Civil Liberties

Diebold with a Vengance

Secrets, lies, and electronic voting

|

As the autumn of 2000 drew to a close, citizens of the wealthiest nation on the planet suddenly began to feel a bit… backwards. A country still reeling from the unwelcome realization that the magical Bill Gates and his crack squad of Internet pixies had not forever vanquished the business cycle abruptly discovered that a close contest for leadership of the economic and military juggernaut that is the United States would turn on hanging chads. For week after tedious week, we tuned in to CNN to watch weary volunteers squinting at punch cards, debating the significance of each dimple and perforation with the intensity of medieval schoolmen poring over scripture. How grotesquely lo-fi! Why not just scratch out your favored candidate's name on the cave wall with a sharp bone?

The talking heads appointed to conduct the autopsy of that imbroglio appeared to be in broad agreement: the whole sordid affair would have been prevented if only Florida had been with it, man and implemented electronic touchscreen voting statewide. (Reason, too, was on the bandwagon.) The companies that make electronic voting machines were delighted to join the chorus, with batallions of erstwhile elected officials on hand to lobby their former colleagues to install the next insanely great thing in voting gadgetry on the double.

Legislators in Florida, stung by the national giggles elicited by the poodle orgy that was the 2000 election, quickly banned the old punchcard machines and began a statewide phase-in of touchscreen machines, as did Georgia. Recent estimates by Election Data Services found that counties using electronic voting machines now comprised almost 20 percent of the electorate, more than double the number just six years earlier. Some citizens could even be voting online by 2004.

But Floridians don't seem convinced that bytes beat butterflies: A quarter say that they are "not at all confident" in the new technology, and half believe that it's important for machines to preserve a paper trail of votes—something that's not currently done.

If anything, though, voters may not be skeptical enough. A joint report, released this summer, by researchers at Rice and Johns Hopkins universities, found that the system developed by e-voting manufacturer Diebold "is far below even the most minimal security standards applicable in other contexts."

Diebold, for its part, has taken the Scientology approach to its critics: when some 15,000 internal messages and memoranda detailing security flaws, written between January 1999 and March 2003, were obtained by hackers and leaked in August, the company let slip the dogs of law in a massive effort to prevent their dissemination. Diebold claims that, under the Digital Millennium Copyright Act, student activists who've posted the documents are committing a crime. They're now engaged in a legal game of cat-and-mouse with an ever-increasing number of university-based mirrors that have some protection from suit under the DMCA's academic "safe harbor" provision.

The Electronic Frontier Foundation has also entered the fray: The high-tech civil liberties group contends that reproduction of the documents for the purpose of public debate over e-voting falls squarely under the fair use exception to copyright rules. And their argument is at least somewhat plausible. This is not, after all, the new Eminem single being passed around, and it's not as though the ability to read these critiques online is interfering with Diebold's efforts to sell its memos on e-Bay.

The company's concern with secrecy is a bit ironic, considering that not merely critical discussion but the firm's source code itself was recently found to be available on an open FTP server, while competitor Sequioa's code was leaked in October.

Napsterized memos are perhaps the least of Diebold's problems. Allegations have surfaced that upgrades to voting software used in the most recent California elections had not been independently certified, a violation of state law. The more conspiratorially minded have even attributed surprising results in hotly contested 2002 congressional races to e-chicanery on the 's part. That suspicion is tied in no small way to the fact that Diebold CEO Walden O'Dell is a major GOP fundraiser who told Buckeye State Republicans in an August fundraising letter that he was "committed to helping Ohio deliver its electoral votes to the president next year."

Despite these myriad concerns, it remains important to proceed with the transition to electronic voting with—apologies to the Supreme Court—all deliberate speed. After all, as with so many public policy questions, our standard of evaluation when it comes to e-voting is not perfection: The standard is the alternative.

Recall—if anything stands out clearly in the carnival haze of the California gubernatorial recall election—that the suit filed by the ACLU to block the recall was based on the argument that the constitutional guarantee of equal protection was violated by local disparities in voting equipment. There's something to this notion. For all the potential problems with e-voting, there is no doubt that the error rates associated with punch card systems are unacceptably high. As affluent districts update their own voting booths, there is a real risk that those in poorer areas will be left with a disproportionate chance of having their votes miscounted—a difference with the potential to change electoral outcomes in close races. Our caution in moving forward should be tempered by an awareness of this persistent inequality.

At least one crucial change in the current approach should be made, however. At present, companies like Diebold seem convinced that secrecy is the better part of security. This is wrong. As the authors of the Rice/Hopkins study concluded, "even the most serious of our outsider attacks could have been discovered without the source code. In the face of such attacks, the usual worries about insider threats are not the only concerns; outsiders can do the damage."

States implementing e-voting should instead seek to mimic Australia's open source approach, making the process of vetting the balloting code as open and transparent as the elections it facilitates ought to be.

The benefits of peer-production methods in ordinary programming contexts have been much discussed. But when it comes to the production of voting software, a context in which perceived legitimacy is as important as efficiency, open source has an added advantage.

Public concern about electronic voting is tied to fears of information asymmetry—the same asymmetry that companies claim is so necessary for security. The real danger is not that security holes will be discussed openly on Internet chat forums, but that they will become known to a few, while the public at large remains ignorant of the potential problems. After all, the advantages of electronic voting tabulation— speed and automation—would also make it far more difficult to detect tampering and fraud after the fact. When the code that powers our new voting booths is open to public inspection, not only are potential flaws apt to be detected more quickly, but voters can feel confident that no back doors lurk hidden in the system, waiting for an unscrupulous candidate to type "xyzzy" for a landslide victory.