I heard a fascinating story on my local public radio outlet this morning. It deals with local politics, but broaches topics with global implications. The story is entitled “Experts Say Electronic Voting Machines Aren’t Secure. So Travis County Is Designing Its Own.” The global implications come from the name of the initiative that Travis County Clerk Dana DeBeauvoir has been running for over a decade now. It’s called the Secure, Transparent, Auditable, and Reliable Voting System aka STAR-Vote. The voting part doesn’t really apply, but it’s clear that Windows needs STAR, too, as a kind of design perspective or philosophy. STAR is, in fact, a rubric for good software design in general.
So What About the Voting Machines?
Ms. DeBeauvoir has been working on this project since 2005, mostly in response to direct-recoding electronic voting machines, aka DREs. She observes that while county clerks in the US are responsible for handling elections, they don’t get to choose the equipment that is used to collect ballots. One unexpected fallout of the “hanging chads” that influenced the 2000 presidential election was a large-scale shift away from paper ballot machines to DREs. But where computers can be hacked, paper cannot — at least not after ballots are marked (or punched) — as long as the paper is handled securely and according to rules for the collection and preservation of legal evidence.
Bits, on the other hand, can be fiddled more or less at will (though the principles of evidence handling can also prevent tampering, they cannot prevent hacking while voting is underway if voting machines are connected to the Interent). Accommodating voters with disabilities (as the ADA requires in the US, and other legislation compels in Europe and elsewhere) means DREs of some kind are essential. So DeBeauvoir worked with security and computing experts to design systems that offer electronic access and controls but that ultimately produce a paper record for auditing and recording purposes. In fact, paper records can be linked to electronic votes, so that auditors can compare them and find any discrepancies between them. The STAR design supports sophisticated and secure open source software that’s backed up with an auditable paper trail.
Alas, though the design is complete, none of the companies that bid to build the machine wanted to write the software. That’s because it’s open source, and therefore publicly available and easy to modify. Apparently, the companies that build voting machines and the proprietary software that runs on them don’t want to open the software up in any way, shape or form. And so far, neither philanthropists nor governments (at any level) have shown themselves willing to fund this effort. That said, the US Election Assistance Commission is updating its Voluntary Voting System Guidelines, which define standards for voting machines. According to the story “many of the innovations from the STAR-Vote team are set to be included in those standards.”
What Does This Have to Do with Windows?
Windows is a huge proprietary effort. Its developers are likewise unwilling to open up the code completely to make it open source. But there is a move afoot to take elements of the environment and open those up. But really, what appeals to me about STAR is the notion of establishing security, transparency, auditability and reliability as the hallmarks of Windows design going forward. I’m not sure that Windows ever can or will be open source, nor am I sure we would want it to be, either. But those characteristics define a design philosophy that puts all four characteristics forward throughout the entire development lifecycle: from design, to implementation and test, into maintenance and ultimately, retirement or termination.
If my own experience with Windows is any guide, or the many issues and gotchas routinely reported for Windows 10 have any truth to them at all, there’s ample reason to rethink the basic principles around which the OS is designed and managed. STAR is as good a general rubric as any I’ve come across in some time. Windows may not be a voting machine per se, but it could certainly benefit from conscious attention to security, reliability, accountability and transparency (mixing up the acronym to reflect my perceived priorities among those characteristics).
Author: Ed Tittel
Ed Tittel is a 30-plus-year computer industry veteran. He’s a Princeton and multiple University of Texas graduate who’s worked in IT since 1981 when he started his first programming job. Over the past three decades he’s also worked as a manager, technical evangelist, consultant, trainer, and an expert witness. See his professional bio for all the details.