Undetected widespread covert manipulation of computerized voting systems is the functional equivalent of invasion and occupation by a foreign power. In either case the people lose control of their own destinies, perhaps permanently. Undetected covert manipulation of voting systems could even be worse than mere invasion, since the “electoral coup” would appear to occur with the illusion of the manufactured consent of the governed, and there would be no “tanks in the street” to galvanize resistance.
My name is Bruce O’Dell, and I am a self-employed information technology consultant based in Minneapolis, Minnesota. I have twenty five years professional experience specializing in the design of very large scale computer systems with extraordinary requirements for security and integrity. For example, while an employee of American Express, I led a project to design a central computer security service to authorize access to financial systems across that company and exchange data and transact on our customers’ behalf, with other financial institutions throughout North America. In 2005 I was the architect in charge of deploying a comprehensive new company-wide security environment at one of the 20 largest public companies in America. I would like to thank the Sub-Committee for the opportunity to share my perspective on electronic voting as someone accountable for the security and integrity of computer systems which safely handle billions - or even trillions - of dollars of other people’s money.
Since the heady days of the 1960s, a new, multi-billion-dollar electronic voting industry with world-wide growth aspirations has emerged. Whether the original drive to automate our voting was driven by genuine desire to improve elections or a simple faith that the latest and greatest technology must necessarily be the best, that industry is now so entrenched it has now become almost impossible to question the original decision to automate voting through application of computer technology.
Problems with computerized voting equipment are well-documented in the computer security community, and began to surface as soon as it was first deployed more than 40 years ago. As early as 1984, as reported in the well-respected “Risks to the Public of the Use of Computer Systems” forum a “series of articles by David Burnham in The New York Times documented vulnerabilities to tampering in equipment sold by Computer Election Systems, then the dominant electronic vendor; elections with their machines were challenged in Indiana, West Virginia, and Maryland, with rigging suspected in the 1984 election in the first two states; Federal Election Commission standards were described as inadequate; Texas also investigated numerous discrepancies involving Business Records Corporation - formerly known as Computer Election Systems; the NSA was asked to investigate if CES systems were open to fraud; California and Florida also investigated; voting systems examiner Michael Shamos was quoted as saying CES systems equipment "is a security nightmare open to tampering in a multitude of ways."
Computer Professionals for Social Responsibility, in the fall of 1988, noted: "America’s fundamental democratic institution is ripe for abuse... It is ridiculous for our country to run such a haphazard, easily violated election system. If we are to retain confidence in our election results, we must institute adequate security procedures in computerized vote tallying, and return election control to the citizenry."
In a pattern often to be repeated over the years, little attention was paid to those reports nor to the urgent warnings from independent security experts; while Business Records Corporation prospered and grew rapidly, eventually merging into the company known as Election Systems & Services, currently the leading vendor of computerized election equipment and services.
Yet despite these warnings - which in hindsight seem remarkably prescient - several generations of increasingly complex and expensive computerized voting technology were subsequently developed, marketed and deployed. At the same time, for nearly twenty years, the catalog of reported problems, outages and security vulnerabilities also continued to grow - and recently, accelerated rapidly thanks in part to the “Help America Vote Act” of 2002 (HAVA). Passed in the aftermath of the disputed presidential election in 2000, HAVA was intended to improve the process of voting in America. But as a direct result of its enactment, a new wave of secret and proprietary computerized voting technology has completed the process of computerization of American elections.
With thousands of reported problems nationwide affecting newly-deployed electronic voting equipment in the subsequent elections of 2002, 2004 and 2006, it is clear that HAVA has had precisely the opposite effect to its stated intention. As an information technology professional I am dismayed that all this has been allowed to happen with the blessing and active participation of so many of my colleagues, many of whom make their living promoting e-voting technologies. Billions of dollars have been spent on new voting equipment in the absence of what I would consider adequate disclosure of the true costs and risks to policy makers and the general public. This is a disservice to those who must rely on IT professionals to assess the technologies they do not understand.
As we will see, not only are there fundamental limitations to our ability to prove the accuracy and trustworthiness of any complex real-world computing system, voting itself deserves the strongest degree of protection. Many of my colleagues, as well as their clients and the general public, seem to utterly misunderstand the essential point: computerized voting systems should be classified as national defense systems demanding a much higher standard of protection than more conventional applications.
Undetected widespread covert manipulation of computerized voting systems is the functional equivalent of invasion and occupation by a foreign power. In either case the people lose control of their own destinies, perhaps permanently. Undetected covert manipulation of voting systems could even be worse than mere invasion, since the “electoral coup” would appear to occur with the illusion of the manufactured consent of the governed, and there would be no “tanks in the street” to galvanize resistance.
Voting systems used in American federal elections grant regulatory powers over the world’s largest economy, disbursement authority for the federal procurement budget, control of the composition of the Supreme Court and federal judiciary, and command of the world’s only superpower military. The financial rewards alone for covert influence over the outcome of state elections are potentially very lucrative as well.
Yet despite the fact that our computerized voting systems collectively represent the most irresistible target for insider manipulation in the history of the world, they are not even currently given the same level of protection as systems I’m familiar with in banking and financial services, much less than to computerized gaming equipment in Las Vegas. This is a national scandal, and a disgraceful lapse on the part of my profession.
You may hear from those who believe, to the contrary, that there are powerful information technology industry quality assurance and inspection techniques - such as certification of hardware and software by independent testing laboratories, county-sponsored Logic and Accuracy Testing, or even source code inspection - that can ensure the integrity and accuracy of New Hampshire’s computerized vote tabulation software
Yet, ensuring the integrity of systems is the hardest of all challenges in computing. Once again I believe my profession has failed to adequately inform our clients and the general public.
One of the primary reasons why trustworthy technology is so hard to achieve is that the mind-boggling complexity of real-world systems provides an enormous number of potential points of vulnerability. Voting hardware is deployed at more than 180,000 precincts and in more than three thousand counties in the US -not to forget those of the 309 voting locations in New Hampshire that tabulate votes by machine. The mere physical logistics of moving all that equipment out to the field and getting election results back to the central tabulators for the official canvass is challenging.
Not only are there potentially hundreds of New Hampshire voting devices, there are thousands of individual hardware and software components within each device. This includes proprietary software developed by voting equipment vendors, mass market consumer products like Microsoft Windows, and a host of highly complex, very specialized software - most with no visible behaviors - supplied by a long list of other vendors, many of them offshore.
In addition to all the devices and their individual components, we must also consider the collective actions of the thousands of people who participate, directly or indirectly, in designing, programming, testing, distributing, manufacturing, installing, maintaining, configuring, operating, transporting, monitoring, repairing and storing the vast number of hardware and software components that collectively add up to our system of electronic voting.
You may well hear advocates for rigorous testing and controls to be applied throughout the end-to-end voting process, but the truth is, no amount of testing alone can conjure trust in the overall system.
(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).
