Electronic voting is a good idea in principle, provided it's done right. That means providing the voter with a paper copy of their vote so that they can verify how they cast their vote, and it means using software which is open source: not for ideological reasons, but because if you can't have an expert go through the source code line-by-line to verify that the voting software does what it says it does and no more.
For a lesson in how not to do it, take a look at this analysis by Bev Harris at Scoop of the GEMS system, produced by a company called Diebold Election Systems, which is already in use in the United States. The first problem is that the GEMS program which receives votes from the local polling stations by modem stores copies of the votes received in three different ledgers. The problem is, if the data in one ledger is corrupted or tampered with you'd never know it because the reports the program produces – which list minor details such as, say, the number of votes cast for each candidate – you know, nothing really important – are generated based on data held in just one of the ledgers.
Now you could argue that keeping three sets of ledgers is a good idea, in that it allows for comparisons of the data in the different ledgers which might reveal tampering. Trouble is, the three ledgers are stored in the same data file, so anyone who gains access to one ledger will in principle have the opportunity to tamper with the other two. This is Not Clever. Furthermore, it's even possible to add passwords and user names to the system, and to edit the audit trail GEMS generates showing who accessed the ledgers. Secure computing is hard enough to get right at the best of times, but this is just making it all too easy.
One point which is getting far more attention than it deserves is the notion that the GEMS system uses Microsoft's Access database management system, which isn't exactly known as a highly secure system. In fact, it's not clear from the article that the GEMS system is using Access at all: all the report confirms is that GEMS stores its data in a format which can be used by Access, which isn't the same thing at all. In the run-up to the 1997 General Election I spent some time looking after a database of canvass returns for my local Labour Party, doing data entry and a little bit of database administration work – which amounted mainly to exporting the data to a bunch of floppy disks to send to Labour's national campaigns team. The program used to enter data was a custom-written DOS program, but it stored the data we were inputting in tables which could be opened in Access. It's entirely possible that Diebold simply use the Access data format – most likely because there's a wealth of add-in software which understands the format and can produce reports, charts and so on, and it makes little sense to reinvent the wheel.
It's true that at the end of the story Harris reports that "[…] we interviewed election officials and also the technicians who set up the Diebold system in Georgia, and they confirmed that the GEMS system does use Microsoft Access […]", but without seeing the precise wording of the question and the answer I'm just not convinced that an election official or even a technician whose job may have simply been to hook up a PC with GEMS installed to a phone line, would have made the fine distinction between storing data in the MS Access file format and running the MS Access executable file. I could be wrong, but the body of the story just doesn't convince me that GEMS uses Microsoft Access.
This doesn't invalidate the arguments against GEMS storing multiple copies of the votes cast in one location and failing to cross-check them, or against the voting machines failing to provide the voter with a hard copy, but it should be understood that the GEMS program isn't Access – or at least, the Scoop report doesn't prove that it is – and therefore the kneejerk 'Microsoft products are crap' reaction may not be appropriate this time round. There are plenty of other reasons to be unhappy at the idea that this system is both secure enough to avoid tampering and sufficiently transparent to be seen to be trustworthy.
[Via The Sideshow]