A Techie Looks at San Francisco’s Voting Machines
By Eileen Left
I understand that SF is trying to implement IRV by reprogramming our
voting machines. Here is a brief summary of my research into the voting
machines, and a brief technical summary of the issues we face:
In San Francisco we have voting machines from ES&S (Election Systems
and Software). ES&S voting and vote tabulation machines are "black boxes,"
meaning that they are programmed only by ES&S technicians, and only they
are privy to the inner workings of the machine. In technical terminology,
the ES&S software which runs on their machines is "closed source," as are
many commercial software products (Photoshop, for example). The initial
written state of computer programs is known as its "source code." Take a
computer program written in C, a common computer language: the program is
in a somewhat legible and comprehensible state until it is "compiled." The
program must be compiled in order for it to function, and compilation is
generally regarded as a one-way process. Once I compile a program, it can
not (without substantial effort) be "de-compiled." This final, compiled
state of a program is called its "executable," or "binary," and this is
what the voting machines actually contain and run.
The voting machines don't even have the source code stored in them. The
source code for ES&S machines is on secure computers at their offices, and
is also stored by an "independent third party" in "escrow," who ostensibly
verifies its integrity. Generally, if a source code is privately guarded
and not available to the public, it is difficult to understand how its
executable will function or what exactly this executable will do. An
example would be this: someone sends you an executable and you don't know
whether it is a virus because it is only an executable. If they sent you
the source code you could, with proper expertise, ascertain what the
program will do, compile the source code yourself, and use the executable.
If you or I wanted to alter the functionality of the voting machine, we
would have to either: obtain the "source code" for the voting machine
program, or "reverse engineer" the executable to figure out how it works.
Unfortunately neither of these options is very likely! I don't know the
specifics of ES&S's license agreement, but it is VERY LIKELY that the
source code is proprietary, and is intellectual property belonging solely
to ES&S. Reverse engineering is almost certainly EXPRESSLY PROHIBITED by
ES&S and most other closed source software vendors. I can't make changes
to the voting machines, nor can anyone other than an ES&S technician. In
analogous situations in the computer industry, the software vendor has the
customer "over the barrel." We all know this is not a good place to be.
The internet is teeming with conspiracies regarding voting machine
rigging, conflicts of interest, and lack of vendor accountability,
auditing, and integrity. There is a scandal surrounding Nebraska Senator
Chuck Hagel's holdings in ES&S, which provided all of the voting machines
for the elections he won. He lied and said he was divested when he wasn't,
and was chairman and CEO of ES&S for years. (See
www.talion.com/election-machines.html for the most-sited
research on this matter and others.)
There are also stories of machine malfunctions, anomalous machine
behavior, poor protocol security, and credible scenarios involving
hypothetical viruses on the voting machines. Former voting machine test
certification engineer Dan Spillane is suing his former employer for
rubber-stamping voting machines with "major flaws"(Case#:
for more stories. In short, voting machines are surrounded by a veil of
secrecy and are the object of much suspicion.
Obviously this is outrageous. We have few choices other than to pay
exorbitant fees to a disreputable corporation so they will modify the
voting machine source code, or scrap the entire ES&S system which we have
already paid for. A few things we can do to mitigate our losses:
|* Lower the ES&S price tag on the IRV implementation. One
possibility would be to demand a detailed estimate with cost
breakdowns for the entire job, which can be taken apart piece by
piece and shown to be overpriced despite our lack of inside
knowledge of the source code.
|* Join the chorus of voices dissenting against ES&S and
electronic voting machines in general, calling for full disclosure,
competitive bidding, open communication protocols, open source
software, and manual recount capability. We might be eligible for
federal funding via Prop. 41, assuming it passes. Obviously this is
not a short-term solution.
|* Try to limp through the first IRV election with hand counting
or some other cobbled-together system.
|* Blast ES&S and sue for access to the source code.
|* Obtain a competitive bid from a rival voting machine company.
|* Attempt a "hybrid" solution in which a new central vote
tabulation machine is purchased and the precinct ballots are
transported to City Hall for tabulation. This way only one machine
is needed, or only one machine needs to be upgraded.