Sunday, June 07, 2015
The code that the machine runs must be correct (without significant bugs or errors), which is difficult (and expensive).
Worse, you must be certain that the code you have validated is actually the code it runs for every vote during the election, which is impossible. As in, literally impossible. The problem is, the only way to find out what code the machine is running is to ask it. Because machines are programmed by humans, machines can lie, just like humans.
Here's how it works:
Computer running the validated code1. Computer expert queries the computer about what code it is running
2. Computer says "I am running the validated code"
Computer running hacked code1. Computer is hacked, adding malicious (lying) code to the validated code
2. Computer expert queries the computer about what code it is running
3. The malicious code lies and says "I am running the validated code"
This is not theoretical, this is exactly what a rootkit does.
So if the machine only records votes electronically, you can never be sure if your vote was correctly recorded. (This is not to mention the possibility of alteration during a long electronic chain of transmission to get to the final election results.)
The only way to verify your vote is to get a paper printout, so that you can look at the paper and validate that it shows your vote as cast. But again, remember the computer can lie. You can vote for party A, the computer can record the vote for party B and then print a paper receipt saying you voted for party A.
The only way to actually be certain of the vote count is to count the paper...
which means you just spent millions of dollars replacing a pen.
These are just the core issues, in an ideal system.
In reality, there are many more problems with voting machines. Although some were based on ATMs, ATMs are physically bigger, have a simpler job, have much clearer transactional validation (ask for $100, complain if you don't get $100), and have dedicated maintenance teams. While some voting machines were build by ATM manufacturers (like Diebold), the coding was rushed (at least we assume so, we don't get to see the coding), the machines are only used once a year at most, and the maintenance is done by amateurs who don't have the bank's monetary motivations for maintaining accuracy. In such a situation, voting machines can have many errors including:
* touchscreen misalignment
* coding errors
* introduction of malicious code e.g. via USB
* failure due to poor storage or aging out
* existing software vulnerabilities (particularly since most run Windows) that are uncovered during the lifetime of the machine but never patched, opening them to network or USB attack