For novel ideas about building embedded systems (both hardware and firmware), join the 27,000+ engineers who subscribe to The Embedded Muse, a free biweekly newsletter. The Muse has no hype and no vendor PR. It takes just a few seconds (just enter your email, which is shared with absolutely no one) to subscribe.
By Jack Ganssle
The Vote - Followup
In a Pulse that run just before the California Recall (http://embedded.com/showArticle.jhtml?articleID=15201145) I complained about the state of the art of electronic voting machines, and suggested we get the mob involved to clean up the mess.
The most important feature of any vote-collecting device is public trust in its accuracy. Without that trust the units are junk. Some readers complained about the use of the word "junk", but if I have an MP3 player that doesn't work, it's junk. A watch that's pretty but can't tell time is junk. A voting machine that no one trusts is junk.
I purposely did not mention Diebold, Inc (http://www.diebold.com/) in that article, because all vendors must sell trust as their primary product. Yet Diebold is in the center of the storm, as ex-employees claim the company circumvented proper testing protocols (http://www.wired.com/news/politics/0,1283,60563,00.html?tw=wn_bizhead_11). Worse, the company's devices seem to have a tamper-friendly database (http://www.scoop.co.nz/mason/stories/HL0307/S00065.htm) - just the ticket in today's e-hostile environment.
More evidence appeared when emails never meant for public consumption leaked (http://why-war.com/features/2003/10/diebold.html and http://chroot.net/s/lists//support.w3archive/200101/threads.html). Plenty of interesting sound bites surfaced, such as:
"Our department is being audited by the County. I have been waiting for someone to give me an explanation as to why Precinct 216 gave Al Gore a minus 16022 when it was uploaded. Will someone please explain this.? (http://chroot.net/s/lists//support.w3archive/200101/msg00068.html)
Machines from Sequoia Voting Systems are also raising security concerns. Their Windows-based (and thus attack-resistant) database is raising eyebrows from those tasked with running security tests (http://www.exit.com/RiversideVoteTest/).
The voting machine industry has met the challenge head-on, chartering a media relations group to improve the image of their products (http://www.wired.com/news/business/0,1367,60864,00.html?tw=wn_tophead_1) rather than build robust code. The PR folks are swimming against a tide of public opinion and satire (http://www.workingforchange.com/article.cfm?ItemID=15882).
Apparently folks from other than the embedded community read embedded.com. I heard from Walter Hearne:
I work for the Republican staff on the House Appropriations Committee, Transportation & Treasury subcommittee. One of the programs whose funding we oversee is election reform. I just read your article on Embedded.com about the FEC's electronic voting standards. The Help America Vote Act mandates that all voting precincts must eventually have at least one direct recording electronic (DRE) voting machine. This seems to provide states with a strong incentive to replace all of their machines with DREs, so as to have a uniform system. Anyway, your article was of great interest and concern to me, but being a hi-tech idiot myself, I had some difficulty understanding some of your comments. I have a few questions for you:
(1) What is firmware?
What is firmware? It's the basis of all of the features and problems inside a voting machine. How can the officials tasked with overseeing the industry not have at least a modest amount of insight into the very machines they supervise?
He had a number of other less načve questions. I wrote back at length. Mr. Hearne passed the correspondence on to FEC officials, some of whom replied. Here's a sampling:
From Brit Williams: There are a lot more of them than there of us. I have quit trying to reply to every real and imagined 'computer expert' that decides to take a swipe at voting systems. We stand on our record. For all the hype, no one has identified so much as an attempt at fraud against the computer system during an election.
The same reasoning suggests that banks that have never been held up don't need vaults. Don't bolt the barn door till after the horse leaves. Don't prove the code's correctness until after an election debacle. with no paper trail to determine the will of the people.
No wonder he's unable to reply to every expert taking swipes at the gear. there are so darn many of them. Like this (http://avirubin.com/vote.pdf) independent evaluation of Diebold's source.
The FEC's Steve Freeman wrote: Its (sic) probably true that most of the systems that will be used to count The recall in California are "junk." (I wonder how wide the definition of "junk" is being spread though). Like many other states, most of the counties have systems that were grandfathered in under the 1990 standards and probably qualify as junk just by the wear and tear. I count roughly 34 systems including some of the largest, that were grandfathered, some of which I don't believe were even submitted for testing. However, few of those counties will be able to complete the process of acquiring replacement systems by the time of the recall election and the HAVA fund requirements and possible fund short falls are adding to the delay.
Wow! That sure makes me feel better.
The twist in implication is blaming the VSS and current testing. If anything, the systems that have been fully developed under the 1990 standards tend to be noticeable improvements. The 2002 standards have raised the level even higher but it is still too early to see the full effect on the systems being marketed.
So after 1990 the devices are at least a little better. The quality of products designed to the 2002 standard is still unknown. Register and vote. because we need the beta testers.
From some discussions I have had with vendors, the 2002 standard is qualifying another 14 or more of the California systems as obsolete, i.e., "junk". With the delays in getting newer systems to market and through our testing, what are the counties who need to replace that "junk" going to do? How close are we to a standard that can't be enforced and have a viable selection systems for the elections next year?
This is the old "ship it now or ship it right" dilemma. Cave to schedule pressures and ship a buggy electronic coffee spoon - no one will care. Do the same for avionics systems, nuke plant controllers, or voting machines, and you'll be featured on 60 Minutes.
Here's another quote from a Diebold email:
Over that time I have become increasingly concerned about the apparent lack of concern over the practice of writing contracts to provide products and services which do not exist and then attempting to build these items on an unreasonable timetable with no written plan, little to no time for testing, and minimal resources. It also seems to be an accepted practice to exaggerate our progress and functionality to our customers and ourselves then make excuses at delivery time when these products and services do not meet expectations. (http://chroot.net/s/lists//announce.w3archive/200110/msg00001.html)
None of these issues are unique to the voting industry. Embedded designers everywhere wrestle with the same concerns. Management has an ethical responsibility to delay shipping till the product is ready.
Fortunately, as we've seen from Tyco, Enron, and countless others, corporations are operating at the highest of ethical standards. Walden O'Dell, Diebold's chief executive, told Republicans in a recent fund-raising letter that he is "committed to helping Ohio deliver its electoral votes to the president next year." (http://220.127.116.11/focus/f-news/973667/posts).