About Us

Contact Us


June 3, 2003


Major Flaws

A Techie Looks at San Francisco’s Voting Machines

By Eileen Left

I understand that SF is trying to implement IRV by reprogramming our voting machines. Here is a brief summary of my research into the voting machines, and a brief technical summary of the issues we face:

In San Francisco we have voting machines from ES&S (Election Systems and Software). ES&S voting and vote tabulation machines are "black boxes," meaning that they are programmed only by ES&S technicians, and only they are privy to the inner workings of the machine. In technical terminology, the ES&S software which runs on their machines is "closed source," as are many commercial software products (Photoshop, for example). The initial written state of computer programs is known as its "source code." Take a computer program written in C, a common computer language: the program is in a somewhat legible and comprehensible state until it is "compiled." The program must be compiled in order for it to function, and compilation is generally regarded as a one-way process. Once I compile a program, it can not (without substantial effort) be "de-compiled." This final, compiled state of a program is called its "executable," or "binary," and this is what the voting machines actually contain and run.

The voting machines don't even have the source code stored in them. The source code for ES&S machines is on secure computers at their offices, and is also stored by an "independent third party" in "escrow," who ostensibly verifies its integrity. Generally, if a source code is privately guarded and not available to the public, it is difficult to understand how its executable will function or what exactly this executable will do. An example would be this: someone sends you an executable and you don't know whether it is a virus because it is only an executable. If they sent you the source code you could, with proper expertise, ascertain what the program will do, compile the source code yourself, and use the executable.

If you or I wanted to alter the functionality of the voting machine, we would have to either: obtain the "source code" for the voting machine program, or "reverse engineer" the executable to figure out how it works. Unfortunately neither of these options is very likely! I don't know the specifics of ES&S's license agreement, but it is VERY LIKELY that the source code is proprietary, and is intellectual property belonging solely to ES&S. Reverse engineering is almost certainly EXPRESSLY PROHIBITED by ES&S and most other closed source software vendors. I can't make changes to the voting machines, nor can anyone other than an ES&S technician. In analogous situations in the computer industry, the software vendor has the customer "over the barrel." We all know this is not a good place to be.

The internet is teeming with conspiracies regarding voting machine rigging, conflicts of interest, and lack of vendor accountability, auditing, and integrity. There is a scandal surrounding Nebraska Senator Chuck Hagel's holdings in ES&S, which provided all of the voting machines for the elections he won. He lied and said he was divested when he wasn't, and was chairman and CEO of ES&S for years. (See www.talion.com/election-machines.html for the most-sited research on this matter and others.)

There are also stories of machine malfunctions, anomalous machine behavior, poor protocol security, and credible scenarios involving hypothetical viruses on the voting machines. Former voting machine test certification engineer Dan Spillane is suing his former employer for rubber-stamping voting machines with "major flaws"(Case#: 03-2-18779-8SEA). See www.onlisareinsradar.com/archives/aftermath_election_2002/index.php for more stories. In short, voting machines are surrounded by a veil of secrecy and are the object of much suspicion.

Obviously this is outrageous. We have few choices other than to pay exorbitant fees to a disreputable corporation so they will modify the voting machine source code, or scrap the entire ES&S system which we have already paid for. A few things we can do to mitigate our losses:

* Lower the ES&S price tag on the IRV implementation. One possibility would be to demand a detailed estimate with cost breakdowns for the entire job, which can be taken apart piece by piece and shown to be overpriced despite our lack of inside knowledge of the source code.
* Join the chorus of voices dissenting against ES&S and electronic voting machines in general, calling for full disclosure, competitive bidding, open communication protocols, open source software, and manual recount capability. We might be eligible for federal funding via Prop. 41, assuming it passes. Obviously this is not a short-term solution.
* Try to limp through the first IRV election with hand counting or some other cobbled-together system.
* Blast ES&S and sue for access to the source code.
* Obtain a competitive bid from a rival voting machine company.
* Attempt a "hybrid" solution in which a new central vote tabulation machine is purchased and the precinct ballots are transported to City Hall for tabulation. This way only one machine is needed, or only one machine needs to be upgraded.