We believe in the power of software and its ability to execute daunting tasks. However, we are also aware that all software has flaws and that, sooner or later, these flaws will appear. Because of this, there are some tasks for which software alone should not be trusted. The process of voting in electoral contests is one of them.
The reason was made clear in research recently completed by the Information Security Institute at Johns Hopkins University (see avirubin.com/vote.pdf). The researchers analyzed code found on a site of Diebold Election Systems, a company with contracts with several states and with tens of thousands of voting systems in the United States.
The Diebold code was riddled with serious holes and flaws that would make it possible to rig voting machines or let someone vote an unlimited number of times without detection. Of course, representatives of Diebold are protesting that the code in question was old and that they are constantly improving it. Were the code as clean and secure as is possible, we would still be against its use in deciding elections.
Chief among our concerns is that the Diebold code in question is closed and proprietary. Because of this, the only people who may know of a flaw would be those exploiting it. And, of course, there is always the possibility that a coder could add a back door that could be exploited. The code used for something as important as elections must be open so that all can be assured of its integrity and security. No independent group of code evaluators can provide the same level of validation that the full tech community can.
We believe that software should be only part of the election process. We agree with security researchers at www. verifiedvoting.org who argue that there must be a paper audit trail in any election. While software and touch-screens can help avoid selection problems such as hanging chads, they should create a paper document that a voter can verify and that can be stored like any paper ballot. The voting machine should stop at creating the ballot, and standard ballot counting procedures should remain in place.
If these software-based voting systems stay in place, it is likely that a flaw will be exploited to change the results of an election—making Florida in 2000 look like a minor occurrence. As technology professionals, we must make sure our congressional representatives understand the serious problems presented by these software-based voting systems.
A bill introduced in May, the Voter Confidence and Increased Accessibility Act of 2003, has among its requirements that voting systems provide a paper audit trail and that the source code must be available for review by any citizen. For more information on this bill, go to Thomas. loc.gov or to action.eff.org/action/ index.asp?step=2&item=2754. This bill will ensure the accuracy of electronic voting, and we support its adoption.
Send your comments to [email protected]