Martin McKeay

Diebold says "They're poor researchers"

By Martin McKeay
September 15, 2006 9:51 AM EDT
Diebold has responded to the criticism aimed at it by researchers at Princeton by attacking their professionalism and testing methods.  That's great, Diebold, but how about answering some of the actual concerns raise, rather than telling us what the Princeton researchers did wrong? Professor Felten has a good reputation in general and is well-known in the security community. Attacking him and his students isn't likely to win any points.  It also makes you look foolish, since people like me will draw attention to the fact you haven't answered the real question: Why haven't the Diebold machines been designed securely?

I'm not going to take the time to take apart Diebold President Dave Byrd's rebuttal, especially since it's been done pretty well already.  I will however add a third item to my list of requirements I have concerning what it would take to make the Diebold machines acceptable for public use:  Neutral, third-party auditing of the software and hardware. Personally, I would consider the work Professor Felten and his students have done would qualify as neutral, but obviously, Diebold doesn't. They don't like the Black Box Voting results either, I'd guess. 

Diebold may be a private company, but the service they're providing is consumed by the voting public.  As such, saying "It's secure, trust us" is not an acceptable answer.  This is not a situation where security through obscurity is an acceptable answer.  Not only do the results of each election have to be verifiable but how we arrived at those results also needs to be verifiable.  Code verification has been one of the most asked for requirements since the first evoting machine was developed.  There are very few situations where the saying "trust, but verify" applies more than in voting.

Here's my final comment, and it's directed right at Dave Byrd:  Quit attacking the critics of your product and attack the basic problems your product has continually displayed.  Rather than attacking researchers and running off election officials who want your products verified, take the time to address the fundamental problems with your products.  Give us a paper trail, quit using WindowsCE, allow verification of your software.  Part of being in a democratic society is that the voting process needs to be transparent to anyone who's willing to take the time to look.  Until Diebold is willing to accept thattransparency , you're going to keep getting hammered by your critics and your products will never be acceptable.  It's only going to get worse unless Diebold changes their tactics.