Taking the paper trail to Washington | Salon News
I don’t have much of a stake in the issue of electronic voting machines in the US. We can argue about the effects of US politics on the world all we like, but the fact is, how a country votes is up to that country and no one else really. How the US designs voting machines is of little personal interest to me, as I will likely never have to use one.
That said, I do have a professional interest in this sort of thing. I’ve made my living for more than 2 decades as a computer systems administrator, with a speciality in database design and admin. Most of my career has been spent as the data expert at whatever company I happen to be with. For issues of data integrity, of data verification, of data mining, of data security, I have typically been the guy people go to for answers.
The issue of voting machines is certainly a political one as far as how they are deployed, when they are used, even to a degree how they are designed. But ultimately, like the design of any other computerized system of data collection, storage and mining, the ACTUAL issues involved in their design are technical, not political.
There are a couple of basic principles to discuss, first and foremost. Data integrity is the lynch-pin to any database system. The data you get back on mining, or through queries, is ONLY as reliable as your least reliable data entry or data verification technique. The proverbial “garbage in, garbage out” philosophy applies here … if the data going into the system isn’t valid (and more importantly can’t be PROVEN to be valid … I’ll get to that in a sec), then you have no real hope of getting valid data back out again. If you can’t guarantee the data that went in, the answer it spits out is pretty much useless.
Part and parcel of data integrity is the notion of data verification. Even the most rigorous data entry routines are prone to human error. Its simply impossible to design an ‘idiot-proof’ data entry interface that provides no opportunity for error … that goal is a mathematical limit, an ideal we can approach, but never reach. To offset this inherent problem, we use data verification techniques, technical and manual procedures that can be used, after the fact, to prove the integrity of the data in question. To trust the integrity of data coming out of any database, you need to be able to verify and prove the data input, and every step along the way to the final output.
The paper trail is one way of doing this for a voting machine. There is very little data manipulation going on inside a voting machine database (or at least there better be very little going on, lol) beyond the simple task of recording a vote, and the tasks of tallying those votes at the end of the day. The main data integrity issue on a machine like this verification of the original user input … if all voters are satisfied that their votes were recorded successfully, you have data integrity.
Under older voting schemes, the paper trail was an inherent part of the process. The hanging chad problem of 2000 shows this … you don’t get to argue about hanging chads at all, unless there is a paper trail to follow and recheck the ballots with. However, when new electronic voting machines came into play, starting in the 2002 mid-term elections, they became the first voting machines with no ability to go back and verify votes. While you can always look back at the electronic database of votes, there was and is no way to guarantee they haven’t been tampered with. With a paper trail, a simple check of paper trail to electronic record verifies the data.
This leads to my final point in all this, transparency. One of the main issues with data integrity in electronic voting machines is that from the time the vote is cast, till the time it is counted, and onward till its perhaps re-counted, we have no idea what whats been done to it. Modifying a paper ballot involves a lot of effort, and has a high chance of detection given the layers of security that paper ballots are wrapped in. Even when a paper ballot is modified, the alterations are often identifiable by experts. Modifying an electronic ballot is a different proposition all together … there is no record of the change once its been done, and with concerns raised about wireless access to voting terminals, there is question about security keeping people out of the system. In short, the electronic ballot isn’t wrapped in the same security as the paper one, and if one is altered, we have no way of identifying that after the fact.
The way around this is Open Source Software. At present, voting machines are made by private companies like Diebold who keep their source code secret, citing proprietary software, and intellectual property concerns. Unfortunately, with corporate controlled software, there is no transparency, and no ability to verify whats being done behind the scenes. In proprietary software, adding code (for example) to turn every 20th vote the other way is easy to add, and nearly impossible to detect from the outside. With open source software, its JUST as easy to add, but would be detected by the first independent person to examine the code. Having software in the open source domain means that nothing can be hidden in the code, and all functionality is transparent and obvious. We can trust the analysis of open source because, unlike a proprietary model where only experts with a vested interest can examine the code, EVERY expert who wants to can examine the code, and so no single ideological viewpoint holds sway.
In the end, current electronic voting machines suffer from two fatal flaws. First, a paper trail is a fundamental part of both the electoral system, and the notion of data integrity. One of the simplest ways to insure your input data is accurate, is print and store a paper version of it that can be used later to verify. Its not rocket science, but its a very effective way to ensure accuracy, and to reduce the likelihood of tampering … a person who knows things MIGHT be checked is far less likely to tamper than someone who knows they CAN’T be checked. Second, its difficult, if not impossible, to have strict confidence in the coding of these systems. Any software system that is proprietary has the potential for unannounced functionality, but its perhaps not so important in other places. But when it comes to exercising our democratic right to vote, there is a vital civic need to KNOW that the code is doing what it purports to do. The only way to truly do that is to allow independent experts to verify your code through the open source process.
Electronic voting machines ARE the wave of the future, of that I have no doubt. But given the current designs, and the software models in place on current units, I have very little confidence in the integrity of data coming out of them. The fact is, voting is one of the most vital functions we perform as citizens, and the accurate rendering of votes is critical to the proper function of a democracy. When we do make the move to electronic machines in a big way, we need to be certain that they do the job they are supposed to do. There are likely other ways to do this, but paper trails and open source software are two simple ways to add a HUGE amount of integrity to a system that, from a technical standpoint anyway, has very little integrity at all.
