Wired this week reported this interesting story:

Premier Election Solutions, formerly Diebold, has patched a serious security weakness in its election tabulation software used in the majority of states, according to a lab that tested the new version and a federal commission that certified it.

The flaw in the tabulation software was discovered by Wired.com earlier this year, and involved the program’s auditing logs. The logs failed to record significant events occurring on a computer running the software, including the act of someone deleting votes during or after an election. The logs also failed to record who performed an action on the system, and listed some events with the wrong date and timestamps.

A new version of the software does record such events, and includes other security safeguards that would prevent the system from operating if the event log were somehow shut down, according to iBeta Quality Assurance, the Colorado testing lab that examined the software for the federal government.

I am continuously baffled as to why Direct Electronic Recording (DRE) machines aka electronic voting machines are permitted for use in elections.   Their track record is awful.   Read this nice Wikipedia summary of security issues regarding Diebold’s Premier Election Solutions’s machines.

If you’re really up for some reading, check out these reports that all clearly illustrate why electronic voting machines should not be used until overhauls can be made to these machines’ glaring security issues:

I guarantee you will be disgusted after reading those reports.   Manufacturers of these machines as well as the complicit federal government seem not to care that results of elections can be so easily hacked and stolen.

The idea of electronic voting machines is great.   We live in the digital age.   We live by digital devices every day, from cell phones, to computers, to ATMs.   Yet we can’t perfect a device that, if it fails, has the capacity to a) change the course of history, b) render the democratic process moot, and c) undermine citizenry trust of the entire system of government if indeed an election is hacked and stolen.

Perhaps I’m missing something, but the solution seems incredibly simple.   First, these machines should be built exactly to specifications defined by the Election Assistance Commission (EAC), established in 2002 by the Help America Vote Act after the infamous Florida recount debacle, and a team of voting and IT security experts.   Much like the Pentagon orders Boeing or Lockheed Martin to build fighter jets to exact specifications, the EAC should dictate how machines are designed and built and how they function.

Second, testing should be paid for by the EAC, not the manufacturers of the devices.   Currently, the devices are sent to private testing labs, and the manufacturers foot the bill.   Does this not seem like a potential conflict of interest to anyone else?

Third, they must, must, must have a verifiable paper trail.   You use an ATM, you get a receipt.   You pay a bill online, you get a receipt.   You use an electronic voting machine, you likely don’t get anything to verify what just happened.   In the event of irregularities, without a verifiable paper trail, there is no mechanism to check the results of the election, so what happened happened.   Period.   End of story.

The flagrant disregard for adequate premier security standards is a punch in the gut and a stab in the back to the democratic process by private corporations more interested in making money and a federal government more interested in looking the other way.   Progress is being made, but not nearly as quickly and as comprehensively as it should.