Diebold's secret code keeps voters in the dark

Plugged In

October 26, 2006|By Mike Himowitz | Mike Himowitz,Sun Columnist

In episode after episode, computer scientists have demonstrated the weaknesses of Maryland's electronic voting system. And time after time, officials from the State Board of Elections and Diebold Election Systems have circled the wagons - ignoring the real issues and branding their critics as kooks.

We have now learned that Diebold quietly replaced the main circuit boards in all its terminals last year because of a fatal flaw that it knew about for years.

Last week, someone who doesn't like Diebold dropped a couple of disks containing old company source code at the office of a longtime critic of electronic voting. Given the reaction of everyone involved in that incident - including the FBI - you might have thought that someone had stolen the crown jewels.

Far from it. Instead of criticizing this breach of security, we should give the miscreants a medal. Thievery and exposure may be the only ways we'll ever know if we're getting an honest count on Election Day.

There are lots of flaws in Maryland's system (including the hardware, as we have now learned). But the worst is that the source code for the software that records your vote and mine is secret. You and I can't see it even though we paid for it. And paid and paid and paid. The total is up to $106 million so far.

When the nerds among us try to explain why secret source code is so bad, people's eyes start to glaze over. Well, it's time to grow up, citizens. It's worth learning about if an honest election is even marginally important to you.

First: Underneath the rhetoric, our Diebold electronic voting terminals are just personal computers, and not very fancy ones at that. True, they have touch-sensitive screens, which are more expensive than the average laptop display, but not a whole lot. Bottom line: There's not much profit in the hardware.

Diebold and other vendors make their real money on the software that turns them into voting machines. This isn't rocket science, either. Voting software doesn't have to calculate trajectories between planets, or sequence the human genome, or predict hurricanes. It waits for you to push a faux button on the touch screen and then adds that vote to somebody's total.

Yes, there are complications. You may want the software to make sure you don't cast votes for more than one candidate in a race. Likewise, you may want a warning that that you didn't cast a vote in a particular contest.

In a General Assembly race, you may have to vote for as many as three candidates from a field of six or more - or if it's a primary election, choose 14 candidates from 25 running for a party central committee. There are also yes/no votes for bonds and ballot issues. In some places (thankfully, not here), citizens get to vote for at-large city council candidates and rank them in order of preference.

But these all boil down to a series of logical instructions, which programmers develop into the so-called source code for their software. The source code is typically written in a high-level computer programming language that bears some relationship to English. Other programmers can follow it and understand it - particularly if the author leaves comments in the code to explain what he's doing.

Later, the program may be compiled into the computer's native machine language, or some hybrid that's harder to tamper with.

Maryland election officials, to their credit, run a mathematical test on their software files before and after the election to prove they haven't been changed.

But in the end, that doesn't matter, because we don't know what that source code is to start with. Diebold says its software is proprietary, and won't be shown to anyone except a few mysterious companies whose job it is to certify this stuff. I don't know much about them and neither do many other people. I certainly have no reason to trust them.

That source code is the computer equivalent of the rules that election officials use when they count paper ballots. In the real world, those rules are clear and public, and when ballots are tallied by hand, it's done with representatives of both parties on hand to keep everybody honest and deal with disputes.

In proprietary systems such as Diebold's, the vote counting is done behind closed doors - which is why critics call it "black box voting." We don't know what the rules are, because we can't see the original source code, or hire someone to inspect it.

Is there a logic error that results in Smith's votes going to Johnson? Is there a line buried deep in the maze of code that takes every 50th vote for Smith and puts it in Johnson's column? We'll never know.

Back when counties bought their manual voting machines and ballot scanners from different vendors, fixing a statewide election was virtually impossible. Now, with every county tied to Diebold, a single line of malicious code could throw a statewide contest and be virtually undetectable.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.