By Erin Sherbert
By Howard Cole
By Erin Sherbert
By Erin Sherbert
By Leif Haven
By Erin Sherbert
By Chris Roberts
By Kate Conger
For example, as I waited in the chow line at a Republican fund-raiser last week, the woman in front of me said, "They're saying minorities can't figure out how to use ballot cards; that's insulting." The decision actually says nothing about the technical abilities of minority-group members. Rather, it says error-prone punch-card balloting machines are concentrated in minority-heavy voting districts.
A columnist wrote in last week's Chronicle that she had interviewed experts on both ends of the political spectrum, and all of them said the Ninth Circuit panel decision was political retaliation for the U.S. Supreme Court's Bush v. Gore decision. Actually, though, when people of different political persuasions blindly speculate about the motives behind a court decision and reach the same conclusion, it doesn't mean they have engaged in anything more meaningful than blind speculation.
Regardless of politics, the Ninth Circuit's initial ruling highlights a vital issue -- the inherent and longstanding unreliability of much of the electoral technology used in the United States -- that we ignore at our peril.
During the summer and fall of 1985, New York Timesreporter David Burnham wrote a series of lengthy articles contending that Votomatic punch-card machines, at the time made and distributed by Computer Election Systems of Berkeley, were vulnerable to tampering. These articles spawned a federal inquiry and an August 1988 report concluding that standards and controls for computer vote-tallying were worse than those employed in other computing sectors, that hanging-chad-prone technology made verifying voting results difficult, that the lack of computer controls facilitated "undiscoverable frauds," and that poll workers were ill-equipped to run the machines.
The report called for stiffened federal standards on poll technology. In November 1988, The New Yorker published a 21,000-word exposé of Votomatic's deficiencies, focusing on a battle between plaintiffs in voter-fraud lawsuits and Computer Election Systems executives about the necessity of keeping the company's vote-counting software secret. Reformers, including computer scientists interviewed by New Yorker writer Ronnie Dugger, said it was necessary to examine the code to expose and correct security deficiencies. CES executives scoffed at the potential for fraud, said the software was a trade secret, and prevailed in keeping the code hidden.
Shift forward to 2003: Three years ago, America made itself a global laughingstock in Florida. The U.S. Supreme Court wrote that the election "brought into focus a common, if heretofore unnoticed phenomenon": About two percent of ballots cast do not register a vote for president, and an important portion of those uncounted votes are the result of errors stemming from the voting technology used.
Last week's Ninth Circuit ruling cited at length the 1988 federal study, which "revealed significant problems with the system."
"However," the Ninth Circuit added, "the use of the systems continued."
As part of a nationwide -- and, in my view, weak-hearted -- effort to improve voting systems, California's Secretary of State plans to replace punch-card systems in several counties with touch-screen systems manufactured by Diebold Election Systems, a division of Diebold, Incorporated.
In 1997, Douglas Jones, the voting-technology researcher I quoted earlier, alerted Iowa voting officials to security problems in the Diebold touch-screen system. Systems throughout the state used the same, easily hacked security access password, a flagrant no-no in the world of computer security.
"This is like all bank ATM cards having the same PIN," Jones said. "They viewed it as a low-priority problem."
Rather than build sophisticated anti-tampering features into their software, Diebold adopted an olden-days policy of "security through obscurity." This programming chestnut holds that as long as people are kept in the dark about how the software works, it can't be hacked.
But in July, a group of Johns Hopkins University researchers released a study of Diebold software, derived from 2000 and 2002 versions of the software that had been leaked onto the Internet. The study showed myriad security problems, among them the 1997 flaw discovered and publicized by Jones. Diebold had simply ignored the problem, he says.
Diebold published a response downplaying "alleged" security failures, claiming that the company installed security upgrades since 2002, a claim Diebold will not allow the public to verify. Last month, Jones told an audience of computer security experts that the fiasco casts further doubt on American voting technology.
"I want to emphasize that this story represents more than just a black eye for Diebold," he said at the security symposium in Washington, D.C. "As I said in my 1997 letter, it represents a black eye for the entire system of voting system standards promulgated by the Federal Election Commission and the National Association of State Election Directors. Not only did the I-Mark/Global/Diebold touch-screen system pass all of the tests imposed by this standards process, but it passed them many times, and the source code auditors even gave it exceptionally high marks. Given this, should we trust the security of any of the other direct recording electronic voting systems on the market?"
A letter last month from Diebold's CEO, Walden O'Dell, which told Ohio Republicans that he is "committed to helping Ohio deliver its electoral votes to the president next year," further fueled criticism of the company. Diebold is one of three firms scheduled to qualify to provide voting machines to Ohio precincts.