Dark Source: Public Trust and the Secret at the Heart of the New Voting Machines
This article was originally published in the book — Making Things Public: Atmospheres of Democracy in 2005.
Dark Source is an artwork that shows the inner workings of a commercial electronic voting machine, the Diebold AccuVote-TS™ touch-screen voting terminal that has recently been adopted in many U.S. states. This type of voting machine is called a “Direct Recording Electronic” machine, or DRE, which means that it records votes electronically in its memory, counts them, then transmits its vote totals to a central election management system (whose software, in this case, is also provided by Diebold).
The artwork presents over 2,000 pages of software code, a printout of 49,609 lines of C++ that constitute version 4.3.1 of the AccuVote-TS™ source code. A systematic study of this material could provide a comprehensive demonstration of the way votes are recorded, tabulated, stored, kept secure, and finally reported by this voting machine.
The system of owners of software encourages software owners to produce something — but not what society really needs. And it causes intangible ethical pollution that affects us all. — Richard Stallman
Calling its source code a trade secret, Diebold has asserted its proprietary interest in protecting its intellectual property. Therefore in Dark Source the code, which had been obtained freely over the internet following a 2002 security failure at Diebold, has been blacked out in its entirety in order to comply with trade secrecy laws.
What is on display, then, is not the forbidden source code, but rather the state of affairs in which we find ourselves today, one in which the critical infrastructure of democracy in the United States is becoming privately owned, and being private, is also being made secret.
What’s wrong with proprietary technology? Did it affect the 2004 elections?
Despite numerous reports of isolated problems, doomsday scenarios of widespread touch-screen voting machine breakdowns did not play out in the 2004 U.S. general elections, nor has any convincing evidence emerged that the recording or counting of electronic votes was manipulated.
Nevertheless, the lack of any independent audit trail for electronic votes and the secrecy imposed by the makers of the voting systems have created fertile soil for rumors to sprout and conspiracy theories to take root. A Google search for “electronic voting conspiracy theory” in December, 2004 yielded 144,000 hits, among them a post-election article in Slate that asked, “Is it possible that American exit polls weren’t wrong, but, rather, exposed that Kerry’s early afternoon advantages had been erased by a GOP-friendly hacker?”
Still, touch-screen voting systems really are better in many respects than the notorious punch-cards and butterfly-ballots they replace, and electronic voting really can be (at least potentially) a more efficient, more accurate, and more accessible tool for recording and counting votes. And yet private corporations have seized not only the opportunity to sell new and improved voting machines, but also to create wholly proprietary election systems. They have done so by exploiting specific symbols and associations that the public has with technologies they have come to trust, while at the same time rejecting the safeguards that have made those systems trustworthy.
We trust cash machines and gambling machines with our money, and we trust medical devices and autopilots with our safety, so why shouldn’t we also trust electronic voting machines with our ballots?
One of a handful of major manufacturers of election systems in the U.S., Diebold was founded in 1859 and made its name for many years selling safes and bank vaults. In the early 1970s, the corporation became a leader in the rapidly growing market for automatic teller machines (ATMs). Following the 2000 election debacle in Florida, Diebold acquired Global Election Systems; the company may well have surmised that the confidence it had earned from three decades in the ATM business would make it a trusted brand for voting machines as well.
In 2002, the company announced the launch of its AccuVote-TS™ system, proclaiming it “a robust voter-activated interactive touch-screen system that is hailed as the future of voting systems. Featuring an easy-to-operate touch-screen interface, it offers voters enhanced visibility and brightness.”
Instead of the “visibility and brightness” which is evident at the interior of a classic transparent ballot box, inside the AccuVote-TS™ there is only darkness. Every aspect of the machine’s inner workings is a proprietary trade secret.
This position represents a sharp break with the history of voting technology. From painted balls in clay jars of antiquity to glass ballot boxes of more recent centuries, voting systems have always maintained a self-evident simplicity; visible proof that the ballots were not being tampered with was always available to some degree. Mechanical lever machines appeared at the end of the 19th century, promoted (much like electronic voting systems) on the basis of their speed, accuracy, and efficiency. But the promotional materials for the lever machines also emphasized that, while modern and efficient, the mechanical vote-counting mechanisms were also self-evident in their operation.
