Yesterday, I pointed to a story from New Mexico Verified Voting about hacking Diebold machines with some simple tools in 4 minutes. To follow up on that I asked Davis County (Utah) Clerk Steve Rawlings about it. His reply was that in Utah voting booths aren't fully enclosed, so anyone walking by would see a voter trying to tamper with the machine.
This underscores the point that no voting machine by itself will be secure. You need to also wrap the machine in process and procedure. The overall system is what has to be evaluate. Still, information like that in the site I pointed to yesterday is important because it informs County Clerks and others what steps and measure they need in their process to create a secure system.
I think there are a few key points that elections officials need to keep in mind as they move to electronic voting machines:
- Transparency in creating and implementing the process is critical to establishing credibility. More importantly, transparency will aid the process by letting smart people point out flaws.
- Being defensive is counterproductive. Elections officials should welcome interaction from voting activists even if it's delivered in a condescending and mocking tone.
- Never think you're done or that your system is impenetrable. If computer security teaches us anything, it's that there is no such thing as compete or impenetrable security.
Voting activists would do well to deliver their message in a way that seems helpful rather than confrontational. Often the message is delivered in a way that assumes that people running elections are all crooked or stupid. That's just not productive.