ITAA fires back at e-voting critics
The vendor lobby is accusing security researchers of pushing an open-source agenda
News Story by Dan Verton
JULY 16, 2004 (COMPUTERWORLD) - WASHINGTON The president of one of the most influential IT vendor associations is accusing electronic voting system critics, many of whom are IT security researchers, of using the issue of e-voting security to wage a "religious war" that pits open-source software against proprietary software.
A recent survey by the Arlington, Va.-based Information Technology Association of America (ITAA) showed that 77% of registered voters aren't concerned about the security of e-voting systems, and ITAA President Harris Miller said critics who claim to be concerned about the issue are really pushing a political agenda on behalf of the open-source software community.
"It's not about voting machines. It's a religious war about open-source software vs. proprietary software," Miller said in an interview with Computerworld. "If you're a computer scientist and you think that open-source software is the solution to everything because you're a computer scientist and you can spot all flaws, then you hate electronic voting machines. But if you're a person who believes that proprietary software and open-source software can both be reliable, then you don't hate electronic voting machines."
Kim Alexander, president of the California Voter Foundation, called Miller's characterization "nonsense."
"Every technologist that I have worked with believes that even if we had open-source software, we would still need a paper [audit] trail," said Alexander. "There would be no guarantee that the software that was inspected by the public would be the same software that is running on every machine in every jurisdiction in the country."
Eric Raymond, president of the Open Source Initiative (OSI), a nonprofit organization that promotes standards and criteria for open-source software, said Miller has the issue wrong. "Most [e-voting] critics, including me, aren't focusing on open-source vs. closed-source at all, but rather on the lack of any decent audit trail of votes one that can't be corrupted by software. Open-source would be nice for all the real reasons but is less important than the audit trail."
Other supporters of voter-verifiable paper audit trails, including Avi Rubin, a professor at the Johns Hopkins University Information Security Institute, questioned the ITAA's decision to survey average voters about a technical security question.
"Would they ask questions about the safety of a medical procedure of patients or of doctors?" asked Rubin. "They should ask computer security experts about computer security questions, not end users, who may like the look and feel of the machines but have no way of knowing if they are really secure."
Miller acknowledged that security has to be a top priority but stopped short of saying that the IT security community is in agreement about the security vulnerabilities. "There's never been a demonstrated case of fraud other than an occasional mechanical problem," said Miller. Asking proponents of open-source software to comment on the security of electronic voting systems "is like asking a bunch of clergymen what they think of premarital sex," he said.
Jim Adler, CEO of VoteHere, a Bellevue, Wash.-based developer of secure voting technology, agreed that to date the biggest issue facing election security and accuracy hasn't been the security of the software used in the machines.
"The reality is that 2 million votes were lost in the 2000 election because of machine malfunctions or machine-user interface problems. So the long pole in the tent hasn't been security," said Adler.
However, Jeff Zaino, vice president of elections at the American Arbitration Association in New York, the largest provider of private election administration services in the country, said paper audit trails for electronic systems are critical not only to voter confidence but to preventing an endless number of legal challenges if the election is close.
Only two states, Florida and California, have a manual recount law and in Florida, the law doesn't apply to paperless touch-screen systems. "In principle, it's outrageous that we have secret, proprietary voting systems," said Alexander. "We have outsourced our elections to private companies and handed over the keys to the kingdom to a handful of vendors. And all they have said since this debate started is 'Trust us.'"