July 20, 2003

Why Are We Willing To Bet Democracy To Gain A Few Bucks?

Democracy survives only because the voters have faith that their votes are accurately counted.  If that faith is lost, voters will conclude that the system is fixed and will abandon the system.

The United States had a near miss in 2000 in Florida.  That near miss could have turned into a disaster had there not been physical evidence of the votes cast - the infamous chads.  That should have served as a warning.  But instead of learning the lesson that an independent, auditable record of votes cast is a critical and necessary part of an election system, our agencies and legislatures have leapt to the unsupportable conclusion that invisible electrons are a better way to count votes than humanly readable paper.

I ran in, and won, one of the first, if not the first, worldwide electronic election - to represent North America on the board of directors of the Internet Corporation for Assigned Names and Numbers (ICANN), a body that regulates the core assets of the Internet.  This election was tainted by badly implemented voting systems.  That taint served as an excuse for ICANN to abandon elections and public participation in its decision-making forums.

I am also a computer scientist - I have been working with computers and networks for 35 years.  Much of that time I have worked with security of operating systems, applications, and networks.  I have also spent many years examining and testing software to discover flaws, intended, negligent, or accidental.  I have never ceased to be amazed at how badly software is designed and implemented to deal with real-life.  And I have never ceased to be amazed at how naive people are in the belief that testing and code inspection will reveal flaws.

Ken Thompson's famous 1984 paper - Reflections on Trusting Trust - should have long ago dispelled the notion that code defects and penetrations will be visible in source code.

And our experiences with the thousands upon thousands of penetrations of Microsoft's "operating systems", by vectors ranging from e-mail to web-pages to randomly addressed network packets, despite the continued and massive efforts of Microsoft and several security and anti-virus companies, should have taught us that computer platforms are laughably weak.

Even closed, special purpose systems are full of flaws and easily penetrated.  Banks know this about their ATMs - that's why they allocate reserves to cover the expected losses.  Even touted air and space control systems can be flawed - the Mars Climate Orbiter crashed because some software engineers used metric units of measure and others used English units.

With this a backdrop, we see not just States, but also the US Federal government, racing to deploy computer based voting systems that can not be audited, can not be recounted except by relying on exactly the same systems that are being accused of being inaccurate.

By doing this we are risking our most fundamental precept - that of government accountable to the people through elections.

Why are we doing this?

It only costs a few dollars to add a solid, paper audit trail to electronic voting machines.  The only reason why this is not being done is to save a few dollars.  The only conclusion that I can draw from this is that our election officials are willing to risk democracy in order to save a few bucks.

I personally do not hold democracy so cheap.

To my way of thinking, it is irresponsible to deploy electronic voting systems without there being humanly readable audit trails - and by this I mean paper ballots that the voter can read to confirm his/her vote and which, in the case of a recount, serve as the master record of the vote, superseding anything that the electronic machine might have to the contrary.

Posted by karl at July 20, 2003 6:12 PM