Software has its limitations:
A technical committee that advises the U.S. Election Assistance Commission agreed unanimously that all new voting machines should be able to be audited either via paper trails or some new technology.
It’s a decision I agree with. It reminded me of working an aircraft simulator issue with Military Airlift Command (no longer in existence). Their requirements officer wanted to order a motion simulator for a cargo aircraft that had a range of freedom exceeding the space available in their facilities.
“Just software limit the simulator’s range of motion until we get the buildings modified” he said.
No can do. If the mechanical arm can reach through the ceiling we weren’t going to rely on software to keep it from doing so. The solution was to make sure it was physically impossible to hit the building.
Paper back-up for voting machines is the equivalent concept; we shouldn't have to rely solely on software when we don't have to.
Posted by Dave Calder on December 14, 2006 10:28 PM
| Permalink
Comments (2)
Good point.
Though having done a lot of machine design in my time, there is another aspect of this problem to consider--safety and functionality are two design goals that often butt heads.
It was generally true that the safety aspects of machine design would take a multiple of time dedicated to actually designing the machine to perform its function properly.
Voting machines have as their design objective the creation of a less ambiguous voting process and more flexibility for voter diversity (language, disability, etc...). Making it perfectly secure doesn't appear to have been part of the original design specification.
Diebold gets all the blame, but the "customer" wrote the spec.
I've been musing about the problem for the last year or so, and thought of a different approach--give a copy of the ballot back to the voter.
The reality of the electronic voting machine is that its insecurity isn't really a software or hardware problem--its a logistics problem. In a world where everyone is perfectly honest, the machine would only present the kind of glitches we saw in the past election--problems with the configuration user-interface. In other words--idiots.
That's not terribly hard to work out, and with new equipment design, experience is how you get to version 2.0
No--the real problem is that we don't live in a world of honest people and so the logistics of transporting machines, configuring machines and evaluating output constitute the real problem.
So how does a paper printout help?
Its still in the possession of the perceived corruptible election officials. If they can game the machines, they can figure out how to game the ballots as well.
What is required is a double-blind system. Just as you don't have the same person conduct purchasing and invoicing functions in a company, you don't have election officials count both the ballots and the backups. Give a record of the vote to the voter in the form of a tamper-proof record, like a CD-ROM (hopefully a lot smaller). In the event of a controversy, the public has an accurate record of how they voted and can re-record their votes in the event of a dispute.
Posted by Mick Stockinger | December 15, 2006 8:58 AM
Posted on December 15, 2006 08:58
The paper ballot isn't going to help in the case of a corrupted election official, but it will help with the corrupt programer. I liked seeing my ballot backed up when I voted. If there was a question about the vote that tape will come in handy. Our country has had to deal with corrupt election officials from time to time for the past couple of hundred years. On the whole, we've dealt with it mostly O.K. (as Hugh Hewitt says "if it's not close, they can't cheat). Electronic voting, however, is a newer animal. Done right, I expect more accurate results but people must have confidence in the voting equipment.
Ultimately we need mostly honest people for our system to work and if we don't, inaccurate voting machines may be the least of our problems.
Posted by Dave Calder | December 16, 2006 12:00 PM
Posted on December 16, 2006 12:00