[Page 6: Dysfunctional Performance: The U.S. Voting Machine Debacle and the Machinery of Democracy]

Printer-friendly version

"Security Through Obscurity" vs. "Many Eyes Make Safe Houses"

There are two different issues in contention over electronic voting machines: their dependability and their integrity. Dependability is about functionality. There is no doubt that electronic voting is the wave of the future but the question is: is the current technology up to the task of successfully facilitating the votes of upwards of 140 million people? Incidents like the ones cited above lead many to believe it is not, but the manufacturers continually insist that this is not the case. Unfortunately, at this point, even if the 2004 Presidential election were to appear to go without a hitch, there is a substantial population of computer scientists and concerned citizens who will still believe it has been rigged unless satisfactory auditing systems are in place. And at this point it doesn't look like they will.

Now to the issue of integrity. Electronic voting machines of various kinds have been in limited use since the early 90s. Growing out of the ATM and electronic gambling securities systems, electronic voting machines have relied on a concept of electronic security known as "security through obscurity," operating systems whose code remained secret except to those few technicians with access to it. And "security through obscurity" also worked well for the e-business community, as those secret operating systems were inevitably built on proprietary, or "closed source," operating code that is protected under copyright law. Even recently a faction of computer scientists still believed in this concept as the best method of securing information—no longer.

The "open source" movement has been around since the inception of the Internet. Proponents of open source believe that there is no such thing as perfect security: no system is un-hackable and therefore the best way to ensure security is through a system, sometimes distinguished by the aphorism "many eyes make safe houses," in which security code is publicly published. It can then 1) be successfully beta-tested for inevitable bugs, and 2) be utterly transparent to user error and misuse. The problem with proprietary code, open source proponents argue, is not only that it can't be audited in a transparent manner or that it is, inevitably, hackable; arguably the biggest problem is that the manufacturers of the code have a vested interest in their system appearing to work correctly. For voting machine manufacturers, this interest is worth hundreds of millions of dollars. Thus, flaws and malfunctions in a proprietary system might conceivably be covered up, or at the very least go unreported, as they were recently in Florida. Open source is now almost universally regarded as the more secure system, yet all but one (18) of the U.S. electronic voting machine manufacturers still uses closed source code.

According to a recent article in The Nation, over 80 percent of U.S. citizens who go to the polls this coming November will vote on some form of computerized voting system. (19) Adam Putnam, Chair of the House Subcommittee on Technology and Information Policy, estimated that 50 million registered voters, representing nearly 30 percent of the national total, are expected to cast their votes using some form of direct-recording-electronic (DRE) touch-screen voting system this November (20). The realization that the majority of those voters are neither secure nor auditable is terrifying to many people. Australia recently instituted an open-source voting system (though one without the paper ballot back-up system preferred by voter activists) which runs on the non-proprietary Linux operating system and is completely open to public scrutiny. Commenting on why they had chosen to go the open source route, Australian Election Commissioner Philip Green said, "We'd been watching what happened in America (in 2000) and were wary of using proprietary software that no one was allowed to see." (21) In the 2003 Wired Magazine article on the subject, the lead engineer for the machines used in the Australian election, Matt Quinn, added, "Why on earth should [voters] trust me, someone with a vested interest in the project's success? A voter-verified audit trail is the only way to prove the system's integrity to the vast majority of the electors who, after all, own the democracy." (22)