{Kind of starts to veer off-topic, as my posts on BBV usually do - I just don't know where to jump in and where to stop on BBV, it's so vast...}
In mathematics and computer programming, you don't "mitigate" or "reduce the risk" of errors.
You "eliminate" them and "prove" that they cannot occur.
There is a big difference between mathematics and computer programming and other fields of human endeavor in the humanities or even the sciences. In medicine or economics or government or cooking for example, sometimes the most you can indeed do is "mitigate" and "reduce the risk" of errors.
As we remember from doing proofs in geometry, or punching the keys on a calculator, the state of the art is quite different in mathematics and computer science. You don't "reduce the risk" of getting the wrong answer to an addition problem - you simply use the right algorithm.
We all know this, but we forget. When you punch something into a calculator, you aren't 99.999% sure the answer's right. Yeah, maybe you hit a wrong key - but if you hit the write keys, you get the right answers. 100% of the time. No doctor or central banker or politician or chef has the luxury of 100% control over their projects and plans - but the intuitive meanings of "virtual" and "digital" make us expect repeated executions of addition and multiplication - on paper or on a computer - to "work" every time - once the algorithm has been worked out and verified. (And then you can always "cast out nines" if you want to double-check.)
This higher standard is of course not very evident in a world up until now dominated by bug-ridden, "black box", proprietary software. Microsoft is releasing patches every week trying to keep up with the hackers exploiting all the "unforeseen" holes in their systems. "Mitigating" and "reducing risk" is what they do - but they aren't the state of the art.
I assure you, when the Department of Defense goes procuring software development, there are written policies in place prohibiting contracting with vendors using non-open-source languages lacking formal specification and verification tools - such as Microsoft.
Yes, that's right - mission-critical software systems procured by the US government are mathematically VERIFIED for correctness using an entirely different suite of languages and tools that what the commercial sector uses. DARPA - aside from all of convicted-felon Poindexter's shenanigans involving "Total Information Awareness" and the "Terror Futures Market" - DARPA has made great progress over the last few decades nurturing the development of these languages and tools. Just like it developed the Internet to take a licking but keep on ticking (using packet-switching, or replication of outgoing messages along redundant paths to the recipient), DARPA has funded computer languages which are in an entirely different cosmos from the buggy, hack able software products of commercial vendors.
These certifiers can blather on till the cows come home, but getting voting-system software that works every time isn't yet a managerial matter of making sure everyone talks to each other. We don't even have an algorithm yet, and they've got us debating over whether it's gonna be a touch-screen or an optical scanner. We haven't even made them recognize our RIGHT - under the Freedom of Information Act, really, unless addition is classified as a "munition" we're not allowed to view or export - our RIGHT to publicly craft and confirm the formulas and protocols which total our votes, like we publicly craft and confirm the formulas which total our taxes. It's the Cheney Energy Task Force all over again - we're not allowed to know who wanted to invade Iraq back in 2000, and we're not allowed to know how "they" total "our" votes. The slogan should be something like:
If you can't tally my vote, then you can't levy my tax.And we could also a page from the Republicans' handbook, on the most concrete (because most "virtual") issue ever handed to us:
ask for MORE. When they throw these ridiculous hand-wringing reports at us, about how they're going to really get on the ball and pay LOTS of attention to the software-writing and -certifying process, we could demand that we focus on REAL issues, like
(1) the software that SAIC going through so many hoops to write and certify doesn't attempt to conform to the specification of what real voting-software should do - an executable specification hasn't even been drafted or signed-off on;
(2) Why isn't there just a single "Manhattan" project to write up the vote-casting and -tallying software once and for all?
I know, I know, one step at the time - it does feel valid, or at least invigorating, to expose that Diebold doesn't know how to program databases or to debate whether SAIC really is trying to fix the broken process. It does move the debate ahead on a particular path.
Research & development in a partisan, corporate, non-academic environmentIt's hard to deal with a technical issue like voting software on so many fronts, where so many parties such as Diebold or SAIC are clearly or not-so-clearly malicious. I do hope that someday what will come of it is the only thing that would really work: either (a) a public voting-system specification effort which succeeds in formulating, in a few pages, an executable specification which can be MATHEMATICALLY proven to total votes in compliance with the letter and spirit of our laws - the same way the we are able to produce a form which MATHEMATICALLY totals our taxes, or (b) go back to throwing stones in diffent urns.
Yes there is more than just addition involved here - there are the aspects of privacy or secrecy and no ballot stuffing. Totalling or subtotalling is obviously a requirement of the system. But the current topology (involving transmission over a modem is NOT a requirement.
I'm a programmer, with a career in Access and an interest in social software and studies in formal specification and implementation of MATHEMATICALLY VERIFIABLE software systems. I've read up on a lot of the voting systems out there, and I'm not even convinced ANY of them works. In other words, I'm not sure a specification has been written yet which implements secure private vote-casting and -tallying - it's a deceptively simple yet kind of big topic (mostly because of the secrecy, no-ballot-box-stuffing, and no-vote-buying requirements, from what I've gathered so far).
Sometimes I think we should take a page from DARPA - if we're going to be stuck with doing this thing via software instead of via physical tokens. How did they make the Internet indestructible? How do we guarantee that Diebold's "copyrighted" memos won't disappear from the face of the earth? How do accountants make sure nobody's cooking the books?
