How to steal an election

I found an interesting article today on /. that lays out in some detail the problems with “state of the art” direct recording electronic (DRE) voting machines. There is a lot of good information in this article for those of us interested in using technology to support the elections process AND make elections more secure.

Some of the information on the Diebold AccuVote TS (a popular DRE voting unit) just floored me…

The GEMS database stores all of the votes collected from precinct accumulators, and it’s used to do the vote tabulation for a county. Because it’s so sensitive, you might think it would be tightly secured. But you’d be wrong.

The GEMS database is a vanilla, unencrypted Microsoft Access database that anyone with a copy of Access can edit. So if you have physical access to the GEMS server’s filesystem (either locally or remotely), then it’s not too hard to just go in and have your way with the vote totals. If Access isn’t installed on a particular GEMS server, just install it from a CD-ROM, or connect remotely from a laptop and edit the database that way.

Access?!?! No wonder people are so paranoid about DRE voting, and insistent on a verifiable paper trail. I’ve thought a lot about security in the telephone-based voting project I am working on, and I hope to use some of the points made in this article as context to describe why I think my system will be much more secure. (Particularly since I’ll be using a real database on the backend.)

I don’t want to get too far ahead of myself – I’ve still got to finish the $#@^% thing – but one of the things I have spent the most time on so far has been security related features.

More to come – stay tuned.

Vocal Democracy

Where have I been for the past few months? What have I been doing? Certainly not blogging – but hopefully that will change soon.

I’ve been back at work on a project that I first conceived of almost two years ago; a phone-based system for voting. It’s been tough trying to squeeze work in on this side project, now that I’m developing VoiceXML applications for a living (sometimes you don’t feel like working when you come home from work), but I’m making progress.

If your interested, you can read my original proposal on this subject which I submitted to the The National Institute of Standards and Technology in early 2005. What’s taken me so long on this one? A few things:

  • First and foremost, I needed some time to develop my skills. I’m now a better programmer in general, and a better VoiceXML programmer specifically. I feel like I can now do the idea justice.
  • Second, my original proposal called for using elements of the draft VoiceXML 2.1 specification – these elements are now more widely support by VoiceXML platform vendors.
  • Finally, there was one additional issue that gave me pause – the rampant paranoia about using technology in the voting process. Seems like most people are convinced that the only way to go is back to plain old paper ballots, with no computer technology of any kind. I’ll have more to say on this one in future posts.

If your interested in helping out on this protect, and you’ve got some coding skills, let me know. Otherwise, check back in from time to time to see how I’m doing.