Filed under: Commentary, Computers, Current Affairs, Databases, Elron Steele, Geeky stuff, Global Paradigms, News, Open Source Software, steeletech, View From The Edge | Leave a comment »
Taking the paper trail to Washington | Salon News
Taking the paper trail to Washington | Salon News
I don’t have much of a stake in the issue of electronic voting machines in the US. We can argue about the effects of US politics on the world all we like, but the fact is, how a country votes is up to that country and no one else really. How the US designs voting machines is of little personal interest to me, as I will likely never have to use one.
That said, I do have a professional interest in this sort of thing. I’ve made my living for more than 2 decades as a computer systems administrator, with a speciality in database design and admin. Most of my career has been spent as the data expert at whatever company I happen to be with. For issues of data integrity, of data verification, of data mining, of data security, I have typically been the guy people go to for answers.
The issue of voting machines is certainly a political one as far as how they are deployed, when they are used, even to a degree how they are designed. But ultimately, like the design of any other computerized system of data collection, storage and mining, the ACTUAL issues involved in their design are technical, not political.
There are a couple of basic principles to discuss, first and foremost. Data integrity is the lynch-pin to any database system. The data you get back on mining, or through queries, is ONLY as reliable as your least reliable data entry or data verification technique. The proverbial “garbage in, garbage out” philosophy applies here … if the data going into the system isn’t valid (and more importantly can’t be PROVEN to be valid … I’ll get to that in a sec), then you have no real hope of getting valid data back out again. If you can’t guarantee the data that went in, the answer it spits out is pretty much useless.
Part and parcel of data integrity is the notion of data verification. Even the most rigorous data entry routines are prone to human error. Its simply impossible to design an ‘idiot-proof’ data entry interface that provides no opportunity for error … that goal is a mathematical limit, an ideal we can approach, but never reach. To offset this inherent problem, we use data verification techniques, technical and manual procedures that can be used, after the fact, to prove the integrity of the data in question. To trust the integrity of data coming out of any database, you need to be able to verify and prove the data input, and every step along the way to the final output.
The paper trail is one way of doing this for a voting machine. There is very little data manipulation going on inside a voting machine database (or at least there better be very little going on, lol) beyond the simple task of recording a vote, and the tasks of tallying those votes at the end of the day. The main data integrity issue on a machine like this verification of the original user input … if all voters are satisfied that their votes were recorded successfully, you have data integrity.
Under older voting schemes, the paper trail was an inherent part of the process. The hanging chad problem of 2000 shows this … you don’t get to argue about hanging chads at all, unless there is a paper trail to follow and recheck the ballots with. However, when new electronic voting machines came into play, starting in the 2002 mid-term elections, they became the first voting machines with no ability to go back and verify votes. While you can always look back at the electronic database of votes, there was and is no way to guarantee they haven’t been tampered with. With a paper trail, a simple check of paper trail to electronic record verifies the data.
This leads to my final point in all this, transparency. One of the main issues with data integrity in electronic voting machines is that from the time the vote is cast, till the time it is counted, and onward till its perhaps re-counted, we have no idea what whats been done to it. Modifying a paper ballot involves a lot of effort, and has a high chance of detection given the layers of security that paper ballots are wrapped in. Even when a paper ballot is modified, the alterations are often identifiable by experts. Modifying an electronic ballot is a different proposition all together … there is no record of the change once its been done, and with concerns raised about wireless access to voting terminals, there is question about security keeping people out of the system. In short, the electronic ballot isn’t wrapped in the same security as the paper one, and if one is altered, we have no way of identifying that after the fact.
The way around this is Open Source Software. At present, voting machines are made by private companies like Diebold who keep their source code secret, citing proprietary software, and intellectual property concerns. Unfortunately, with corporate controlled software, there is no transparency, and no ability to verify whats being done behind the scenes. In proprietary software, adding code (for example) to turn every 20th vote the other way is easy to add, and nearly impossible to detect from the outside. With open source software, its JUST as easy to add, but would be detected by the first independent person to examine the code. Having software in the open source domain means that nothing can be hidden in the code, and all functionality is transparent and obvious. We can trust the analysis of open source because, unlike a proprietary model where only experts with a vested interest can examine the code, EVERY expert who wants to can examine the code, and so no single ideological viewpoint holds sway.
In the end, current electronic voting machines suffer from two fatal flaws. First, a paper trail is a fundamental part of both the electoral system, and the notion of data integrity. One of the simplest ways to insure your input data is accurate, is print and store a paper version of it that can be used later to verify. Its not rocket science, but its a very effective way to ensure accuracy, and to reduce the likelihood of tampering … a person who knows things MIGHT be checked is far less likely to tamper than someone who knows they CAN’T be checked. Second, its difficult, if not impossible, to have strict confidence in the coding of these systems. Any software system that is proprietary has the potential for unannounced functionality, but its perhaps not so important in other places. But when it comes to exercising our democratic right to vote, there is a vital civic need to KNOW that the code is doing what it purports to do. The only way to truly do that is to allow independent experts to verify your code through the open source process.
Electronic voting machines ARE the wave of the future, of that I have no doubt. But given the current designs, and the software models in place on current units, I have very little confidence in the integrity of data coming out of them. The fact is, voting is one of the most vital functions we perform as citizens, and the accurate rendering of votes is critical to the proper function of a democracy. When we do make the move to electronic machines in a big way, we need to be certain that they do the job they are supposed to do. There are likely other ways to do this, but paper trails and open source software are two simple ways to add a HUGE amount of integrity to a system that, from a technical standpoint anyway, has very little integrity at all.
Filed under: Commentary, Computers, Current Affairs, Databases, Elron Steele, Geeky stuff, Global Paradigms, News, Open Source Software, steeletech, View From The Edge | Leave a comment »