Voting Machines Need A Paper Trail
Could Hugo Chavez have control over U.S. voting machines? Voting Machines’ Venezuela Ties (mirror)
The bad thing about this is not whether he does or doesn't (I'm sure someone will make the usual open-ended "we know of no evidence" statement). It is that whether Vic has a back door into our voting machines or not, there is no technology reason he could not. It is only the artificial steps inserted into the process such as documenting the custody of the software, rigorous code review, etc. that can protect the elections. And a paper trail is an important part of this process.
Imagine telling buyers of lottery tickets: "No receipt but don't worry -- we know what numbers you picked -- if you win we will call you". If lottery machines get a paper trail, then voting, which is way more important, should get at least the same courtesy.
This is so obvious to most programmers. Oddly enough, anecdotally, it seems the closer we are to the business of writing software, the more likely we are to distrust the machines and want the paper trail. The electronic voting machine system needs a physical paper trail. There should be a dot-matrix line printer sitting there in a locked box, one per precinct, attached to the local network of voting machines, printing a couple lines everytime someone votes. It should be a trail such that in the case of a total system failure, total theft of the precinct's voting machines, etc, (or, a challenge to the reported results), that the results of that precinct's election could be totally recreated from the paper trail. It has to be a dot matrix printer because (a) it is the only kind of printer that prints a line immediately when requested instead of saving up lines in memory and printing only when it has enough data to make a whole page and (b) you get audible feedback that the printer is still working.
There is a lot more to it, of course. The software should be secure enough that the entirety of the source code can be made available to anyone who wants to see it without compromosing security one bit. Any programmer should be able to review all the code and point out vulnerabilities. If the security of any system depends on people not knowing how the software works, it is fundamentally insecure. This is known as "Security Through Obscurity" which really means "not secure". C'mon this would be so easy.
The bad thing about this is not whether he does or doesn't (I'm sure someone will make the usual open-ended "we know of no evidence" statement). It is that whether Vic has a back door into our voting machines or not, there is no technology reason he could not. It is only the artificial steps inserted into the process such as documenting the custody of the software, rigorous code review, etc. that can protect the elections. And a paper trail is an important part of this process.
Imagine telling buyers of lottery tickets: "No receipt but don't worry -- we know what numbers you picked -- if you win we will call you". If lottery machines get a paper trail, then voting, which is way more important, should get at least the same courtesy.
This is so obvious to most programmers. Oddly enough, anecdotally, it seems the closer we are to the business of writing software, the more likely we are to distrust the machines and want the paper trail. The electronic voting machine system needs a physical paper trail. There should be a dot-matrix line printer sitting there in a locked box, one per precinct, attached to the local network of voting machines, printing a couple lines everytime someone votes. It should be a trail such that in the case of a total system failure, total theft of the precinct's voting machines, etc, (or, a challenge to the reported results), that the results of that precinct's election could be totally recreated from the paper trail. It has to be a dot matrix printer because (a) it is the only kind of printer that prints a line immediately when requested instead of saving up lines in memory and printing only when it has enough data to make a whole page and (b) you get audible feedback that the printer is still working.
There is a lot more to it, of course. The software should be secure enough that the entirety of the source code can be made available to anyone who wants to see it without compromosing security one bit. Any programmer should be able to review all the code and point out vulnerabilities. If the security of any system depends on people not knowing how the software works, it is fundamentally insecure. This is known as "Security Through Obscurity" which really means "not secure". C'mon this would be so easy.
posted by scott long at 10:42 AM
0 comments
links to this post
