[IP] Who Tests Voting Machines?

To: Ip <ip@xxxxxxxxxxxxxx>
Subject: [IP] Who Tests Voting Machines?
From: David Farber <dave@xxxxxxxxxx>
Date: Sun, 30 May 2004 16:29:48 -0400
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx



Begin forwarded message:

From: "R. A. Hettinga" <rah@xxxxxxxxxxxxxx>
Date: May 30, 2004 10:19:12 AM EDT
To: cryptography@xxxxxxxxxxxx
Subject: Who Tests Voting Machines?

<http://www.nytimes.com/2004/05/30/opinion/30SUN1.html?th=&pagewanted=print&position=>


The New York Times

May 30, 2004
MAKING VOTES COUNT

Who Tests Voting Machines?
henever questions are raised about the reliability of electronic voting
machines, election officials have a ready response: independent testing.

There is nothing to worry about, they insist, because the software hasbeenpainstakingly reviewed by independent testing authorities to make sureitis accurate and honest, and then certified by state election officials.Butthis process is riddled with problems, including conflicts of interestand

a disturbing lack of transparency. Voters should demand reform, and they
should also keep demanding, as a growing number of Americans are, a
voter-verified paper record of their vote.

Experts have been warning that electronic voting in its current formcannot

be trusted. There is a real danger that elections could be stolen by
nefarious computer code, or that accidental errors could change an
election's outcome. But state officials invariably say that the machines

are tested by federally selected laboratories. The League of WomenVoters,in a paper dismissing calls for voter-verified paper trails, puts itsfaith

in "the certification and standards process."

But there is, to begin with, a stunning lack of transparency surrounding
this process. Voters have a right to know how voting machine testing is
done. Testing companies disagree, routinely denying government officials

and the public basic information. Kevin Shelley, the Californiasecretary

of state, could not get two companies testing his state's machines to
answer even basic questions. One of them, Wyle Laboratories, refused to

tell us anything about how it tests, or about its testers' credentials."Wedon't discuss our voting machine work," said Dan Reeder, a Wylespokesman.

Although they are called independent, these labs are selected and paidby

the voting machine companies, not by the government. They can come under
enormous pressure to do reviews quickly, and not to find problems, which

slow things down and create additional costs. Brian Phillips, presidentofSysTest Labs, one of three companies that review voting machines,conceded,"There's going to be the risk of a conflict of interest when you arebeing

paid by the vendor that you are qualifying product for."

It is difficult to determine what, precisely, the labs do. To ensurethereare no flaws in the software, every line should be scrutinized, but itishard to believe this is being done for voting software, which cancontainmore than a million lines. Dr. David Dill, a professor of computerscienceat Stanford University, calls it "basically an impossible task," anddoubts

it is occurring. In any case, he says, "there is no technology that can
find all of the bugs and malicious things in software."

 The testing authorities are currently working off 2002 standards that
computer experts say are inadequate. One glaring flaw, notes Rebecca

Mercuri, a Harvard-affiliated computer scientist, is that the standardsdonot require examination of any commercial, off-the-shelf software usedinvoting machines, even though it can contain flaws that put theintegrity of

the whole system in doubt. A study of Maryland's voting machines earlier
this year found that they used Microsoft software that lacked critical

security updates, including one to stop remote attackers from takingover

the machine.

If so-called independent testing were as effective as its supportersclaim,

the certified software should work flawlessly. But there have been

disturbing malfunctions. Software that will be used in Miami-DadeCounty,Fla., this year was found to have a troubling error: when it performedan

audit of all of the votes cast, it failed to correctly match voting
machines to their corresponding vote totals.

If independent testing were taken seriously, there would be an absolutebar

on using untested and uncertified software. But when it is expedient,

manufacturers and election officials toss aside the rules withouttellingthe voters. In California, a state audit found that voters in 17countiescast votes last fall on machines with uncertified software. WhenGeorgia's

new voting machines were not working weeks before the 2002 election,

uncertified software that was not approved by any laboratory was addedto

every machine in the state.

The system requires a complete overhaul. The Election Assistance
Commission, a newly created federal body, has begun a review, but it has
been slow to start, and it is hamstrung by inadequate finances. The
commission should move rapidly to require a system that includes:

Truly independent laboratories. Government, not the voting machine
companies, must pay for the testing and oversee it.

Transparency. Voters should be told how testing is being done, and the
testers' qualifications.

Rigorous standards. These should spell out in detail how software and

hardware are to be tested, and fix deficiencies computer experts havefound.


Tough penalties for violations. Voting machine companies and election
officials who try to pass off uncertified software and hardware as
certified should face civil and criminal penalties.

Mandatory backups. Since it is extremely difficult to know thatelectronicvoting machines will be certified and functional on Election Day,electionofficials should be required to have a nonelectronic system availablefor

use.

None of these are substitutes for the best protection of all: a

voter-verified paper record, either a printed receipt that voters cansee

(but not take with them) for touch-screen machines, or the ballot itself
for optical scan machines. These create a hard record of people's votes
that can be compared to the machine totals to make sure the counts are
honest. It is unlikely testing and certification will ever be a complete

answer to concerns about electronic voting, but they certainly are notnow.



--
-----------------
R. A. Hettinga <mailto: rah@xxxxxxxx>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List

Unsubscribe by sending "unsubscribe cryptography" tomajordomo@xxxxxxxxxxxx


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] more on Trademark Snafu, U of Georgia to lose name?
Next by Date: [IP] Princeton Review's Analysis of College Board's SAT modifications
Previous by thread: [IP] more on Trademark Snafu, U of Georgia to lose name?
Next by thread: [IP] Princeton Review's Analysis of College Board's SAT modifications
Index(es):
- Date
- Thread