ReplicationOne word:
replication. As I mentioned above, messages traveling between computers in the Internet get replicated and travel along multiple paths to their destination, where they are re-assembled. The Internet was designed this way to withstand war - somebody could take down a whole chunk of the Internet, and messages would keep chugging through whatever alternate pipes they could find. Neural networks (artificial ones, as well as natural ones like the brain) work this way too - nobody knows where the "program" resides, and you can knock out a chunk of the system and it keeps on running.
Social scientists are onto something when they favor local rather than global systems. Wolfram wrote that big book recently about a bunch of little rules being capable of generating all the complexity of the universe. In mathematics and living systems, decentralized, distributed systems (including replication and redundancy) have the best success.
We replicate stuff we don't want to lose - and we use double-entry bookkeeping, backed up by independent auditors, to make sure nobody's cooking the books. Multiple pairs of {partisan} eyeballs at every step of the way.
In a way, we're on the right track: Intuitively, many have learned that the battle cry is "paper trail"! A second copy. Even better - a physical one - because electrons and bits are invisible. Anyone can see that few things in this world survives very long intact if there's only one existent copy of it.
Fortunately, in the "digital" or "virtual" world, replication is the operation
par excellence.
High-level system specification versus "touch screens"Many classical, well-understood, fully-solved computer problems (such as the "dining philosopher" problem, or the "semaphore" problem) involve ideas about different parties competing with or keeping tabs on each other. The way these problems were solved initially was "heuristically" or via a "Gedankenexperiment": people just talked or wrote in English or whatever natural language or engaged in lots of "hand-waving" talking about this resource passing a message or a token to that resource and having such and such effect. Eventually, these descriptions were re-written in specification languages and finally implementation languages.
The crucial thing here was getting the "algorithm" right. You don't talk about whether you need passwords or whether you want to use a touch-screen or an optical reader or a punchcard at this early stage of the game - those choices are irrelevant during the overall "architectural" stage.
DU has come up with probably the most relevant "architectural" requirement: replication of the voter's original choice. The suggested number of replicas was just 1 in this case - but you remember in math that things do get more interesting when you go from 1 to N. Sometimes I have a hunch that the solution to this problem would be massive redundancy as in (a) holograms (where at any point in the hologram there's a full image) or (b) living organisms, where each cell contains a complete set of chromosome's codifying that individual's genome or (c) the Internet, where something exists on one machine and then suddenly it's all over the world - whether it be a Diebold memo or a Britney Spears song.
Imagine if every time someone popped a vote into a machine, ALL machines on some kind of net registered the vote at the speed of light - and then an additional layer of communication did an instant audit (some sort of "casting out nines" double-checking thing), making sure that all machines still match, and that the vote tally gradually went up one by one nationwide as each vote was cast. Too complicated you say?
Remember that trillions of dollars in currency are traded every couple of days in the world down to a hundredth of a penny, every ATM in the world knows you took out twenty lousy bucks (plus the buck-fifty service fee) within seconds after you did it, Echelon secretly listens to and filters billions of emails all over the world in real-time, and Sabre and Galileo spit out thousands of unique 6-character "record locators" for airline passengers all day long (and then, if you flew JetBlue or Delta, hands off the whole thing to a Pentagon subcontractor who illegally matches it up to your Social Security Number and credit rating) - and here we are parsing an SAIC memo talking about "mitigating" and "reducing risk" by resetting all the passwords in the manual.
Talk about shuffling the deck chairs on the Titanic!
Take a page from the Republicans' playbook:
Ask for more.
Demand:
(1) A "Manhattan" project using an executable specification language such as DARPA's 'Maude' to publicly specify a voting-casting and -tallying system (prefaced by a complete, high-level specification taking up just a few pages) mathematically proven to be in compliance with the letter and spirit of the Constitution, ie that it indeed computes vote totals correctly - the same way tax forms can be inspected by a person understanding arithmetic to confirm that they indeed compute taxes correctly;
(2) A publicly verified implementation of this open-source specification into open-source code running on open-source hardware;
(3) As a kicker, promote the free release and adoption of this code to any country which claims to be a democracy. In fact, the Manhattan project could be a UN project - there's plenty of programmers all of the world who can do this, and plenty of executable specification languages overseas (such as ELAN in Paris).
Yeah, I'm an idealist. But aren't we all - perhaps never moreso nowadays than when the topic is "software". Software is in a way our new religion - the {holy} ghost in the machine - it's the one thing the average person actually believes is perfectible. In the end, it might not be - it might just be the "most perfectible" thing we've found so far, or it might be a load of crap. But if we're going to have to use computers rather than physical media to tally our votes, then play on the public's tender belief in the perfection of the virtual world. Play on people's religion, like the Republicans do. This is not only the most important issue for us to run with - it may also, surprisingly, be the easiest issue for us to run with.
For more amplification and ranting in this idealistic vein, see also:
http://www.democraticunderground.com/discuss/duboard.php?az=show_topic&forum=104&topic_id=397859http://www.democraticunderground.com/discuss/duboard.php?az=show_topic&forum=104&topic_id=380511On spellcheck: The spellchecker recommended replacing "Poindexter's" with "Pinfeathers"!