Friday, February 04, 2005
Irish Commission on Electronic Voting reports
December 2004 - First Report
The risk analysis identified 5 material risks in connection with the use of the system at the June elections:
* error in the system as a whole;
* error in voting machine software affecting all machines;
* tampering with software to alter election result;
* tampering with ballot modules during transportation;
* damage to machines before elections.
Remember, e-voting proponents, risks are ACROSS THE ENTIRE LIFE OF THE SYSTEM.
That means it's got to be secure when designed, it's got to be secure running in the polling place, and it must be secure between elections. If you cost these security requirements out fully, there is no way electronic is cheaper than paper. Paper needs security at the polling place and until counted, and that's it.
Incidentally, the Irish name for the commission is
An Coimisiún um Vótáil Leictreonach
reaction to the Diebold printer: one small, late step
The prototype that Diebold Inc. is now touting is exactly what some critics of the ATM-like machines have been demanding for several years.
Even so, paper records alone are not enough to satisfy computer scientists who say transparency in the electronic machines' design and software must complement paper backups.
Critics of North Canton, Ohio-based Diebold say the AccuView Printer Module is a step in the right direction but doesn't address the potential for buggy software or malfunctioning hardware that could misrecord votes or expose voting systems to hackers, deletions or other disasters.
Computer scientists also are concerned that the handful of private laboratories licensed to certify voting equipment, including the printer module, still operate in secret and without any federal guidelines.
"It's a very, very small step forward in terms of security of elections," said Avi Rubin, technical director of the Information Security Institute of Johns Hopkins University and co-author of a scathing report on Diebold machines.
ABC News - AP - Feb. 3, 2005
Prototype E-Vote Printer Fails to Satisfy
the story is in three pages, or you can view the one-page printable version
The issue, as most of these computer scientists well know, is that it is impossible to create a "transparent" computer system.
Thursday, February 03, 2005
ICTE e-voting mailing lists
Canadian e-voting officials, behold your future: Ireland
Officials ... are due before the Oireachtas public accounts committee today to answer questions about the electronic voting debacle.
The department spent around €50m on the initiative, which was then shelved due to security concerns.
The Government was planning to introduce the system nationwide during last year's local and European elections.
However, this plan was abandoned six weeks before the vote after an independent commission expressed concern about the accuracy of the voting machines and the possibility of electoral fraud.
ElectricNews.net Ireland faces EUR50m e-voting write-off - Thursday, February 03 2005
UPDATE 2005-02-09: This article has been corrected by the publisher. I have included corrections in bold.
A lack of public confidence in e-voting means that the Government may be forced into writing off its EUR50 million investment in electronic ballot systems
The government was due to introduce e-voting at local and European elections on 11 June 2004 but had to abandon its plans following the publication of an interim report of the Independent Commission on Electronic Voting
(ICTE)[Ed. note: should be CEV] which raised doubts over the accuracy of the software used in the system.
According to the Irish Citizens for Trustworthy E-Voting (ICTE) submission to the CEV, the chosen Nedap/Powervote electronic voting system had a fundamental design flaw because it had no mechanism to verify that votes would be recorded accurately in an actual election. Consequently, results obtained from the system could not be said to be accurate, claimed the five-member independent body.
Other flaws in the system identified in the ICTE submission included possible software errors and the use of the graphical user interface programming language Object Pascal for a safety-critical system.
Although the commission's remit was advisory, the government abided by its recommendation that the system not be used until further testing had established just how secure it was.
However, Michael Noonan told the Irish Times that even if the system was found to be safe, few ministers would give it the go-ahead because the public would have little trust in it.
"The criticisms contained in the report of the Independent Commission on Electronic Voting make it clear that this was a fiasco of the highest order," said Fergus O'Dowd TD., Fine Gael's spokesman on the Environment. "Considering all the information that is available to him, Minister Roche needs to fully explain the findings of these inquiries."
The above article unfortunately seems to have attached the acronym for the Irish Citizens for Trustworthy E-voting (ICTE) to the Independent Commission on Electronic Voting (CEV). An easy enough mistake to make.
You know what's easier than spending millions of taxpayer dollars on an insecure, unnecessary system? I suggest spending the money on things the taxpayers actually need and want instead.
Wednesday, February 02, 2005
voting system performance rating
Standards aim to secure e-voting systems
CNet News - January 31, 2005
Um, standards won't secure jack.
Standards may help you to evaluate how good or how bad a job of security is being done.
That being said, it is essentially impossible to design a real-world electronic voting system that is not vulnerable to a vast number of potential problems.
This is the fundamental point: if there is stuff happening inside the machine that I cannot see, there is no way I can trust the machine.
The Voting System Performance Rating (VSPR) project ... [will provide] a set of tests will be published that will let e-voting systems be evaluated in areas such as privacy, accessibility and accuracy.
Diebold produces paper, ITAA manufactures excuses
Diebold Election Systems, a target of many electronic-voting critics during the 2004 U.S. election, announced Thursday it has completed the design for a printer that would give its e-voting machines a paper trail.
I imagine that must have been quite the piece of design work, considering the voting machines already have internal paper printers, and Diebold has been producing ATMs that give paper receipts for years.
Fortunately, Diebold has the ITAA to explain away the need for a paper trail.
You know what I think about industry lobby groups?
I think they should shut up.
Why don't they just lead into all their statements with "we are stating the following for the financial gain of corporations".
Here's my enhanced version of the report
The Information Technology Association of America, which has defended e-voting machines as accurate and safe, says
the following to help protect the financial gain of corporations:
Diebold's move appears to be focused on the demand for paper-trail ballots. "It's a situation where companies are going to provide what their customers want," says Bob Cohen, executive vice president of the ITAA, which counts e-voting machine makers among its members.
ITAA officials have questioned if voter-verified paper trails will provide a significant benefit while adding costs to e-voting machines. Though the ITAA maintains that widespread attacks on e-voting machines are unlikely, officials there suggest that programmers smart enough to change ballots inside e-voting machines could also manipulate the printouts.
"Our point all along is that paper-based solutions are one alternative," Cohen says. "It gets to be as much an issue of peace of mind for the voters as anything else."
Oh yes those silly voters, they shouldn't worry their pretty little heads.
Mr. Cohen, that is an idiotic statement.
An election is the transformation of a collective act of voting into confidence that the government was fairly selected. Why is that important? Well for example, in the US national government, a few hundred elected officials decide the policies for THREE HUNDRED MILLION PEOPLE. Elections give a tiny number of politicians power over the lives of millions. Without the confidence of those millions, the system falls apart.
As for this voter-verified paper, it's fixing the effect, not the cause.
The cause is that you can't trust the computer.
I say, cut out the middleman. Vote on paper. Count the paper. See how easy that is?
Story is from PC World - January 27, 2005.
Diebold to Market Paper-Trail E-Voting System
On a related note, I'm thinking of buying a new book that just came out:
Your Call Is Important to Us : The Truth About Bullshit.
Monday, January 31, 2005
"It's amazing to see people's faces when they drop the ballots in the box ... Many have waited their whole lives to vote," said Copeland, who also described Iraqis dancing and singing in the Maryland hotel parking lot. "People were clapping when their families voted."
Unlike the high-tech electronic voting and short paper ballots seen in November's U.S. election, Iraqi ballots were four 8-inch-by-11inch pages that listed 111 political entities and more than 7,000 candidates, Copeland said.
Oddly, we never hear the descriptions of people's pride in voting when they touch a button on a computer screen.
from the Washington Times, January 30, 2005
Iraqis head to vote in the United States