Indeed, although in reality voters rarely see the machine’s innards, the lever machines can be unlocked by election officials who are required to inspect the wheels, gears and ratchets and to verify proper functioning at regular intervals. Crucially, it does not take an expert to identify malfunctions or to spot evidence of tampering.
These are simple mechanical devices, and what you see is what you get. Not so with electronic voting. As one author put it, “With computerized voting, the certified and sworn officials step aside and let technicians, and sometimes the county computer guy, tell us the election results.”
Upon reflection, any apparent similarities between voting machines and other trusted related technologies (ATM machines, gambling machines) quickly break down. Any bank customer can easily reconcile bank statements and ATM receipts and be satisfied that the machine is not stealing money. Gambling machines, which claim specific odds for each type of bet, are not as easy for the gambler to verify. In an editorial comparing Nevada’s gambling machines to electronic voting machines, the New York Times wrote:
The state has access to all gambling software. The Gaming Control Board has copies on file of every piece of gambling device software currently being used, and an archive going back years. It is illegal for casinos to use software not on file. Electronic voting machine makers, by contrast, say their software is a trade secret, and have resisted sharing it with the states that buy their machines.
Proprietary voting technology, subject to no meaningful standards of security, reliability, or accuracy, is inherently vulnerable not only to malicious tampering but also to inadvertent failure.
Public perceptions of technology can be influenced far more by emotional factors than by reason or information. Indeed, even when study after study has made it well known that popular sport utility vehicles are considerably more dangerous to drive than smaller passenger cars, the emotional iconography of big, heavy machines lures many into feeling safer in an SUV. So, too, after years of trouble-free experience with ATM machines, lottery kiosks, and other touch-screen appliances, we are susceptible to feeling secure that our vote will be counted after we punch it in to the touch-screen voting machine.
In fact, by many accounts, voters really like the comfortable, colorful, legible touch-screen machines, preferring them by far to the creaky, sharp-edged lever machines or to hard-to-read paper or punch-card ballots. The risk is that this false sense of familiarity and confidence will lull voters into accepting electronic voting machines without any intrinsic or legislated safeguards to ensure their integrity.
The Public Trust
In addition to the public’s trust (or mistrust) of technology, there is another kind of trust that comes into play here. The phrase “Public Trust” also refers to the doctrine, dating back to first century Rome, that natural resources such as air and water (and, more recently, the radio spectrum, culture, infrastructure, and basic scientific knowledge) are considered public property, a public trust to be shared and protected by all. Surely the very mechanisms of our democracy, the actual machinery that records and counts votes, should constitute part of that public trust. “What does society need?” asks Richard Stallman. “It needs information that is truly available to its citizens — for example, programs that people can read, fix, adapt, and improve, not just operate. But what software owners typically deliver is a black box that we can’t study or change.”
There are significant benefits to making public the software that runs our democracy.
One is the enhanced security obtained through massive public scrutiny, as memorably expressed in a phrase by Eric Raymond: “Given enough eyeballs, all bugs are shallow.”
The other is the intangible benefit that comes from a democratic system that is transparently trustworthy, one that earns confidence and not wary cynicism from its citizens. Of course a democracy only begins with its elections, and voting machines are only one link in a complex political chain.
But if proprietary voting systems from partisan corporations lead the citizenry to view elections themselves with suspicion, then public disaffection and disengagement from civic life may be a tragic result. Trade secrecy (the right to profit from the invention of a better touch-screen mousetrap) is the reason that manufacturers (and election commissions now heavily invested in their wares) cite in maintaining the private ownership and secrecy of the source code for our election systems. Ultimately, these narrow interests must not be allowed to hold sway over the vastly larger public interest in openness and transparency.
Election systems must be returned to the public’s control, and one essential step will be to lift the veil of secrecy that cloaks the software.
Voting machine companies have the iconography of reliable machines behind them, and so this artwork strives to produce a counter-iconography of secrecy that may also become associated with these machines. Touch screen voting machines are easy to use, and they are easy to like. Let’s not get too comfortable.
Thanks are due to Cindy Cohen, Sarah Gifford, Mark Hansen, Tom Keenan, Tom Levin, Luke Smith, Peter Zuspan, Dan Wallach, and the Electronic Frontier Foundation, all of whom provided indispensable help and guidance in the conception and realization of this artwork.