Electronic voting machines: the follow-up - Embedded.com

Electronic voting machines: the follow-up


Just before the California recall election I complained about the state of the art of electronic voting machines and suggested we get the mob involved to clean up the mess.

The most important feature of any vote-collecting device is public trust in its accuracy. Without that trust the units are junk. Some readers complained about the use of the word “junk,” but if I have an MP3 player that doesn't work, it's junk. A watch that's pretty but can't tell time is junk. A voting machine that no one trusts is junk.

I purposely didn't mention Diebold, Inc. in that article, because all vendors must sell trust as their primary product. Yet Diebold is in the center of the storm, as ex-employees claim the company circumvented proper testing protocols. Worse, the company's devices seem to have a tamper-friendly database — just the ticket in today's e-hostile environment.

More evidence appeared when e-mails never meant for public consumption leaked (see here and here). Plenty of interesting sound bites surfaced, such as this one:

Our department is being audited by the County. I have been waiting for someone to give me an explanation as to why Precinct 216 gave Al Gore a minus 16022 when it was uploaded. Will someone please explain this?

Machines from Sequoia Voting Systems are also raising security concerns. Their Windows-based database is raising eyebrows from those tasked with running security tests.

The voting machine industry has met the challenge head-on, chartering a media relations group to improve the image of their products rather than build robust code. The PR folks are swimming against a tide of public opinion and satire.

Apparently folks from other than the embedded community read Embedded.com. I heard from Walter Hearne:

I work for the Republican staff on the House Appropriations Committee, Transportation & Treasury subcommittee. One of the programs whose funding we oversee is election reform. I just read your article on Embedded.com about the FEC's electronic voting standards. The Help America Vote Act mandates that all voting precincts must eventually have at least one direct recording electronic (DRE) voting machine. This seems to provide states with a strong incentive to replace all of their machines with DREs, so as to have a uniform system. Anyway, your article was of great interest and concern to me, but being a hi-tech idiot myself, I had some difficulty understanding some of your comments. I have a few questions for you:

(1) What is firmware?

What is firmware? It's the basis of all of the features and problems inside a voting machine. How can the officials tasked with overseeing the industry not have at least a modest amount of insight into the very machines they supervise?

He had a number of other less naive questions. I wrote back at length. Mr. Hearne passed the correspondence on to FEC officials, some of whom replied. Here's a sampling:

From Brit Williams:

There are a lot more of them than there are of us. I have quit trying to reply to every real and imagined 'computer expert' that decides to take a swipe at voting systems. We stand on our record. For all the hype, no one has identified so much as an attempt at fraud against the computer system during an election.

The same reasoning suggests that banks that have never been held up don't need vaults. Don't bolt the barn door till after the horse leaves. Don't prove the code's correctness until after an election debacle — with no paper trail to determine the will of the people.

No wonder he's unable to reply to every expert taking swipes at the gear — there are so darn many of them. Like this independent evaluation of Diebold's source.

The FEC's Steve Freeman wrote:

It's probably true that most of the systems that will be used to count the recall in California are “junk.” (I wonder how wide the definition of “junk” is being spread though.) Like many other states, most of the counties have systems that were grandfathered in under the 1990 standards and probably qualify as junk just by the wear and tear. I count roughly 34 systems including some of the largest, that were grandfathered, some of which I don't believe were even submitted for testing. However, few of those counties will be able to complete the process of acquiring replacement systems by the time of the recall election and the HAVA fund requirements and possible fund short falls are adding to the delay.

Wow! That sure makes me feel better.

The twist in implication is blaming the VSS and current testing. If anything, the systems that have been fully developed under the 1990 standards tend to be noticeable improvements. The 2002 standards have raised the level even higher but it is still too early to see the full effect on the systems being marketed.

So after 1990 the devices are at least a little better. The quality of products designed to the 2002 standard is still unknown. So register and vote — we need the beta testers.

From some discussions I have had with vendors, the 2002 standard is qualifying another 14 or more of the California systems as obsolete, i.e., “junk.” With the delays in getting newer systems to market and through our testing, what are the counties who need to replace that “junk” going to do? How close are we to a standard that can't be enforced and have viable selection systems for the elections next year?

