Sunday, September 26, 2004

Electronic election idiocy from Tom Zeller Jr.

A few months ago, I wrote, regarding journalistic reactions to F9/11:

...perhaps subtle concepts like "common interest" are lost on most journalists. Perhaps their imaginations are delimited to the much simpler movie logic of "sinister white-haired men smoking in darkened conference rooms and plotting world domination". Perhaps if you don't have incontrovertible video evidence of a claque of sinister white-haired smokers in a conference room, then you have no point.

Now, I really hate to quote myself, but Tom Zeller, Jr. demonstrates, in a Week in Review article on trustworthy voting, how utterly right I was. He writes:

In fact, while most experts appear to agree that electronic voting has real problems, few argue that they could completely undermine the November election, or that they are products of a dark conspiracy.


The fear that electronic voting represents a corporate conspiracy is probably overblown, experts say. Too many people would have to cooperate on too many levels - from the programming labs at each company to the warehouses where machines are stored to precinct floors on election night. "It would be a heist on the order of 'Ocean's Eleven,' " said Michael I. Shamos, a professor of computer science at Carnegie Mellon University who spent 20 years testing the integrity of election systems. "It would make for a fascinating movie, but it's not reality."

What a load of crap. Just because there isn't some massive world-spanning conspiracy to rig the election --- just because there isn't a sinister claque of smokers convening in a darkened room --- that doesn't mean we should trust these electronic voting machines. Evidently, the concept of "shoddy engineering" is as foreign and inscrutable to journalists as the concept of "common interest". It didn't take a conspiracy to produce hanging chads, and it won't take a conspiracy to produce "hanging bits" (contested or untrustworthy votes in a critical district) with electronic voting machines.

Furthermore, CMU prof Shamos is either wrong, or being misquoted (somehow, given Zeller's evident cluelessness, I suspect the latter). As any working programmer knows, in the absence of extremely tight code review procedures, it is, in fact, trivial for an individual programmer to sneak a few lines into the code for which (s)he has primary responsibility. And the nature of computer code is such that the addition or deletion of a few lines --- even, in many cases, a few characters --- is sufficient to make a machine vulnerable to attack. All the publicly available evidence about Deibold's software engineering should make any competent programmer very skeptical of claims that their code review processes are tight enough to catch such a hack.

And once the exploit exists in the software, it's irrelevant how many people can inspect the physical machine --- unless you think that the guys who operate the forklift at the warehouse have magical X-ray vision and other mutant super-powers that enable them to (1) penetrate the machine's case, (2) read the magnetic bits off the hard disk, (3) decode the raw binary data into machine code, (4) reverse engineer the source code from the machine code, and (5) derive the semantics of the entire program and prove it correct in their heads.

Note that computer scientists who work in program verification find (5) by far the most hilariously impossible of these five steps, which gives you a sense for how tricky it is to determine whether a program is correct, even given access to full source code.

No computer scientist whom I know, who has thought hard about direct recording electronic (DRE) voting for more than a few minutes, has come away with a strong confidence in these machines or the companies who sell them. Zeller's article massively misrepresents the evidence and the conclusions that scholars draw from them. The Week in Review editor really should not be assigning this sort of article to somebody who's so clueless about software engineering.

My friends know that I've blogged this several times before; links: one, two, three, four, and a bonus link from South Knox Bubba.

No comments:

Post a Comment