cont....
"WP: What kind of testing are these three main companies doing to ensure that the misplaced equals sign, the misplaced semi-colon, the misaligned machine, is not happening?
DD: I've tried to find out. What kind of testing that goes on in these companies is something we don't know. They won't tell us a thing about their code or what they do to test it.
BS: Even if we could see the code, that wouldn't be sufficient. Even if we could see the code, and even if we could convince ourselves that the code was correct, we still wouldn't know that it was the code that was running on election day.
DD: That is actually a much harder technical problem than most people would think. With current hardware, it is very difficult to make sure that the program running on the machine is the program we think is running on the machine.
There is a general theme of secrecy, which is frustrating to me. I understand some of the reasons for secrecy. It is frustrating to be because claims are made about these systems, how they are designed, how they work, that frankly I don't believe. In some cases, I don't believe it because the claims they are making are impossible. I am limited in my ability to refute these impossible claims because all the data is hidden behind a veil of secrecy.
What testing do the manufacturers do? Who the hell knows? Once it gets out of the manufacturers, we are reassured by everyone about the qualification process. There is something called the NASED Qualification Process. NASED is an organization called the National Organization of State Election Directors which has affiliated with it something called the Election Center, which I believe is a private organization. The Election Center oversees the NASED qualification process. There are Independent Testing Authorities, though their level of independence is unknown. There are three of them, called SYSTEST, CYBER and WYLE. The conventional wisdom about WYLE is that they deal with hardware and firmware. Some vendors have found out the hard way that they actually deal with all of the software that goes into the voting machine. They are the ones dealing with the software that I am most concerned about.
If you go to their web pages, it says, "If you'd like to know something about us, please go to hell" in the nicest possible way. They refer you to the Election Center, which will carefully explain to you that they scrutinize every line of code. When I was on the California Task Force dealing with all this, along with another computer scientist named David Jefferson, we wanted to know what these Independent Testing Authorities (ITA's) do. They were all invited. Everybody else on the Task Force, which included some election officials at both the state and local level, and a few people of various political affiliations, wanted to know what these Test Authorities do. So we invited them to speak to us.
SYSTEST came and spoke to us. It turns out that they are one of the small ones. They don't deal with the big stuff, and they don't deal with the software inside the voting machines. The other two, which are apparently very close, are CYBER and WYLE. They refused to come visit us. They were also too busy to join us in a phone conference. Finally, out of frustration, I wrote up ten or fifteen questions and sent it to them via the Secretary of State's office. They didn't feel like answering those questions, either.
These Test Authorities use the word 'Certified' as if it were some magical holy blessing. It's been 'Certified.' Well, what does that mean? We didn't get any answers. My friend David Jefferson has been involved in internet voting and some other election-related issues for a while now. A couple of years ago, he got the right passwords to call up WYLE and ask them what they do, and he got a description. The basic description, according to David, is that they bake the machines to see if they die. The drop them to see if they break.
And then what they do is run scripts over the computer program to check for bugs. A script is just another computer program to check for superficial things. There is no human involved. They don't want functions that are too long, and they don't want functions with multiple exit points. They say 'Modules,' but they are basically talking about chunks of code. It is basically nothing more than a style-checker, like running a spell-check. The problem with running a spell-check...
WP: ...is that you miss the homonyms.
DD: Right. The concept of running one of these style-checkers on a program is, at the end of the day, you know the functions are short and they don't have multiple exit points. You don't have any clue if they are doing the right thing at security holes or anywhere else. After this process, there are several other steps. There is something called an 'Acceptance Test.' When the machines get delivered to either the state or county government, they power them up and put them through the paces to make sure they work. Basically, they sign a form that says they got the thing and it's not busted. Before each election, and sometimes after each election, they have something called a Logic and Accuracy Test where, to one degree or another, they will try casting some votes on the machine to make sure they come out right. That's basically all there is to it.
As a computer scientist, I know that the worst problem that could happen is that you have someone at the company, such as a programmer who knows all the details of the code, or a mysteriously overqualified janitor, who could basically insert something malicious into the code. Given the fat that they are using the 'C' programming language, we know that such an act can be concealed. They wouldn't even have to change the program. They could just change some of the results of the program. Malicious code could be concealed in ways that are practically impossible to detect by any means, and certainly wouldn't be detectable given what we understand to be the detection and inspection process.
The computer scientist who oversees elections in Georgia told us yesterday that, by Black Box Testing, this logic and accuracy testing, he could catch any malicious code. It is completely ridiculous. If you go to the Microsoft Excel spreadsheet program, and go to row 2000, column 2000 and type a specific thing, you will get something like a flight simulator. The Microsoft programmers, even though it is a firing offense, can slip this stuff into the programming code so none of the testing people can discover it. They are called 'Easter Eggs.' If you type 'Easter Eggs' into a Google.com search, you'll get instructions on how to find all these things in Microsoft software programs.
Without even knowing very much about how these systems work, computer scientists know that you can put malicious code into a program, you can change the results of an election, and it can't be detected by inspection or testing. Period. " |
