California audited computer voting machines last summer, and gave all of the audited machines failing grades. The result of that was that California’s Secretary of State decertified all of them.
Now, Ohio has done a similar audit, with similar results:
All five voting systems used in Ohio, a state whose electoral votes narrowly swung two elections toward President Bush, have critical flaws that could undermine the integrity of the 2008 general election, a report commissioned by the state’s top elections official has found.
“It was worse than I anticipated,” the official, Secretary of State Jennifer Brunner, said of the report. “I had hoped that perhaps one system would test superior to the others.”
At polling stations, teams working on the study were able to pick locks to access memory cards and use hand-held devices to plug false vote counts into machines. At boards of election, they were able to introduce malignant software into servers.
Ms. Brunner proposed replacing all of the state’s voting machines, including the touch-screen ones used in more than 50 of Ohio’s 88 counties. She wants all counties to use optical scan machines that read and electronically record paper ballots that are filled in manually by voters.
We should name names, here:
The study released Friday found that voting machines and central servers made by Elections Systems and Software; Premier Election Solutions, formerly Diebold; and Hart InterCivic; were easily corrupted.
The companies, of course, say that the audits don’t matter, and they stand by their machines. That’s no surprise. In their own defense, they often say things like this:
“It is important to note,” he said, “that there has not been a single documented case of a successful attack against an electronic voting system, in Ohio or anywhere in the United States.”In other words, no one’s been caught, so it’s OK.
Because that’s a key point here: one of the flaws is that corruption of the machines is, in many cases, hard to detect. We might have a nice, friendly community somewhere, where we could just put a box in the middle of the town green and set up the voting on the honour system... but no one would think that a wise thing. And in a real sense, that’s what we’re doing with these machines.
The solution, though, is not to have the companies go off and re-design their machines as they’ve designed them in the past — we’d just have to do another audit, at more expense, and I have no doubt that we’d find more problems. We can’t keep iterating this process.
The solution is to put it into an open design process, where security experts — the sorts of people who are auditing the machines now — participate in the design, and oversee things. And have the whole process audited at every stage.