Paul Krugman finally speaks up about the threat to democracy posted by electronic voting machines in today's Times. He endorses a bill to require all the machines to print a paper ballot in time for 2004 -- which would probably mean electronic machines won't be in use this year. That's no objection to the bill, though; it's important to spend the time and get it right. With the failure rate for software development around 75%, it's hard to see how a system this flawed can be corrected in time for November.
From Krugman's editorial:
Internal e-mail from Diebold, the most prominent maker of electronic voting machines (though not those in the Florida and Virginia debacles), reveals that programmers were frantic over the system's unreliability. One reads, "I have been waiting for someone to give me an explanation as to why Precinct 216 gave Al Gore a minus 16022 when it was uploaded." Another reads, "For a demonstration I suggest you fake it."Computer experts say that software at Diebold and other manufacturers is full of security flaws, which would easily allow an insider to rig an election.
...
[H]ere's the crucial point: even if there are strong reasons to suspect that electronic machines miscounted votes, nothing can be done about it. There is no paper trail; there is nothing to recount.
The security flaws appear to be intrinsic to any design that includes Internet access. A new study of the military-funded SERVE system (not a Diebold product) concluded that the system is "inherently insecure and should be abandoned". The study panel even went so far as to say "there really is no good way to build such a voting system without a radical change in overall architecture of the Internet and the PC". In other words, any election system that has Internet connectivity is vulnerable.
And of course Bev Harris has found massive flaws in the Diebold touch-screen system, GEMS:
"You see, they make a big point of the fact that there's no Internet connection to the voting machine, but that's sort of parsing the issue. That's true, in the polling places there's no Internet connection, but the voting machines connect into the GEMS machine through modem. And the GEMS machine then connects to the Internet, and that's what the press watches.
In the computer security business, they say that the only 100% secure system is one that's disconnected from the entire world, locked in an underground safe with an armed guard and video surveillance. Modem connectivity is significantly more secure than TCP/IP, and it's mind-boggling to me that Diebold would build Internet protocols into the central voting system instead of using modems or proprietary protocols. What's more, every other product they make prints a little paper receipt! Why did they have to leave them off the voting boxes?
Update 1/23 1:45pm: The Times editorial board agrees with Krugman, too, although they don't mention Diebold.
Posted by Chris at January 23, 2004 06:50 AM