E-Voting Mash-up

California Secretary of State Debra Bowen must decide by this Friday whether to decertify any or all electronic voting machines used in California. A recent test of three popular voting machines showed that they were vulnerable to various forms of hacking.

There is some controversy about whether the tests were realistic - the "red" hacking team from the University of California had unfettered access to the machines - and now that the vulnerabilities/threats have been exposed, whether they can be defended against by officials at state polling locations. Before the decision is made, a risk assessment of these factors, as well as whether the magnitude of any voter fraud or lost votes that could occur in comparison to paper ballots needs to be done. Given the time, I doubt a thorough risk assessment is possible.

Anyway, one underlying theme that keeps getting overlooked in the e-voting controversy is the idea that we should be able to count every vote, which is something we never did before. For some reason, we expect perfect precision and accuracy when it comes to e-voting - which is theoretically possible, but not probable. It is more likely that votes will be lost due to operator error or plain old reliability problems with the hardware (or software) than by deliberate fraud.

We really need to keep reminding ourselves that IS&T is error-prone - and that what we need to do is figure out where to place the error, rather than to expect perfection. My earlier posts on the legal profession and gambling industry expectations of IS&T just re-emphasize this point.

UPDATE: California Secretary of State Debra Bowen imposed severe limitations on the use of electronic voting machines. The companies that made those machines like Diebold are very unhappy, as are California Country election officials.

It will be interesting to see whether the process of casting paper ballots will need to meet the same level of security/reliability as e-voting machines do. If they don't, then the whole e-voting testing exercise is little more than political grandstanding.


Risk Factor

IEEE Spectrum's risk analysis blog, featuring daily news, updates and analysis on computing and IT projects, software and systems failures, successes and innovations, security threats, and more.

Robert Charette
Spotsylvania, Va.
Willie D. Jones
New York City