Book review: Avi Rubin's tech memoir on Diebold, e-voting

Avi Rubin's Brave New Ballot fears for democracy

Few things in life, and even fewer things in computing, resolve to yes-or-no questions. Watching geeks contort themselves to explain their work in one-syllable answers, whether in courtrooms or on cable news channels, is an exercise in pain for the tech-savvy -- and it usually leaves the general public less informed than when they started.

That's reason enough to welcome Avi Rubin's Brave New Ballot (304pp., Morgan Road Books, $24.95), which covers the three years of research he's done on Diebold's controversial AccuVote e-voting machines. It gives a good researcher the chance to lay out what his research uncovered -- and why its implications for fair and free elections far exceed the current yes-no, Dem-GOP flaming.

Rubin previously had to contort quite a bit to get the message out, you see. Shortly after he joined Johns Hopkins' computer science department in 2003, he, Rice colleague Dan Wallach and grad students Adam Stubblefield and Tadayoshi Kohno took a few days to examine a copy of Diebold source code for the firm's Accuvote terminals, then in use for elections in 37 states across the nation.

The subsequent "Hopkins Report " (PDF format) described a world of hurt in that code: obvious kludges, flimsy cryptography choices, and random acts of foolishness. (A personal favorite, widely reported in the months after the report was released: The PINs [personal identification numbers] for every single administrator access card were set to the same digits, 1111.) Observers of the e-voting controversy know the subsequent arc of the story -- researcher analyzes code, researcher releases report, researcher gets rafts of flak from e-voting vendors, researcher ends up appearing on (seemingly) every newscast and congressional panel ever convened on the matter, with mixed results.

Rubin's wonderment at those mixed results will resonate with many techies through those 304 pages (with nary a line of code in sight), since his dismay at the growing politicization of the issue is likely to ring true with every geek who's found himself taken aback by ideological criticism of a "purely" technical project. Rubin's the first to admit that was naïve, and the reader senses his nearly frantic determination in Brave New Ballot to lift the discourse back up to a more purely technical conversation -- even while he emphasizes that these are issues every American ought to care about and (to some extent) understand, or at least to understand that they don't understand.

The tech description of the problems with e-voting are here, of course. A book's a great opportunity to get one's message out without the oversimplifications of the yes-and-no world, and Rubin does a fine job of detailing exactly why Diebold's approach to electronic voting raises harrowing security questions -- though the author would be the first to tell you that there's no substitute for reading the research yourself (and includes a fine three-page resource list to that effect). If you're not a little bit sick to your stomach after reading his descriptions of what's sloppy, substandard, or simply stupid in Diebold's implementation, you're probably just skimming for the gossip -- pardon me, the "human element."

That's in here, too -- both thumbnails of some of the rich cast of characters who have been involved with e-voting investigations and coverage to date, and Rubin's own experience with mudslinging, personal attacks, and stupid PR moves -- including, in one painful chapter, his own very public stumble over a board membership he held at software concern VoteHere. A great deal of Rubin's story has a curiously wide-eyed quality; if it were a movie, I'd call it Avi: Geek In The City.  (That'll do, prof -- that'll do.) Tech folk will find it easy to sympathize with his dismay over the increasingly partisan split over e-voting security, but surprised? A grown and educated man living in the DC area is surprised that something's become partisan fodder? You'll never hear me accuse the Geek-American community of an excess of political savvy, but Rubin's genuine, sincere fears for the health of the democracy have presumably matured past the oh-dear-me point. A little goes a long way.

Rubin says that he hadn't even heard of Diebold before getting a call in July 2003 about the code (which was at that point freely available on the Net). A lot of the non-tech readers he aims to reach with his story may be in the same boat, and that's where the story structure he chose works well. And though techies deeply immersed in the e-voting scene may have forgotten what a cast of characters have been involved in the story so far, relative civilians will appreciate Rubin's surprisingly deft descriptions of people in the fray. The Net's frontier days are over, sure, but it's still a lot wilder out there than the corporate spokespeople at firms such as those in the e-voting niche would have you believe.

His pleasantly self-deprecating tone works out when he lays out the tech details, too -- if you or someone you know doesn't know their DRE (direct recording electronic) voting machines from their optical scanners, or isn't clear on what programmers are looking at when they dig into source code, the going is easy here. He does work up a bit of mockery for some of Diebold's more egregious problems, but it feels both honest and non-personal.

His lack of venom for ancient adversaries is, in fact, a smart choice. This book could have been a diatribe, and it's not. Likewise, he sensibly keeps his reach equal to his grasp; you won't get a full picture of the e-voting landscape here, but it's a terrifically detailed guide to one of the swamps. You're apt to like Rubin after reading Brave New Ballot, and you'll trust both his tech acumen and his brave, grave conviction that e-voting security matters more than almost any issue currently affecting the democratic process.

Copyright © 2006 IDG Communications, Inc.

Shop Tech Products at Amazon