How To Stop Democracy From Being Hacked – Tech Thursday
And so we close the book on another Presidential election. Most of the stories reported were about the long lines in Florida, and what states were trending to which candidate. Then there was the story about a software engineer that discovered that the voting machine he was using, was registering votes for the wrong candidate. Was this a hacking attempt to steal the election?
I don't think so. In this age of smartphones with video uploading straight to the web, combined with social media, an incident like this would have been more wide spread. And 53,000 is the grand scheme of things isn't that much, except in a highly contested state. If that was the circumstance, I would want this scrutinized very closely. But I do acknowledge that this could have been a lucky coincidence in that this gentleman was very tech savvy, was paying attention, and was in the right place at the right time. We're not sure how many machines could have been doing the same thing, or exactly how many votes were cast incorrectly.
One way to stem the tide of these things, is make all the software for electronic voting machines open source. That means, anyone could look at the source code and see what it is doing and how it is doing it. Right now, many of the voting machines out there use proprietary or closed source software to operate. That means no one is allowed to see it because the companies say that to let it out would ruin the business. How is that possible? It's a pretty simple setup. I could even build a voting machine with an off the shelf computer, touch screen and a little programming knowledge. Think about it.
The software would assign a voter id# that is not associated with a person, just as a way of keeping track of how many people have voted. The actual identity of voters would be handled by people. Granted, this is a insecure way of handling it, but it keeps the anonymity of the voter protected. Then, voter would choose the candidates by touching the corresponding box on the screen, seeing a check mark or something to show who the machine registered for the vote. Then you would click a "Cast Vote" button, where you would be presented with a screen showing your selections again, and asking for confirmation noting that once your vote is cast, by state/federal election law, you can't change it. If the voter says no, they can go back and make changes, or after several attempts of not getting it right ask for help from a polling inspector, who would get some basic training on how to recalibrate and reset the machine along with basic trouble shooting steps to follow. If the voter is ready to proceed, it will confirm again, saying this will register your votes. If they say yes, the vote is cast, and a hash is created using the voter's unique id# that was created, the choice of candidates of the voter and written to a secured memory card for tabulation later. The voter is thanked for their time and participation, and the machine would be recalibrated by the election worker, or poll inspector.
So I'm wondering where in there, is the secret? I mean, is it a trade secret how to add up votes? Think about it like a ballot box. You write the candidate's name on a piece of paper, fold it, and put it in a box. When the voting is done, you count them. That is basically what a voting machine does. Nothing more. So when companies that make voting machines say their software is a trade secret, how is that a secret? Are you worried about hacking or someone taking your software and reselling it on their machines? What if election law made it mandatory for it to be open. It would be pretty tough for someone else to pass your software off as theirs wouldn't it?And Election officials could inspect the software with experts for all involved parties to makes sure there wasn't anything in the code to allow for "sneaky business".
I see this as a simple problem with a simple fix. It would alleviate many issues with voting irregularity, protect the companies, and provide for a more transparent and open election system. But then again, this is 'Murica, and we love to talk about stuff like this. If you're a software developer, I would love to hear your thoughts and corrections to what is surely a flawed concept to me.
$>rm -f /usr/bin/murica