SACRAMENTO, California - Premier Election Solutions (formerly Diebold Election Systems) admitted in a state hearing Tuesday that the audit logs produced by its tabulation software miss significant events, including the act of someone deleting votes on election day. The company acknowledged that the problem exists with every version of its tabulation software.
I'll leave it to you to read the rest of the article. So how is it that a system used to select representatives to the highest office was built to such low standards that critical functions (such as deleting votes) can escape being logged? You mean there's no provision to protect this data from unauthorized access? How can this be?
Well, basically, when you give someone a green light to do what they want with no recourse, that is what you get. A big-time security hole. An undetectable breach waiting to happen. These machines were built in the absence of any software model or review to ensure our votes are secure. There was no mandate to have the software reviewed by any external authority to see that it does what it's supposed to do.
How do you prevent such problems? That's easy: standards, inspection, and certification by outside bodies. A system like this arguably should have been required to adhere to standards and be evaluated by some inspection body to be sure that it really does what it's supposed to do, with security protection where needed. Since there never was any such requirement, the government got what it asked for: a breach, waiting to happen.
Not being a piece of military equipment, who or what standards could help this?
A system such as this could benefit immensely from a MILS-style secure software platform. MILS separation would prevent unauthorized users from even viewing voting logs let alone altering or deleting them without detection. Systems implemented with certified MILS OS's inherently keep data separated and safe. It's not the complete answer, the software would have to be designed correctly from the get-go, but if properly implemented the MILS paradigm could prevent casual users from accessing anything other than their own vote.
This is a great answer for smaller, non-real time systems. I expect to see a LOT of embedded non-real-time systems, and workstation systems, benefiting from MILS - financial terminals for banks and brokerages; medical information terminals for doctors, hospitals, and insurance companies; criminal records and DMV terminals in peace officer vehicles, and at the desk of the nice person who looks up your information when you go visiting military bases and secure installations.
But what about performance? Typical MILS platforms available today don't handle a lot of "security partitions" well, nor handle scheduling of those partitions (or their contents) well. Though it doesn't really affect your voting machine as much, you don't want your nuclear sub, satellite, or experimental manned or unmanned jet - to suffer from poor performance. Yet you still want that project to benefit from such high standards of inspection. What to do? Real Time OS's that can handle an arbitrary number of partitions (and their contents) with ease are not a "dime a dozen". Is there an answer to that?
Watch this space. Down there.. second from the end.. the light at the end of the tunnel.