Friday, October 06, 2006

Pushing the wrong buttons

Once upon a time, any election in India would be accompanied by "booth-capturing", "ballot-stuffing", and other unsavoury incidents; and the declaration of results would be accompanied by allegations from the other side of theft and fraud. Then India's elections went electronic: after extensive testing and local use for 10 years, the 2004 general elections were entirely conducted on electronic machines, and were the most peaceful and least contentious ever. The world watched and applauded.


Once upon a time, the US was the beacon of democracy. Then in 2000, the presidential election took ten days of wrangling and a Supreme Court vote to decide. Embarrassed by the international coverage of butterfly ballot papers and hanging chads, the US decided to go electronic too. But the 2004 elections were among the most contentious ever, especially in Ohio. And all signs suggest that future elections will be worse. Why?


For one thing, there's the main manufacturer of these machines, Diebold. Its CEO wrote to Republicans in 2003 that he was "committed to helping Ohio deliver its electoral votes to the president next year." (He later said he didn't mean it that way.) Subsequently there have been numerous questions raised regarding the security of these machines. Recently, Edward Felten of Princeton University and his colleagues infected them with a virus that could silently change voting results. A little earlier, they showed that a commonly-available hotel minibar key could be used to physically open a Diebold machine. And that's just in the past month. Earlier, Avi Rubin of Johns Hopkins had made several devastating critiques of e-voting security, Diebold's in particular; an archive of his observations is here.


Robert F. Kennedy, Jr, has written two recent articles in Rolling Stone, arguing strongly that the 2004 election was stolen, and that the next one will be, too.


And now it seems the US is not the only country facing problems with electronic voting. Brazilian campaigners are worried about aspects of their system, and now there are reports that Nedap voting machines used in the Netherlands and France can be programmed to steal votes too.


So why is there such a lack of controversy in India? It's all to do with the sort of voting machines in use. The above countries use special-purpose voting machines that are really full-fledged computers, with RAM, hard disks, touch screens, networking capabilities, PCMCIA, peripherals, Microsoft Windows, and yes, security holes including viruses. The Indian machines are basically adding-machines: externally they just have 16 buttons (one for each candidate, but up to 4 machines can be chained together if there are more candidates), and internally they have no operating system; all their software is hard-wired on a sealed microprocessor that cannot be rewritten or replaced without damaging the machine. Moreover, the voting machine does not store vote tallies: a separate control machine does that.


This blog posting (from 2004) goes into more details. As Slate (and others) noted at that time, sometimes a pencil is indeed better than a high-tech pen.

No comments: