Thought experiment

[unixronin]

cipherpunk posted yesterday about a paper on the weaknesses of DRE voting machines.  And it got me thinking.

Suppose that every state, when requesting bids for voting machines, were to include a clause like the following in the request for proposals:

"n.  By submitting a bid in response to this request, you grant permission for an independent security audit of the submitted voting equipment prior to completion of the bid process, said audit to be performed by agents including but not limited to an agent or multiple agents appointed by $state, and agree to cooperate fully and in a timely manner with any and all such audits."

I think the results might be interesting.  Discuss.

Comments

[cipherpunk.livejournal.com]

This assumes the state is competent to hold its own audit. I think that's an unwarranted assumption. There are only a handful of institutions that are capable of giving these systems the dissection they deserve: Berkeley, Rice, Stanford, UI, MIT, Johns Hopkins, mostly.

This also leaves the door open for trade secret law to be invoked. The vendors will say "hey, we have no objections to an independent audit, as long as there is no public report released and none of our IP is disclosed, ever." (Don't laugh: governments have done precisely this many, many times.) The vendors then get a security analysis for free, and can rest secure in the knowledge that they will never get a black eye from it.

What we need is transparency in the process. Vendors know this, we've screamed this at them often enough. As a general rule, though, the vendors are not willing to provide transparency. Given the choice between opening up their systems to inspection and simply getting out of the voting machine business, the general tendency is to choose the latter.

A much more interesting set of proposals, I think, is based on the Ansari X-Prize. "$100 million cash, tax free, to whoever comes up with the best DRE system, as evaluated according to these criteria by these people."

Another interesting one would be "$100 million of NSF funding is now available to qualified institutions that want to build their own voting machines." Our current NSF grant explicitly forbids us from doing this, as well as is underfunded. Giving us that charter and the funding to do a couple of generations of DRE design, including actual working hardware, would very quickly lead to some high-quality systems.

The problem isn't that we don't know how to do DRE well--we generally have at least a clue--but there are no market forces right now encouraging the adoption of well-designed DRE.

[ithildae.livejournal.com]

The current generation of Electronic Voting Machines was driven by congress, in panic mode, after the 2000 election. The companies involved convinced our representatives that the best way to fix the vote counting problems was to do it with a computer. Congress promptly allocated $3 Billion and change to large companies to develop such a beast.

What you are suggesting would be a more thoughtful, market driven development cycle. Instead of major companies trying to burn through allocated cash as fast as possible, without consideration of quality, we would be trying to find out what the public needs to ensure a fair and verifiable election result.

I don't think your suggestion will really help matters. It is an attempt to make a silk purse. What we have is a pig. If we want reasonable voting machines, the states and municipalities must be the ones to demand it, creating a market. What we have was a product looking for a market. The consumer base has already been badly burned, I doubt the market will recover anytime soon.

[novel-tharkun.livejournal.com]

I hate to promote the conspiracy theory idea / idiocy, but I'd suggest that for the corporations involved, and for the politicians (appointed & elected both) involved in the decision-making having truly good design is unimportant. Any with power over the choice of machine are likely to be in a position to abuse the mistakes in design. Moreover any particular company that "won" such a competition would instantly have pricing power to charge more and no politician wants to be in a position of having to choose proven trust and reliability at high cost against promises (even proven false ones) of trust and reliability at lower cost. Witness the lengths to which the US of A hides its military & intelligence expenditure breakdowns.