Tuesday, September 16, 2008

Software dependence is dangerous in voting systems

I wrote an op-ed that appears in today's Baltimore Sun. Here is the text of my article:

When it comes to voting technology, Maryland will soon take a big - and welcome - step backward.

In 2004, the state switched almost all of its precincts to Diebold touch-screen voting equipment, called direct recording electronic machines (DREs). In 2006, Maryland adopted these devices for all precincts. But when we cast ballots for president this November, Maryland will use DREs for the last time in a statewide election.

In 2010, we will return to a low-tech but far more secure system: optically scanned paper ballots. I know that many Marylanders have enjoyed the simplicity of tapping their candidate choices atop the DREs' sleek screens. But for me, the day these machines are tossed in the scrap heap cannot come quickly enough.

I have written extensively about the shortcomings of computer voting machines, and I will not go into detail here about why we can never be sure that these devices accurately count and report the selections made by the people who use them. Instead, I'd like to focus on a simple reason why software-based voting systems are impractical, given the state of voting system certification and the nature of the software industry.

First, consider the certification. Most states today require that voting systems meet federal standards. At specialized labs, vendors must submit their voting systems to a battery of tests in order to qualify for certification. In a rigorous process that can take many months, these labs check the resistance of the machines to temperature changes, evaluate the coding practices used in any software components and review other operating features, as required by federal rules, and in some cases even tougher state guidelines.

Once a voting system is certified, it is considered set in stone. Any change, no matter how small, requires that the entire system be recertified from scratch. This is appropriate, because a small change in one part of the system sometimes has significant and unanticipated effects on other parts of the system. This is especially true if the change is in the software. When it comes to computer voting systems, it is usually the software - the code that directs a computer to perform specific tasks - that harbors the primary Achilles' heel.

Here's the problem: The software industry has evolved in such a way that nearly all computer programs require frequent changes and repairs. This realignment takes place regularly and, to a great extent, invisibly. (How many home computer users understand what has happened during a regular Windows Update?)

Such updates are needed because software is complex and prone to glitches. It is not "often" buggy; it is "always" buggy. And when one bug is fixed, the fix itself can lead to other bugs. Microsoft releases new versions of its software and patches with regularity.

Even Apple, which has some of the best programmers in the world and spends more than most companies on software development, is aware that its products have bugs that must be fixed as quickly as possible. This property of software is not obvious to people who have never programmed, but for computer scientists, it is an accepted and well-understood phenomenon.

When bugs are found in software-based electronic voting systems - as they inevitably are - election officials often face an irreconcilable dilemma. They can ignore the bug, which could result in an incorrect vote tally or a paralyzing crash during the election, or they can try to have the bug fixed. But fixing the bug involves changing the software, and by law the voting system must then be recertified. Given the long time and additional expense that this process takes, recertifying may not be an option.

What if a serious software bug is discovered the week before the election? Even if it can be fixed in time, it would be illegal to use the resulting system in an election, and I would argue that there would not be time to properly test a bug fix for such a complex software system. On the eve of an important election, would you want to wrestle with a critical decision such as this one?

So the next time your laptop freezes up or a popular program on your computer crashes, ask yourself: How would you feel if this was your voting system on Election Day? Let's welcome the paper ballot system that is coming back in 2010. It is the best system for Maryland.