"Steven M. Bellovin" wrote:
> In message <[EMAIL PROTECTED]>, Ed Gerck writes:
> >
> >Handling bugs is the major problem IMO (looks like we also agree here)
> >after DDoS, privacy, security, integrity, etc are handled (which are
> >not a small task, either). But this might not be so hard after all. Yes,
> >an election is a mission-critical application but it is also a fixed application
> >if you design it well with a database paradigm. The database changes
> >for every election (candidates, offices, etc.) but the software is the same
> >at each different stations (registration, voting, ballot box, tallying,
> >reporting, auditing, etc.).
>
> Of course, the software isn't fixed, any more than any other package is
> fixed. If nothing else, each election will have software that includes
> the bug fixes and new features added since the last election.
Yes in a small part. Elections cannot have added features so easily because
the election machines must be state certified (a lengthy and costly
procedure) and the ballots must comply to current laws (Palm Beach being
the exception that justifies the rule). So, a "vote for one" race or "vote for
three" is pretty much the same for almost 100 years now in terms of features
and ballot lay-out. And election officials prefer it so -- their mantra (and
a good one in this case but not if taken too much to the letter) is "if it
ain't broken don't fix it".
The only thing that should change is the bug fixes, which should also
taper off after a while since there should be no new features driving new
bugs.
> The real model for electronic voting isn't Florida, though; it's New
> Mexico. In Bernalillo County, which used optical mark ballots, the
> scanner was misprogrammed -- it ignored straight-ticket votes. In this
> case, once the problem was recognized, the fix was relatively easy --
> they corrected the program and rescanned the ballots. If the voting had
> been online, there would have been no physical ballots to rescan.
Not true, not even with current minimum FEC standards. And note that
the draft for future FEC standards for online voting defines online voting as
a branch of electronic voting.
The point is that what was wrong in New Mexico as you report was the
tallying and this could be redone by re-running the ballot images mandated
by the FEC to be stored in the ballot box part of each electronic voting machine.
If this same requirement is kept for online voting, then remote ballot boxes
would hold copies of all ballots and they could be re-tallied with the bug fixed.
Once the same type problem is recognized, the fix is even easier since there are no
ballots to be rescanned, just re-tallied.
Cheers,
Ed Gerck
>
>
>
> >And, elections already use software -- even if you just use punch cards.
> >So, this is NOT a new problem either. In fact, it is worse today because
> >it all closed source software (in the good name of security).
> >
>
> Believe me, that software scares me, too... And open source, though a
> help, is hardly a panacea; finding bugs is *hard*, and testing is not
> at all adequate.
>
> --Steve Bellovin, http:/www.research.att.com/~smb
