BatesLine

« 71st & Harvard: City attorneys look for loopholes | Main | The good old days at Tulsa Public Schools »

Are one-armed bandits more trustworthy than voting machines?

Jack Ganssle is an expert in embedded software -- the kind of software that runs not on a computer but as part of another device -- controlling your car's performance, your digital cable converter box, your pacemaker or hearing aid. He writes that the Federal Election Commission's standards aren't sufficient to guarantee that the software running in voting machines is trustworthy.

California's recall election will be tallied by a mix of voting machines, ranging from punched cards to the latest in high-tech wizardry. Anyone following the comp.risks forum knows of the furor over electronic voting machines.

They're junk.

That's a strong statement, but it applies to any product that does not fulfill its mission. In the case of voting, the only important feature is trust. And few computer scientists feel the devices deliver an accurate count.

Vendors claim their machines work correctly and are tamper-proof, citing the Federal Election Commission's standards. Well, check those standards out. Any computer jock with the faintest knowledge of building good code will be appalled.

Ganssle links to the FEC standard and delves into some technical detail, then proposes to replace the FEC standard with something more stringent and reliable:

The FEC's mandates are much too weak to eliminate miscounting machines. It's time for a different approach.

Let's get the mob involved.

Don Corleone would never tolerate gambling machines that might rip off the five families of New York. State lotteries and casinos won't tolerate rip-offs either. They know how to instill trust in their products, trust that though everyone loses, customers know by how much. Customers would flock to other casinos at the faintest hint of a cheating machine.

Outside contractors verify the integrity of all gaming machines, electronic or otherwise. They do this so thoroughly that granny hasn't a care in the world when she pulls the lever of the one-armed bandit.

One such outside auditor is Gaming Laboratories International (GLI). To certify a new device, or even a software upgrade, vendors send GLI all of the source code, all of the tools needed to build the code, maybe a development computer, and even an in-circuit emulator if that's how you debugged your code. Expensive? You bet. Accurate? It sure seems to be.

GLI tears the design apart, digs into the guts, finds back doors impossible to isolate via testing and ensures the customer will lose by exactly the amount specified. Tests check both functionality and threat resistance. Technicians zap every square inch of the gaming machine with a 27 KV prod - because cheaters often try to rip off the devices using ESD to confuse the electronics. GLI jimmies the coin box, and generally simulates all of the attacks observed by those hidden cameras in the casino's roof. That's regression testing of a whole new order. ...

Change the code -- even just one line -- and the whole process repeats. The FEC has no such requirement. ...

If a gaming auditor certified voting machines, elections wouldn't be so much of a, uh, crap-shoot.

Posted on October 6, 2003 1:08 AM |
Technorati Tags:
Categories: Politics

eXTReMe Tracker

About

This page contains a single entry from the blog posted on October 6, 2003 1:08 AM.

The previous post in this blog was 71st & Harvard: City attorneys look for loopholes.

The next post in this blog is The good old days at Tulsa Public Schools.

For the latest entries, visit the main page, which also has links to archives by month and by category.

Contact

E-mail: blog AT batesline DOT com

BlogAds

Blog Ad Swap

Support BatesLine

Show your appreciation and help fund hosting and research expenses:

BatesLine is PayPal Verified

Recent Posts

Search


Feeds

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type Publishing Platform 4.0