Friday, January 23, 2009

More election machine trouble

A computer log should tell what happened on a system. Most servers can track nearly everything--Who logged on, what files were changed and by who, what files were viewed. The limit is essentially the size of the log and the speed of transactions. Election machines need logs too--Both to make sure they work properly, and to make it more difficult to tamper with the system undetectably. Logs should be simple, and there is little excuse for logs to be anything but plain English text files. The data flow is slow enough (in computer terms) that virtually everything should be logged. In a recent election in Humbolt county California, there were irregularities. The logs form the GEMS voting machine turned out to be completely indecipherable, even with assistance from Premier. Something happened that affected the totals, but the logs don't match either the results or the paper records made by election officials. It should be incredible that Premier shipped a system like this, but based on past performance I'm not surprised. What is shocking is that this flaw was not found by the election boards before the systems were put in use. Election boards need security experts to advise them. If they are dealing with computers, they need computer security experts. I've said before--Election machines should have at least as much accountability as an ATM. There needs to be two methods of making the count. If the errors are random, it is bad enough. If the errors are weighted in a particular direction, or if they allow undetected tampering, it is a huge problem. A reputation as bad as Premier should not be able to get contracts.

No comments: