I watched the documentary on HBO Hacking Democracy last night… and I have to say that it brought an obvious problem even more into relevance.
As a computer scientist, you always start to criticize the software that you see being made public, especially pieces of software that affect the entire nation and/or are of such high profile… like public voting software. When watching the film, I can just imagine every single computer programmer out there going… “What the heck are these developers doing?”
With a sharp eye, just WATCHING the documentary gives in to a lot of security problems with problems and assumptions in the security software, that aren’t directly mentioned in the program… for the obvious reason that most people don’t know anything about proper software development.
Here are some observations:
- The source code is proprietary and closed. This is an obvious mistake but unfortunately, the companies involved have a full right to keep it that way. The government should instantiate rules allowing ANY individual to look at and scrutinize the code. There are always debates on whether this gives hackers that much more information… but at the same time, allows the public to have ownership of something that ultimately decides their government’s fate.
- The workstations involved with counting the votes for all of the precincts, was definitely NOT secure in any fashion… they were roaming between these computers and opening showing them being unlocked and not secured in any fashion during the “off season” of elections.
- The governments sign-offs of inspection completely failed to recognize the single most important aspect of voting is a voter’s right to secure their vote and be counted. There was clearly a check missing from the certifications about penetration attacks and no tests for attempts at corruption of data.
- A full test suite including functional and unit testing should be present and publicly available… and also, the public should be allowed (and or at least 3rd party companies) to be able to run their own functional and unit tests against to the code.
- They had a poor choice of storing the data… yes I know this is personal opinion, but the data was stored in Microsoft Access database files in plain text columns. Holy hell
- There are obviously more higher abstracted problems that are involved… private company corruption, black box production/manufacturing, and human error factors.
- Rules around what is given out to the public for audit are not followed. The documentation given to the documentary was CLEARLY proven to not be the actual documentation. The votes on ONE precinct were off by over 300 votes… from the original vote print out to the copy they were given. Not even counting machine error and/or hacking.
The solution:
It’s not an easy one… otherwise we would have figured this out before. Every conceivable system will have it’s shortcomings, but the more variables you can eliminate… the better.
My choice:
Keep the votes to be paper ballots… completely audited, archived, search able, and open to the public for every single precinct and individual in the entire system. Two or more teams of randomly chosen individuals to count the votes at least twice before any sign off is done. Having more legal consequences to the individuals signing off and holding themselves responsible for certifying the votes and vote machines in use.
I tell you what… I’ve ranted long enough… and I know that any documentary is going to be somewhat biased and I could potentially be brainwashed… but in this case, the documentary was trying to prove that the entire system was wrong… not that Republicans bought the election or any other bias… though, due to actual outcome, there were some insinuations that Republicans were potentially buying their elections in certain areas…
Its just… I don’t know… disheartening that there’s soo much corruption and dishonesty going on along every part of the process… from the politicians, the companies who make the software, and even the people involved in the election process at the precinct level.
Wow.