The threat: paper 1 of 3

From: Steve Chessin <steve_dot_chessin_at_sun_dot_com>
Date: Fri Apr 30 2004 - 14:43:05 CDT

        What is the threat of DRE-enabled voter fraud?

The major threat that non-voter-verified electronic voting equipment
presents is of an insider attack; that is, a machine that is designed
to behave perfectly except when being used in an actual election, when
it "shaves" votes from one party's candidates and gives them to
another. Would a reasonable person find this threat credible?

A reasonable person would have to acknowledge that some politicians
sometimes do resort to extra-legal means, including vote fraud, in an
attempt to ensure their election. Although it didn't involve voter
fraud, perhaps the most famous example is the June 17, 1972 break-in at
the Watergate Hotel on behalf of the Nixon re-election campaign.

Another example that does involve voter fraud is the 1997 primary
mayoral election in Miami, Florida. In that case, the court found "a
massive, well-conceived and well-orchestrated absentee ballot voter
fraud scheme". (Demos, "Securing the Vote: An analysis of election
fraud," http://www.demos-usa.org/pub111.cfm or
http://www.demos-usa.org:80/pubs/EDR_-_Securing_the_Vote.pdf , pages 39
and 40.)

A reasonable person would next consider the recent corporate scandals
involving, among others, Enron, Worldcom, and Arthur Andersen, and
conclude that sometimes persons in power at corporations engage in
dishonest, if not criminal, acts in the pursuit of financial or other
gain.

A reasonable person would also consider the cases of Robert Hanssen and
Aldrich Ames, and conclude that sometimes people who pass the best
background checks the FBI and CIA have to offer become dishonest and
commit crimes, even of a magnitude that threatens national security.

A reasonable person would finally recognize that computer programmers
are not immune from the same temptations as others, and have been known
to modify software in pursuit of financial or other gain. (See, for
example, M. E. Kabay, "Salami Fraud," Network World Security
Newsletter, 24 July 2002,
http://www.nwfusion.com/newsletters/sec/2002/01467137.html.)

Additionally, a reasonable person would recognize that anomalous
results have been reported with both DREs and optical scan equipment,
and the presence of a voter-verified audit trail has allowed the errors
with optical scan counting equipment to be corrected. The anomalous
results with DREs have just been hand-waved away, creating voter
uncertainty in the accuracy of the results. (See, for example,
http://www.notablesoftware.com/Papers/CACM1102.html) Had the DREs had a
voter-verified paper trail, the uncertainty would not exist.

Therefore, a reasonable person would thus be forced to conclude that
the possibility of a DRE vendor producing nearly undetectable
fraudulent machines, whether deliberately or due to a rogue programmer,
is not something to be dismissed lightly. She would also conclude that
a voter-verified audit trail would defuse this threat, as well as
reassure voters that their votes would be counted accurately in the
event of anomalous DRE behavior.

[The author is a software engineer with over thirty years of experience
in the computer field. He currently works with hardware engineers who
are designing new machines, advising them in the areas of reliability,
availability, and serviceability (RAS). His area of expertise is the
interface between hardware and software, especially in the area of
injection, detection, correction, and prevention of hardware errors by
software.]

--Steve Chessin
1426 Lloyd Way, Mountain View, CA 94040
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Fri Apr 30 23:17:27 2004

This archive was generated by hypermail 2.1.8 : Fri Apr 30 2004 - 23:17:29 CDT