As well they should.
Look, I’m a technologist. I like computers, they do a lot of great things. But as a general principle, software sucks. People don’t understand computer security, and most of the e-voting machines don’t fail elegantly to real-world options. (Like the obvious choice of printing a receipt which a voter looks at, confirms as his vote, and drops in a big bin. The receipt could be machine readable, to allow for easier counting, but would also be countable by regular people if required.) There is a great deal on the study at the California Secretary of State site, including all the reports of the various teams.
One of the good things about this review is that not only were the machines themselves reviewed, but the code itself (under strict NDAs) was looked at. Matt Blaze, one of the researchers says (emphasis mine)
I was especially struck by the utter banality of most of the flaws we discovered. Exploitable vulnerabilities arose not so much from esoteric weaknesses that taxed our ingenuity, but rather from the garden-variety design and implementation blunders that plague any system not built with security as a central requirement. There was a pervasive lack of good security engineering across all three systems, and I’m at a loss to explain how any of them survived whatever process certified them as secure in the first place. Our hard work notwithstanding, unearthing exploitable deficiencies was surprisingly — and disturbingly — easy.
Um… “not built with security as a central requirement”? WTF Mate?
Look, I may be a nut, but I can’t think of much that should be more secure than our voting process. It is the single most important way we remain free. (And the irregularities in the past elections make me worry about the “remain free” part.) We have to be vigilant to protect our democracy, the Founders knew this, I wish sometimes that we could remember it ourselves.
Bruce Schneier, security guru (he knows Alice and Bob’s shared secret), writes about it as well. Evidently the teams were given only a few weeks, and not enough documentation or support to actually do a realistic security review of the machines. And still they discovered enough to have the machines lose certification. As Schneier says “the voting machines tested were so horribly bad that the reviewers found vulnerabilities despite a ridiculous schedule.” And that, my friends, is bad.
I know my code could never pass a review like this, but I’m not writing voting machine software. I’m not even handling money. I don’t even have anyone’s social security number. (And all the information I have is pretty much available under FOIA, anyway). Security for me is just not corrupting data, and I do pretty well with that (better than my predecessors, anyway). Still, it’s a shame that Diebold is here in Ohio, and is probably goign to get a pass with whatever crap they have available.
Update: Speaking of Diebold, here’s a link about their crap. I’m in a meeting with the BoE today, about keys (you know the metal kind, not the encryption kind), I wonder if they understand that to screw up an election all you need is access to one machine (or one person to corrupt).
Hanlon’s Razor, which I first encountered in the Murphy’s Laws Book 2 listed at the link, goes something like this: “Never attribute to malice that which can adequately explained by stupidity.” Other words can go in place of “stupidity.” “Incompetence” and “ignorance” also work. The gist of it is that human failure is more likely than human malice, so we’d rather assume that someone made a mistake, instead of deliberately slipping us the knife.