Electronic Voting: Can It Work?

Not content to accept the results of the elections – even after the Kerry Campaign recognized the numbers just aren’t there – the Left in this country is now attempting to argue that massive voter fraud occurred everywhere in such numbers that (you guessed it) Bush didn’t win “this time either.” The primary focus of their efforts regards the electronic voting systems in use in a variety of locations around the country and the security/veracity of such systems.

Excellent points.

As I have read it over the last several months, there are a number of such systems made and used around the country. Diebold appears to be the biggie here, but that’s just my take on it based on the stories I read. Now, before I get started, I want to make a couple of things clear. First, foremost: I accept the results of the election and I recognize George Bush as President of the United States. Nothing so far put out here suggests problems of such a magnitude as to overturn the results of the election. I believe that people who are still striving to that end are wasting their time and the time of the majority of voting citizenry who elected President Bush. I further believe that if they contend to be members of this democracy, they should accept the will of the democracy and start bending some of this effort they’re expending to meeting the stated goals of the democracy. Time will come that their side is the winning side in an election and they will be expecting those of us who prevailed in this election to do the same.

Secondly, I’m a network engineer whose specialty is designing and implementing computer networks that provide services in a redundantly robust fashion and protect the data transported from both interception and loss of integrity. That’s my day job. I make networks that are there when people need them and slam 5-foot thick iron doors in the face of people not authorized to use them. While it feels strange to actually say this, I’m an expert in the field and recognized as such by a number of folks in departments of the government for whom that kind of talent is a requirement. I am qualified to speak on the topic of electronic voting systems and the security features they have.

So whose bright idea was it to make a system that isn’t logging an audit trail? Diebold’s system does not have a hardcopy feature in place. If you’ve ever seen the movie “Sneakers”, you’ve seen such a device even if you didn’t recognize it. When the Sneakers team is working to enter a secure building, they have to swipe an ID card over a reader to get through several doors. Every time such a swipe is made, a printer at the guard station prints off a line or two indicating who just entered and what door they passed. That’s a hardcopy audit device. That’s there so forensics can follow the trail of who entered what door and when even in the event of a total computer failure. Does that sound like a good idea for a national voting system? I think so. And before anyone tells me that this isn’t really used today – I pass by 3 of them on my way to my desk every morning.

I read somewhere (and I wish I could find it now) that Deibold’s engineers said they didn’t have one because they couldn’t couple a printer to their system. Bullcrap. It’s an output device that accepts a text stream, just like the modems they found a way to hook onto their devices. They can still find serial printers, too, so don’t try that one. Hey, you can even make it interactive, if you like, and run the paper through a plastic window like they do with cash register tapes at the mall. That allows someone to read what’s been printed. In this instance, that would allow a voter to vote, look over at the tape, and verify that what they voted was what the machine printed. It would, in fact, slow the line down a bit but is that really an issue? That’s solvable by deploying more voting machines.

Speaking of modems, let’s talk about data collection. (Briefly, these stories make it sound like the voting machines are individually hooked to modems with a dial-up line connected. Some stories even make it sound like these modems will actually answer the line if someone dials into it. That’s an amateur mistake, if true) I would suggest that every voting location collect all the data from their day’s voting onto a local storage device, even something like a removable hard drive. With that caveat, you can then hook the voting locations up to data circuits to stream the data into a central collection point for the county. The county stores it locally, again, and then streams their collected data up to the State. Run the tally and announce the results. All the paper trails and storage devices are carried to their upline collection points and eventually all of them arrive at some State-level facility to be kept for a period of time – perhaps 2 years.

The most secure method to do that, of course, is point-to-point data circuits between the locations. That’s also hideously expensive. Personally, I’d run encrypted tunnels from each site across the Internet. Yes, yes, I know. Hear me out. Nearly every voting location I’ve been to is at a school or county building. Virtually all of them already have Internet circuits there, so there’s no install/disconnect cycle to go through. Connect to the local Internet circuit with a router capable of creating the encrypted tunnels to the collection points and allow the data to pass through them. If that’s not secure enough for you, put a hardware encryption device – something that can’t be hacked via software – in line between the voting machines and the new router. The voting machines’ data is encrypted, passed to the router who encrypts it again and sends it out the tunnel. The opposite end reverses the process and the data comes into the clear. It can be done.

The voting systems themselves should run software coded specifically for that device. In short, the application should wake up, take a look around, and determine whether it’s running in a voting machine or something else. If it’s “something else”, then the application should terminate. If possible, it should be running in an operating environment specifically created for it and no other. In other words, they shouldn’t be running Windows 98, if you catch my meaning. Frankly, the only publicly-available operating system with the security needed for the job is BSD. Various flavors of Linux, perhaps, but not all. And absolutely no Microsoft product of any kind need apply. Create one interface for the local election worker to verify that a newly fired-up machine has no votes already on it and that it’s correctly communicating on the local network. Create another for the actual voting screen and you’re done. All the serious addition and reporting capability can be handled at the central collection point.

Anyone that has concerns beyond what I’ve already addressed I welcome you to comment. I don’t suppose that I’ve already got all the answers regarding the system requirements for this kind of job, and that’s the important part of designing the system. Feel free to join in.

(Please note, I mean “join in” as regards finding a solution for electronic voting that works, not for tossing out more unsupported accusations of voter fraud in the last election. Plenty of that going on elsewhere.)

18 November, 2004 - Posted by Ric James | Uncategorized