Most news stories about the problem talk about machines being "vulnerable to hackers." It is time to stop framing the problem this way. "Vulnerable to hackers" makes it sound like the only risk is from a bored teenager with too much computer knowledge. It's time to call the problem what it is: "vulnerability to rigging by corrupt politicians for whom winning, not democracy, is the only value."
Recently, computer security expert Harri Hursti revealed serious
security vulnerabilities in Diebold's software. According to Michael
Shamos, a computer scientist and voting system examiner in
Pennsylvania, "It's the most severe security flaw ever discovered in a
voting system."
Even more shockingly, we learned recently that Diebold and the State of
Maryland had been aware of these vulnerabilities for at least two
years. They were documented in analysis, commissioned by Maryland and
conducted by RABA Technologies, published in January 2004. For over
two years, Diebold has chosen not to fix the security holes, and
Maryland has chosen not to alert other states or national officials
about these problems.
Basically, Diebold included a "back door" in its software, allowing
anyone to change or modify the software. There are no technical
safeguards in place to ensure that only authorized people can make
changes.
Now why, other than for election-rigging, would Diebold include such a "back door"? It's one thing if you are selling software for a business purpose, such as an accounting package, and you have a feature that allows your customers' programmers to customize the software to their particular needs. But voting machines do one thing: tally and count votes. There's NO need for the software to be customized, certainly not by just about anyone without any kind of security built in.
A malicious individual with access to a voting machine could rig the
software without being detected. Worse yet, if the attacker rigged the
machine used to compute the totals for some precinct, he or she could
alter the results of that precinct. The only fix the RABA authors
suggested was to warn people that manipulating an election is against
the law.
And that's going to deter people like Kenneth Blackwell and Katherine Harris? I hardly think so.
Typically, modern voting machines are delivered several days before an
election and stored in people's homes or in insecure polling stations.
A wide variety of poll workers, shippers, technicians, and others who
have access to these voting machines could rig the software. Such
software alterations could be difficult to impossible to detect.
Diebold spokesman David Bear admitted to the New York Times that the
back door was inserted intentionally so that election officials would
be able to update their systems easily. Bear justified Diebold's
actions by saying, "For there to be a problem here, you're basically
assuming a premise where you have some evil and nefarious election
officials who would sneak in and introduce a piece of software... I
don't believe these evil elections people exist."
OK, I'll give you a minute here to wipe the coffee and spit off your monitor. That was pretty much my reaction here.
There's no problem with allowing some kind of password-based access so that bug fixes and such can be applied to software should they become necessary. However, Diebold's access is a door open to just about anyone, done with the assumption that evil elections people don't exist.
I work on data entry systems for clinical trials data. In order to access the system, which contains NO names or other identifying information about trial subjects, you have to have a user ID and password. If I make a change to the software, I have to have someone at a higher level apply the change to the production server even though I am a project manager, because access to production software is very strictly controlled. Yet Diebold believes that anyone ought to be able to muck around with the software in the machines that determine who leads this country. Our systems have to be FDA compliant, but the machines that people vote on are open to anyone? You don't have to be an IT professional to understand just how lame that is.
There's only one reason to leave that kind of security hole big enough to drive a truck through, and that is to make it easy to rig the machine to produce a desired result.
There have been many significant problems - some resulting in lost
votes - involving paperless voting machines produced by other vendors.
Recognizing the intrinsic risks of paperless voting machines, the
Association for Computing Machinery issued a statement saying that each
voter should be able "to inspect a physical (e.g., paper) record to
verify that his or her vote has been accurately cast and to serve as an
independent check on the result." Without voter-verified paper records
of all the votes, and without routine spot audits of these records, no
currently available voting system can be trusted. With such records,
even when machines do not function correctly, each voter can make sure
that his or her vote has been correctly recorded on paper.
This statement leaves out one very important step in the voter-verification process -- the depositing of the paper record into a locked box that is only opened in the event the machine-tallied and counted vote is challenged.
A locked box doesn't address the problems of corrupt voting officials throwing away these boxes or hiding them if they're counted, but at the very least it doesn't make the entire voting system dependent on software that wouldn't pass muster in a first-semester undergraduate computer science class.
This November, watch the returns very carefully. In your local and state races, try to get your hands on late polling data from the day before or the day of the election. If there are exit polls, monitor the results. Then watch the returns. If you see things like, say, the Democratic candidate with an early lead at around 8:00 PM of five or six points, and that candidate ends up LOSING by six points after the "delayed returns from the Republican's home district" come in HOURS after the polls close, you'll know the fix is in.
For example: In 2002, the state of Georgia was a beta test site for Diebold voting machines. The two key races were those between Democrat Roy Barnes vs. Republican Sonny Perdue for governor, and Democratic incumbent Max Cleland vs. Republican Saxby Chambliss for senate. In 2003, a former Diebold employee revealed that prior to the election, an software patch that was never certified by independent testing authorities or cleared by Georgia election officials was applied to the voting machines. In addition, because of problems with training poll workers, that election was run by Diebold technicians.
In that election, Saxby Chambliss defeated Max Cleland, who had been running a comfortable lead, with an Atlanta Journal-Constitution poll on November 3 showing Cleland with a 49%/44% race going into election day -- well within the polls' margin of error. However, when the dust cleared, Chambliss won with 53% of the vote to Cleland's 46% -- a last minute swing of five full points to Chambless in just three days -- possible, but unlikely. A more questionable result occurred in the gubernatorial race, where Roy Barnes gained the same 46% as Cleland, to Sonny Perdue's
Conventional wisdom attributes these upsets to the Angry White Male vote being motivated at the last minute (as if they only became angry in the three days before the election) -- despite the fact that the percentage of whites in Georgia is decreasing:
The U.S. Census Bureau’s "American Community Survey Change Profile 2001-2002" revealed that, compared to African Americans and the Hispanic population of Georgia, the population of whites is significantly decreasing (estimated at 1%) compared to a significant increase of African Americans (estimated at .3%) and Latinos (estimated at .6%). The population growth in the state by people of color is likely to result in a further decrease in white representation.
But what ABOUT those last-minute "patches" anyway -- the ones of which no one knows the content?
Do YOU trust the results of an election in which the state's demographic trends are entirely at odds with the conventional wisdom explanation of the vote -- especially when uncertified software is installed at the last minute before the election?
Republicans may be happy that such shenanigans are working in their favor, because after all, winning is the ONLY thing. But if the votes aren't counted the way they are cast, or if they are swapped in the machine, there are always going to be questions about the legitimacy of their rule and the way they have come to office over the last six years. For it seems to be only Republicans who are unconcerned about black-box voting and mysterious software patches.
Aucun commentaire:
Enregistrer un commentaire