This isn't really news to anyone who's been following the voting machine story, but the Mercury News has a major piece on flaws in voting machines used in the California recall election last October -- including some in Alameda County, where I voted. Apparently lots of votes got switched from Bustamante to a little-known Socialist Party candidate. And here's the kicker:
Until voting machines produce paper receipts, the only way a candidate can investigate questionable election results is by examining the voting systems' software code.But there's a catch: Election companies consider such software a trade secret not open to public scrutiny -- or subject to challenge from losing candidates, as Emil Danciu found out.
That's right, folks -- the cogs of your democracy are trade secrets. How long until Diebold has a NDA on the actual vote counts and not just the code?
There was an article in the Berkeleyan (not online) the other day about an independent investigation into the very nature of electronic voting, concluding that its problems go deeper than Diebold and paper trails, and are in fact harder to solve than secure electronic commerce due to the simultaneous needs for anonymity and accountability.
The article was specifically about browser-based absentee voting, which is of course different from problems with Diebold, but many of the issues are similar.
DOS attacks, spoofing, etc. cannot be eliminated no matter how a browser based system is developed, given the current architecture of the internet.
Posted by: Scot Hacker at February 3, 2004 09:21 AMThat article in the Berkleyan may be echoing the military study of SERVE, which is an Internet-based absentee voting system. That study concluded that any network-enabled system would be intrinsically insecure, given the current Internet architecture.
More on this, and some other links, on my earlier post here:
http://www.sonic.net/~ctweney/blog/archives/000039.html
Posted by: chris at February 3, 2004 11:26 AMYes, SERVE was the system they were covering.
Posted by: Scot Hacker at February 3, 2004 01:01 PM