image © Utah Count Votes
Advice from Utah Computer Scientists Re: Utah’s Voting Equipment Purchase
“Utah has been smart to wait and not jump into the purchase of new voting machines. Utah now has the opportunity to create a model voting system for all states to follow and provide economic opportunity and growth. If Utah amends its RFP for voting equipment, and follows the advice of its computer science community, then Utahns could create a new open source voting system to provide an easy-to-use interface for voters and print voter verified paper ballots that would be convenient for election officials to store and scan for recounts.”
Kathy Dopp, founder of Utah Count Votes and Summit County’s first Internet Service Provider in 1994, MS Mathematics, Univ. of Utah.
“In her book Safeware: System safety and computers, Prof. Nancy Leveson of MIT (then of the Univ of Washington) narrates the story of the Therac-25 radiation treatment machines. Its software was considered so trustworthy that they did away with mechanical safety interlock devices that were present in earlier models. The result was the tragic death and injury of many persons between 1985 and 1987.
I conduct research in the area of verification of software and hardware. My research career started at about the same time as the Therac incident. Seventeen years later, we have not made any significant progress towards totally eliminating bugs from complex software systems. As responsible scientists and engineers, it behooves us to provide the societally responsible recourse of a paper audit trail for e-voting machines.”
Ganesh Gopalakrishnan, Professor, School of Computing, Univ. of Utah
“We would never would execute a financial transaction without a paper record to verify its correctness because we've all found errors on bank statements, etc, that needed to be fixed. For the same reason, it would be terribly irresponsible to set up a voting system that had no paper backup. Voting is one of our most important rights in this democratic society. It's critical that this right not be compromised by a voting system that does not allow voter verification and independent recounts. Paper backup ballots are absolutely mandatory to insure the validity of our voting process.”
Prof. David Hanscom, School of Computing, University of Utah
“I teach and conduct research in operating systems, networks, and computer architecture. In addition, I was the Chief Scientist of a 150-person networking startup for its first three years, and currently serve on the Technical Advisory Boards of Katana Technology and Revivio, late-stage computer systems startups. As such, my comments on electronic voting systems are based on academic and industrial experience in developing and deploying hardware and software systems.
A fundamental tenet of hardware or software systems is that it is virtually impossible to eliminate all bugs and it is even harder to make them able to withstand intelligent, motivated attackers. Consider the billions of dollars that Microsoft has poured into making Windows, Internet Explorer, and Outlook secure, and then consider the seemingly endless stream of new viruses, worms, and other attacks that prey on these systems. Since building bulletproof systems is so difficult, engineers employ a "defense in depth" strategy: Design the most robust and secure system that you can, but assume it will fail and add mechanisms to mitigate the impact of failures. In the case of electronic voting systems, an unintentional bug or malicious attacker could change the outcome of an election. As such, I highly recommend that a paper audit trail, or other system that can be audited independent from the electronic vote, be mandated for all electronic voting machines. Along the same lines, I highly recommend that the amount of data that the systems be required to log securely for post-facto analysis, be greatly increased. Imagine the public outcry if a failure is detected and, due to lack of a secure independently verifiable audit trail, the election staff is forced to admit that they cannot determine with complete confidence the true outcome of the election!”
John Carter, Associate Professor, School of Computing, University of Utah
“There are three facets to secure system design: prevention, detection, and response. As citizens of a democracy, we must make efforts to insure that electronic voting systems adequately address all three facets. Paperless voting systems lack sufficient detection and response capabilities, and rely solely on the ability of the system to prevent attacks. Experience demonstrates that this is too high a risk to assume for critical electronic voting systems.”
Kent Seamons, Assistant Professor, BYU Director, Internet Security Research Lab
“We do not currently have the capacity to verify that an electronic voting machine is correctly implemented and that the resulting electronic ballots are accurately counted. A voter verifiable paper audit trail (VVPAT) could provide a simple and effective solution to both of these problems. Unfortunately, a VVPAT is not required by Utah's request for proposals.”
Michael Jones, PhD. Assistant Professor, BYU Director, Validation and Verification Laboratory. 8/7/2004