The detail in the official report on our insecure, error-ridden electronic voting machines shows we must scrap them, writes Joe McCarthy.
The fiasco of electronic voting rumbles on. Last week the Commission on Electronic Voting issued its second report and the position is far worse than has been portrayed by Government spin-doctors.
The commission had very narrow terms of reference set by the Government which limited its examination to secrecy and accuracy of the system. This means that nobody has tested the system to prove fitness for purpose or value for money. The commission itself stressed that extensive and rigorous further testing was required. Despite these constraints, the report makes 41 recommendations for change to the system before it could be used at all. They criticise everything about the system - the hardware, the software and the procedures.
It is now time to call a halt to the waste of public money on this ill-conceived system.
The constitutional guarantee of secrecy which we enjoy in Ireland makes it impossible for any computer programmer to guarantee that the voter's choice has been recorded correctly. The logical solution to this dilemma is the same solution proposed by the Chartists and by Daniel O'Connell in the 19th century, namely the secret paper ballot. The voter uses paper and pencil in secrecy in the booth and then casts the paper ballot in public into the black box. Votes become anonymous at that point and can be counted in public without fear of intimidation.
This combination of secrecy and openness with the same tangible piece of paper can never be replicated by intangible electronics. The commission said that "since the chosen electronic system does not have [a paper ballot] it is not subject to any meaningful independent audit of its vote-recording function. Thus the paper system is superior in this respect".
It also said: "The voter has no way of verifying that what appears on the display is what is actually recorded electronically on the ballot module within the voting machine, transmitted to the count centre, loaded onto the count computers, and actually counted in the correct manner. This is because what is counted, the electronic vote, cannot physically be observed." This finding goes to the heart of the question of trust. Without an assurance that one's vote is safe, how could anybody trust this machine?
The commission's criticism of the counting software is scathing. The department entered into private negotiations with a Dutch supplier with an inadequate specification to modify the Dutch straight-past-the-post software to handle our multiple polls with our single transferable vote. The software was developed by a single individual in a home office environment in Holland and heavy reliance was placed on his knowledge and memory of the product.
Among the commission's findings were that the software was complex and the code was not well structured, had inconsistent behaviour and had no documentation. Software development was iterative and continuous with over 130 versions released for testing. Worst of all, the commission found that the code still contained counting errors.
Security for the system was found to be totally inadequate.
A naïve security breach is found at the login screen to the system where the help page gives the username as ADMINISTRATOR and the password as MASTER. Also stored in clear text on disk is the password "vergeten" for the vote database. Someone has a sense of humour because "vergeten" in Dutch means forgotten!
The commission found that unauthorised access to the system is easy. Data stored on ballot modules and on CDs was found to be accessible with moderate ease, is stored as clear text and is not cryptographically signed to prevent unauthorised alteration. Tests indicated that votes transmitted on CDs could be altered without detection and, remarkably, no special hardware would be required to carry out such an attack.
The only obstacle to hacking is the set of procedures implemented by officials and the report found that some of these were hopelessly weak.
The exposures detailed by the commission mean that a determined and well-funded attack on this system would be catastrophic.
There are 41 recommendations in the report. Some of these require going back to the drawing board:
• Modifications are recommended for some aspects of the hardware.
• Operational flaws require redesign of the voter interface on the voting machine.
• Extensive modification of the embedded C software is needed.
• The Election Management Software should be scrapped.
• An audit facility should be added.
• An option to cast a blank ballot should be provided.
• Improve the specification for the PC used for vote management.
• Rectify the many security vulnerabilities.
The costs associated with these changes have not been estimated.
When openly and full tested from end-to-end I believe that we will find the system to be completely unsuitable for purpose.
For example, a voter who chooses a candidate and then in error presses the "Cast Vote" button too soon cannot retrieve the situation, even if he or she wants to go on to select further preferences. The presiding officer cannot help. That person's vote has gone into the system as a single vote for one candidate.
In other countries this potential for voter error has been overcome by having the voter choose preferences in the privacy of the voting booth, but then emerging to press a "cast vote" button outside it. This would be more in keeping with our Constitution which requires secrecy when choosing who to vote for, and our laws which require the casting of the ballot to be a public act.
This modification has not been called for by the commission because it is outside their remit.
The two reports from the commission are a complete vindication of the professional concerns expressed by myself and other computer professionals including Margaret McGaley. The grassroots campaign conducted by an unconnected number of citizens shows how democracy can be defended. We were considerably helped by using the internet to exchange ideas, by the Freedom of Information Act (although the fees cost me € 4,050) and by the media. In the end public pressure forced the Government to listen to the plain people of Ireland.
The Government responded with ad-hominem attacks. Ministers and officials accused us of "nit-picking" and of trying to "show off how indispensable we were". Our professional body, the Irish Computer Society, was accused in the Dáil by the Minister, Martin Cullen, of being linked to the anti-globalisation movement and of not being experts in this field. Mr Cullen had to subsequently withdraw his remarks.
The Taoiseach last week claimed in the Dáil that "the machines have been validated beyond question by an international commission". He was wrong in two respects.
• The commission was Irish, not international.
• The validation of the machines by the commission was significantly qualified and raises more questions than were answered.
The real problem for electronic voting in this country is the lack of openness by the Government in dealing with the issue and the resulting public distrust.
The Government wasted €2 million and two years by asking the commission to address the wrong question but perhaps that was the intention - the debacle has been kicked into touch until after the next election. As always in politics it is essential to ask the right question.
We now know from materials released to me under the Freedom of Information Act that the pilots had some serious failures. The commission's findings are so stark that the result in 2002, where TDs were elected in three constituencies using the Nedap/Powervote machines, must now be questioned.
The appalling vista is that this incomplete and unproven system would have been foisted on the whole country in 2004.
The contract for this system was hopelessly weak. It did not preserve the public interest. Who should be held to account for this shocking waste of money?We needan independent statutory electoral commission which should conduct its business in public, as exists in Australia and Malta, where the single transferrable vote system is used.
Since the foundation of the State we have developed all the rules and expertise needed to conduct open and fair elections. We should scrap these electronic voting machines and stick to what we know and trust - paper and pencil.
Joe McCarthy is an independent consultant with over 30 years' experience in the computer business and 20 years' experience as an election agent. He has tallied at elections since 1987.