News Reports May Be A Little Quick To Clear Sarasota E-Voting Machines
from the not-quite dept
The Associated Press put out an article late Friday claiming that a study found the e-voting machines used in Florida’s Sarasota County the machines had no problems — despite a large number of missing votes. At least that’s what you’d get from reading the article, with a headline that blares: “Audit: Fla. Voting Machines Didn’t Err.” Of course, that’s not exactly what the study found. First of all, the panel of researchers did not study the e-voting machines at all — but just the source code of the software. There could be plenty of other reasons why the voting machines had problems that couldn’t be uncovered just by looking at the source code of the software. And, in fact, the actual report is hardly as forgiving as the AP report makes out. Ed Felten points out that the report actually highlights all kinds of security problems with the software, including plenty of places where a virus could exploit a buffer overflow. It also discovered incredibly weak security, such as a master password that would be relatively easy to guess (only had 256 possibilities).
Of course, that doesn’t mean that there was anything malicious going on here. As both the report and Felten point out, that hardly seems likely (especially since if you were to do something malicious, you wouldn’t undercount votes, but switch them to hide them better). Instead, as Felten notes, it seems likely that the machines simply screwed up. He suggests “systems that are insecure tend to be unreliable as well — they tend to go wrong on their own even if nobody is attacking them. Code that is laced with buffer overruns, array out-of-bounds errors, integer overflow errors, and the like tends to be flaky. Sporadic undervotes are the kind of behavior you would expect to see from a flaky voting technology.” Once again, if anything, this test has done a disservice to those looking to strengthen the election process. As Felten pointed out when he refused to serve on the panel, limiting what could be tested isn’t particularly useful — and leads to things like the Associated Press declaring that the machines have been vindicated when that’s not at all true.