This is the old “ship it now or ship it right” dilemma. Cave to schedule pressures and ship a buggy electronic coffee spoon — no one will care. Do the same for avionics systems, nuke plant controllers, or voting machines, and you'll be featured on 60 Minutes .

Here's another quote from a Diebold e-mail:

Over that time I have become increasingly concerned about the apparent lack of concern over the practice of writing contracts to provide products and services which do not exist and then attempting to build these items on an unreasonable timetable with no written plan, little to no time for testing, and minimal resources. It also seems to be an accepted practice to exaggerate our progress and functionality to our customers and ourselves then make excuses at delivery time when these products and services do not meet expectations.

None of these issues are unique to the voting industry. Embedded designers everywhere wrestle with the same concerns. Management has an ethical responsibility to delay shipping till the product is ready.

Fortunately, as we've seen from Tyco, Enron, and countless others, corporations are operating at the highest of ethical standards. Walden O'Dell, Diebold's chief executive, told Republicans in a recent fundraising letter that he is “committed to helping Ohio deliver its electoral votes to the president next year.”

Jack G. Ganssle is a lecturer and consultant on embedded development issues. He is conducting a seminar about building better embedded systems on December 5. Contact him at . His website is .

The poll is heavily favoring paper over electronic means for voting, and I agree. However, I think that:

1. The paper ballot should be designed so that it is very user friendly in terms of layout, formatting,clarity, etc.2. The paper ballot should be designed for machine-based processing and counting. Optical reading of checkboxes seems fairly robust.

There are two issues here: recording the vote, and tallying the vote. For recording the vote, I can't beatgood old paper. It is tangible, reasonably robust (particularly if it is card stock), and archivable for areasonable period of time. In particular, it can be re-counted as often as needed.

Tallying the vote actually has two parts:
1. Understanding what the intentions of the voter.
2. Counting the votes.

Regarding processing the intentions. For properly marked ballots (clear mark in check box, nocontradictions, etc), a machine-based process will be very accurate. If the machine detects any ambiguity,then the vote should be kicked out for manual processing by un-biased humans. In the few cases where theintent is simply not discernable, then throw out that ballot. A voting person should have some level ofintelligence for following directions.

An alternative process would be where the paper ballot is marked by hand, and then IMMEDIATELY scanned bymachine. The machine would present it's interpretation, and then ask the voter to concur. Afterconcurring, the machine would mark on the same paper ballot (bar code, etc) its interpretation, for furthertallying. If the voter did not concur, he/she starts over with a fresh blank ballot. The benefit of thisapproach is that it is closed loop (and we embedded types like closed loop control). The closed loop shouldgreatly improve the quality of the ballots (ie, no hanging chad).

Counting the votes would be based on scanning the bar codes (or other machine-made marks). I would notobject to the machine also accumulating an “unofficial” tally while validating the voter's intention. However, I'd like ALL ballots to be re-scanned in one of a few central locations under secure conditions(perhaps each county seat), and cross-checked against the originating voting precinct's unofficial tally. During the re-scan, there would still be the opportunity for manual interpretation (if needed).

There is also the issue of ballots being “misplaced”, as well as “replaced”. Seems to me that propersecurity procedures could adequately address these areas.

The bottom line is that a paper ballot is a one-to-one product of each voter's choices. Thus if needed, thecounting process can be re-done, beginning from the point where the voters initial intentions are marked onthe ballot.

– Dave Kellogg

I've voted on three different balloting systems, one the punch card, one an electronic gizmo, and one anoptical mark reader — I like the optical mark reader the best — there is a paper trail, but it is morereliable than the punch card. The KISS principle seems to work well in tabulating votes.

Few college majors devote even a full semester to these type of professional issues, despite being givenequal billing with calculus, etc. by ABET. Professional organizations like the IEEE offer little furtherguidance in early years. Unless one is lucky, and is in a good stable organization with good practices andmentoring, there is little chances of breaking out of the pressures of schedules before quality. I believethe level of awareness about these ethical issues has to be raised in the colleges and universities. Quitea bit of progress has been made in making education more like what is encountered on the job, in recentyears. Even a semester class in major related ethical and product safety issues, would much better preparethe graduates for a complex legal environment.

– Bill Murray

I just read your follow-up e-voting article. Maybe there is hope though, theAussies seem to be doing slightly better than most:


– Niall Murphy

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.