Rick Monteverde wrote:
Funny that technophiles like us would object to these the way we do. I guess it's because we know easily computer systems can often be defeated even when they're touted as being rock solid. Heck, most of the time you don't even have to *try* to get them to fail.
Well, I spent 25 years making transaction processing computers similar to vote-counting machines, and if I do say so myself, if I had designed them they would be rock solid. It is not rocket science. I used to work at NCR where they have been making transaction processing cash registers for 130 years. They are rock solid. The whole point of a cash register is to keep employees and customers from stealing money, and they are extremely effective. NCR makes ATMs and I will bet that no one ever succeeded in a cyber attack against one.
So I think people (including me) know how to do this, and we could easily make reliable voting machines, but in the case of the touchscreen voting machines in Georgia they violated every design rule in the book. As I mentioned, I was trained by DeKalb County to operate the machines as a poll worker. What I saw was appalling. I spotted several glaring design faults that no person experienced in this kind of technology should have made. The actual performance of the machines during the election confirmed my impression. The ones I was working with lost track of at least 3 votes out of several hundred, and probably more.
I wrote a fairly detailed letter describing the problems to the board of elections. The person in charge of the poll I was at got upset with me for "washing dirty laundry in public" and they never called me back, even though they are short of poll workers. It is a boring job, so for once a good deed went unpunished. When she sent me the message about "dirty laundry" I told her that every programmer in the country would instantly recognize the problems I described, and that Johns Hopkins had published a paper describing them (in much more detail than I had). Then I sent copies to the Atlanta Journal and other newspapers which ignored them -- naturally. (There was nothing in my report you cannot find at VerifiedVoting.org and similar sites, but they were just getting started back then.)
One of the most important rules for preventing fraud is to produce a paper receipt. This has been an ironclad rule since the first cash register, right down to today's ATMs, gas station pumps, and so on. The fact that the voting machines do not do this is mind-boggling. Whoever designed them as either a rank amateur or deliberately made them insecure. My impression reading the details of the software as described by experts at Johns Hopkins is that the designers are amateurs. I got a feeling they were inexperienced young people hired out of college. (That is just a gut feeling, but I have seen tons of code written by many different people and you do get a sense of the author's personality after a while. Kind of the way an archaeologist can look at a few shards of pottery and read the personality and circumstances of an ancient potter.)
Modern electronic cash registers work well because they use security procedures that were developed over decades for the mechanical ones. Most computer applications incorporate procedures and terminology from the precomputer era. "Registers" used to be books; FILO queues used to be those spiked paper holders on desks. The ISAM indexing algorithms in the 1970s and '80s were originally developed for people to use in manually cataloging folders. Many computer programs are substandard and unreliable because the young people writing them have little experience outside of computers themselves. They may not be familiar with the application itself, or with precomputer era data processing techniques, or human factors engineering, for example. One of the strengths of Microsoft is that they have many people with many different backgrounds who are familiar with such things.
- Jed
