April 2008
Buggy Voting Systems in New Jersey (4 April 2008)
An Outage from Managing P2P Traffic? (6 April 2008)
Ships Impounded in Cable Cut (8 April 2008)
Comcast Outage: Not P2P-Related (18 April 2008)
PayPal is Wrong About Unsafe Browsers (19 April 2008)
New Jersey Supreme Court Protects Internet Users' Privacy (22 April 2008)
The Fate of Old Hardcopy Journals (27 April 2008)

Buggy Voting Systems in New Jersey

4 April 2008

Ed Felten has posted two articles describing bugs in New Jersey’s electronic voting systems. Briefly, the total votes for all of the candidates add up to more than the number of votes the machines believe were cast. That such bugs exist should surprise no one. I’ve posted twice about why bugs are a bigger threat to elections than security issues. (To be sure, buggy code is likely to be insecure code. As Robert H. Morris once said in a talk, "If our code is buggy, what does that say about its security?")

Sequoia’s explanation — which, Felten points out, is inadequate — is not reassuring. Read the memo yourself; basically, though, they’re blaming operator error combined with dubious code choices. Even if their analysis is correct (and again, Felten points out why that seems implausible), it doesn’t excuse things. I very carefully titled this post "Buggy Voting Systems", not "Buggy Voting Machines". Everything — the machines, the poll workers, the process used, even the voters — work together. One component — the voters — is more or less fixed; the rest of the system has to be designed to produce the right result. Machines that produce impossible audit tapes in the presence of poll worker errors are simply broken. Errors should be detected and reported as such; they should not be accepted as excuses for machines that report more total votes cast than voters who cast ballots.