Monday, May 19, 2008


MICHAEL DEAN, BRAD BLOG The software most likely to steal elections is the ballot definition software loaded onto paper-based optical-scan and DRE (usually, touch-screen) voting machines in county elections offices across the U.S. just before the machines are sealed with security tape and transported to election polling locations.

And yet, the frightening reality is that there is little or no oversight of that software itself, nor of the people --- usually sub-contractors, who could be anyone from a non-U.S. citizen, to a criminal, to a political party operative --- who program that ballot definition software. Moreover, there is little or no testing of such software, despite the fact that it stores the ballot positions for all candidates and initiatives on every ballot, on every voting machine, and tallies the votes for all of them on election day.

For all of the concerns about election fraud, via the electronic voting systems in use across the nation today, and the eye on the source code for the software itself, few seem to have their eye on the ballot definition software, which can --- even on e-voting systems where the hardware, and main program software has been tested, certified, and audited --- succeed in flipping an election without detection, either by error, or on purpose.

Ballot definition software is constructed for each election and defines the ballot positions for each candidate and proposition for each voting precinct. Miami-Dade County in Florida, for example, has 750 voting precincts and usually requires several hundred unique ballot definitions for federal general elections.

Ballot definition software creates the ballot image that people see on the screens of every brand of DRE/touch-screen voting machine. DRE/touch-screen and paper-based optical scan machines use ballot position coordinates, also coded in the software, to determine how finger touches on the touch-screen, or marks on the paper ballot, are mapped to candidate positions on the ballot. The software tabulates finger touches and marks on paper ballots as candidate votes and then stores those tabulated vote counts in the machine’s “virtual ballot box”, the data memory card itself. Finally, ballot definition software then tallies final election results when the polls close on Election Day.

All DRE/touch-screen and paper-based op-scan manufacturers and vendors hold that all software, including the ballot definition software, is proprietary and confidential (a trade secret) and may not be inspected by county election officers, election judges, candidates or citizen election observers. Moreover, judges have accepted this proprietary and confidential argument. . .

The task of creating ballot definition and tallying software is so large and complex that many counties contract the work to voting machine vendors or consulting/programming companies. Most vendor and consulting companies themselves do not maintain a staff of programmers large enough to write all the ballot definition software for all the voting precincts of all their county elections office customers across the U.S. Therefore, the work is often assigned to yet another layer of temporary or sub-contracted programmers. These sub-contractors may, or may not, be U.S. citizens.

Who checks the credentials of all these contract programmers writing "last minute" ballot software? Who asks if contract programmers work for a foreign government, other foreign interest, political party or candidate up for election? Who asks if they have criminal records? Who checks to make sure they do not have connections to a Karl Rove-type political operative? Who performs detailed audits or certification testing of the ballot definition software they write?

The frightening answer to all questions is - no one!


At May 20, 2008 8:07 AM, Blogger m said...

Its not just the software, but the hardware as well. As an example, sans power supply and human interface, a cell phone is naught but a chip and an antenna. The antenna can be molded into just about anything, and who would notice an extra small chip? This would provide an external means of resetting the vote to whatever was necessary without any physical tampering or raising too much statistical skepticism.

Handling money is hard enough, but financial transactions can be audited and remedied in the event of fraud. Voting is not strictly auditable, and subtle fraud can be impossible to prove. Electronic "voting" can never be secure, and never is a word that I do not use lightly.


Post a Comment

<< Home