Follow @jack_ganssle

The logo for The Embedded Muse For novel ideas about building embedded systems (both hardware and firmware), join the 27,000+ engineers who subscribe to The Embedded Muse, a free biweekly newsletter. The Muse has no hype, no vendor PR. It takes just a few seconds (just enter your email, which is shared with absolutely no one) to subscribe.

By Jack Ganssle

A Pretty Good Bill

Published 2/26/07

Last week Sen. Dianne Feinstein asked the GAO to conduct an investigation into various claims that the machines, called DREs, don't perform properly, requesting that the investigation be complete by the next presidential election.

How odd. If the investigation uncovers faults or fraud shortly before the election, what action will anyone take? With time short no remedies will be possible.

Congress is already working to improve e-voting. Identical bills S. 559 and H.R. 811 were recently referred to committees. The furor over alleged (I say "alleged" as the vitriol in the media and on web sites has drowned out reasoned discourse) irregularities should have taught us one thing: the primary feature we need from an e-voting machine is trust. Our democracy will be imperiled if the electorate isn't convinced that their votes are being recorded accurately and fairly.

It's easy to be critical of our elected representatives, as so many have wallowed so far below even the most cynical expectations. But S. 559 and H.R. 811, introduced February 13, are pretty good bills that, if passed, should silence the critics. Full text here: http://thomas.loc.gov/cgi-bin/query/F?c110:1:./temp/~c110pYD9ds:e868: .

Here are some highlights: "No voting system used in an election for Federal office shall at any time contain or use any software not certified by the State for use in the election or any software undisclosed to the State in the certification process."

"The manufacturer of the software used in the operation of the system shall provide the appropriate election official with updated information regarding the identification of each individual who participated in the writing of the software, including specific information regarding whether the individual has ever been convicted of a crime involving election, accounting, or computer security fraud."

"After the appropriate election official has certified the source code, object code, and executable representation of the voting system software for use in an election, the manufacturer may not--
"(I) alter such codes and representation; or
"(II) insert or use in the voting system any software not certified by the State for use in the election."

"The voting system shall require the use of or produce an individual voter-verified paper ballot of the voter's vote that shall be created by or made available for inspection and verification by the voter before the voter's vote is cast and counted."

This provision, by itself, is one that talking heads have demanded for several years. Yet by itself it's bogus. A paper trail is important, but is no assurance that the vote gets recorded properly. Malicious or buggy code can print apparently correct result while storing something else altogether.

However, the following provision addresses that concern: "No voting system used in an election for Federal office shall at any time contain or use any software not certified by the State for use in the election or any software undisclosed to the State in the certification process. The appropriate election official shall disclose, in electronic form, the source code, object code, and executable representation of the voting system software and firmware to the Commission, including ballot programming files, and the Commission shall make that source code, object code, executable representation, and ballot programming files available for inspection promptly upon request to any person."

Anyone, from e-voting guru Avi Rubin to your grandmother, can dig through the source and look for vulnerabilities. That's the secret to building a trustworthy product.

I predict we'll see a lobbying effort by manufacturers to weaken or eliminate this provision. Consider the implications: unless Microsoft is willing to release the source to CE, that OS will no longer be legal for e-voting apps. Most if not all machines currently use CE, so they'll need complete rewrites. Expensive? You betcha. Necessary? Absolutely.

The bills don't mandate a freeze point: the code should be unchanged at least six months before an election, so many eyes can inspect and independently verify the code. Others, like Black Box Voting (http://blackboxvoting.org/) want a raft of other rather technical changes. No doubt the bill will change greatly as it moves through the legislative process. But I sure hope the provisions above don't get watered down.

The Embedded Systems Conference San Jose runs from April 1 to 5, and the promo video (http://www.embedded.com/esc/sv/video/) is worth watching to see an amusing reference to the e-voting debate.