In message <3A623581(_dot_)761092EC(_at_)nma(_dot_)com>, Ed Gerck writes:
Handling bugs is the major problem IMO (looks like we also agree here)
after DDoS, privacy, security, integrity, etc are handled (which are
not a small task, either). But this might not be so hard after all. Yes,
an election is a mission-critical application but it is also a fixed
application
if you design it well with a database paradigm. The database changes
for every election (candidates, offices, etc.) but the software is the same
at each different stations (registration, voting, ballot box, tallying,
reporting, auditing, etc.).
Of course, the software isn't fixed, any more than any other package is
fixed. If nothing else, each election will have software that includes
the bug fixes and new features added since the last election.
The real model for electronic voting isn't Florida, though; it's New
Mexico. In Bernalillo County, which used optical mark ballots, the
scanner was misprogrammed -- it ignored straight-ticket votes. In this
case, once the problem was recognized, the fix was relatively easy --
they corrected the program and rescanned the ballots. If the voting had
been online, there would have been no physical ballots to rescan.
And, elections already use software -- even if you just use punch cards.
So, this is NOT a new problem either. In fact, it is worse today because
it all closed source software (in the good name of security).
Believe me, that software scares me, too... And open source, though a
help, is hardly a panacea; finding bugs is *hard*, and testing is not
at all adequate.
--Steve Bellovin, http:/www.research.att.com/~smb