Tuesday, September 30, 2003

Recent Salon article re: Diebold voting systems

Hacking Democracy (Salon)

A critical point the article overlooks arises from Lewis's assertion about certification:

Lewis says, the testing labs simulate actual voting on each type of machine. The test, which is 163 hours long, "puts tens of thousands of votes into the system, and we know what the outcome is supposed to be."

Once an application has been patched (which we know happens[*]) *after* certification but before use, the certification is now in question -- because the software has *changed* due to the patch. Any responsible developer performs what checks they can before releasing a patch (because a patch is supposed to FIX something), but the patched code and the certified version of the application are *not the same*, and patches *frequently* are released without substantial QA, certainly not the 163 hour testing to which Lewis refers. You cannot state that version X.12 software is certified, and then assume that subsequent patches don't introduce an unexpected problem. This is why you need to constantly re-test code. Once you've patched X.12 with patch B44, you now have software version X.12.B44 -- software *based* on a certified application. But not itself certified.

This, by the way, is why when you go to download an open source application, you'll see versions marked as 'robust' or 'public' or 'official' -- they've been tested/certified/reviewed and released for general use, as well as 'beta' or 'developer's' versions, the two latter labels referring to code actively undergoing changes on a regular basis. Not tested or not tested fully. Not certified. Not reviewed. And, not released for general use.

[*] A technician describes loading new code onto touchscreen units for Diebold immediately before elections. Logistically, such code could not have gone through the 163 hour certification. Ref: Bald-Faced Lies About Black Box Voting Machines

An Open Invitation to Election Fraud (Salon)
Hacking Democracy (Salon)
Black Box Voting

No comments: