Hard News by Russell Brown

Scoop's scoop

If you had trouble reaching Scoop.co.nz yesterday, it was because Scoop got Slashdotted. The Wellington site's big story - bigger than Watergate, it was claimed - made the forums of the ultimate geek site, and people came to look.

So, is there anything in the story? As an IT writer of more than 10 years' experience, it looks that way to me. Had it been my scoop, I wouldn't have used the words "Bigger than Watergate", but if the technical profile of Diebold Systems' voting machine technology, as presented by Scoop and author Bev Harris, is correct, then it's potentially alarming: apart from anything else, democracy relies on a Microsoft Access database?

Two new stories - one highlighting conflicting statements about modem access to the machines - have been posted today.

There are probably three separate issues here: the generic unfitness of electronic voting systems that don't leave a hard audit trail; particular deficiencies in the Diebold system; and the somewhat incendiary speculation about the deliberate misuse of such a system to influence election results.

I don't really want to comment on that last one, although Harris's Black Box Voting website lines up news stories about odd results and political partisanship.

Elections are being held with Diebold voting machines in 37 US states. Surely the officials responsible would never buy into a system without being convinced of its integrity?

You'd be surprised at what a good marketing team can achieve: this reminds me quite a bit of the Mondex electronic cash system, a wholly offline stored value card technology in which six leading New Zealand banks bought a stake in 1996. I scored some world scoops of my own with stories highlighting exactly what was wrong with the Mondex technology. The banks, here and in Australia, eventually backed off their brilliant investment.

I made use of a number of sources in these stories, including a risk management expert who'd tried to blow the whistle at one of the banks, and Dr Ross Anderson, a Cambridge University academic who is one of the foremost independent experts on electronic security. Anderson has testified in a number of cases of ATM fraud, showing that security on ATM machines, including those sold by Diebold, can be compromised. He is also a public sceptic on electronic voting systems like the Diebold one.

One consultant with industry expertise in electronic voting systems has already written a scathing letter about Diebold on the basis of what Scoop has revealed. There's some interesting comment on Slashdot too.

Yesterday, I also contacted someone with relevant expertise, who said that on the basis of what had been published, and without the time required to look into the code made available, he could not say either way whether the system was or was not secure, although "the modeming of results might be a weak point."

On the issue of whether there was an audit trail, he said:

This is, I think, the crux. But I don't know - is there? I'd have to look at the database and code to determine that. Once again, it's standard practice in designing most database systems (not just this type) to include triggers in the database which disallow deletes and also audit trail critical tables time-stamping changes and registering who made the change. Choice of Access does, as you have already pointed out, call into question the security aspect. However this could be addressed if the system is managed in a secure way internally - ie: how do these systems actually roll out & get used?

Was there a reasonable explanation for the multiple ledgers Harris and Scoop discovered in the system?

It sounds a bit suss, but without talking to the designer you just can't point at this as evidence of any kind of problem. There may be a perfectly good reason for it. Depending on how it is used this might even increase security.

Could tallies in one of the ledgers be altered without leaving a formal record of the change?

Once again the Devil is in the detail. It depends on how the system is designed, and also how it is managed internally - procedures etc.

Any other observations?

Looking at the Diebold website my personal feeling was that if I was in charge of setting up elections of any kind I would need a *whole lot more* technical info regarding auditing and security before I'd consider them.

In short, by far the most important aspect of any system of this kind is the audit trail, and the security of that audit trail. Manufacturers of these systems have to realise that they are replacing a paper-based system which is operated within a well-tested framework of cross-checking by skilled and dedicated people. They have to match that, and securely provide an audit trail for each and every vote made.

To summarise, the Diebold website give me *nothing* in the way of information regarding this aspect, but the articles purporting to "expose" the system didn't convince me that anything was wrong either.

Wow - independent investigation frustrated by a regime that refuses to allow state employees to be questioned without a government minder present. What does that remind you of? Curiously, the investigation being frustrated - still - is the one into the September 11 attacks. The chairman of the federal commission has accused the Bush administration of "intimidation" of witnesses.

The Act Party really should get a clue itself before accusing the Greens of having a "tenuous grip of biosecurity issues". Gerry Eckhoff has lately been sounding off with clangers like this: "Genetically-modified organisms pose no health risks." Actually, Gez, it depends on what kind of organisms they are. An organism isn't automatically dangerous because it has been modified - but it's not automatically safe either. That's why we have regulations.