New Jersey
Date: Fri, Mar 14, 2008 at 6:16 PM

Dear Professors Felten and Appel:

As you have likely read in the news media, certain New Jersey election officials have stated that they plan to send to you one or more Sequoia Advantage voting machines for analysis. I want to make you aware that if the County does so, it violates their established Sequoia licensing Agreement for use of the voting system. Sequoia has also retained counsel to stop any infringement of our intellectual properties, including any non-compliant analysis. We will also take appropriate steps to protect against any publication of Sequoia software, its behavior, reports regarding same or any other infringement of our intellectual property.

Very truly yours,
Edwin Smith
VP, Compliance/Quality/Certification
Sequoia Voting Systems

I’ve said it before, but Techdirt says it nicely as well:

…banks have much stronger incentives to get things right than election officials. If a criminal succeeds in knocking off an ATM machine, the bank that owns that ATM machine stands to lose a lot of money.

The article was a response to a post last month on voting machines at the University of Chicago’s law school faculty blog.

Update: Greetings to any slashdot readers that might’ve followed my link, but sadly I aimed at the wrong post.  This is the article I meant.

Let noone say Prime III isn’t patriotic: