Q: What if the computer loses power during voting?
A: Restore power, then restart with a fresh diskette.
(The original diskette retains previously-cast votes.)
______________________________________________________________________
Q: What if the computer fails during voting?
A: Get another computer and start a fresh diskette.
(The original diskette retains previously-cast votes.)
______________________________________________________________________
Q: Couldn't the computer fail in a way to lose votes?
A: Yes. It could be hit in the diskette drive by a meteorite or
stray bullet. That's a facetious answer, but failures that would
make voting data unrecoverable are only slightly more likely.
Vote totals are kept in three separate files, and each time one is
updated it is checked against the previous one to assure that the
changes are appropriate. Since all data files are plain ASCII,
data should be recoverable even if some weird drive failure wiped
out the FAT (the file directory).
______________________________________________________________________
Q: Couldn't really skilled hackers interfere with SAVIOC voting?
A: No. Hackers must be able to connect to the computer.
Computers running the SAVIOC voting program are not connected to
any network, so hackers can't reach them.
______________________________________________________________________
Q: Couldn't somebody modify the computer itself to affect voting?
A: Possibly, but this type of attack probably is more difficult with
SAVIOC than with any other type of voting technology because SAVIOC is
more transparent than any other voting technology. If it is even
possible to make a computer appear to run the real SAVIOC software
normally (avoiding all the internal checks), yet save
bogus results, it would require replacing the BIOS in the computer.
Not only does this require physical access to the computer, it requires
knowing ahead of time which types of old computers will be used.
(The BIOS is different for different machines, and an incorrect BIOS
version can make the computer unusable.)
To make malicious modification even more difficult, the BIOS itself can
be copied to a diskette, and then verified using a hash code program
on some trusted computer, just as the SAVIOC diskette can be verified.
______________________________________________________________________
Q: Does it require an extra-large computer screen for older people to
read?
A: No. SAVIOC uses 25 lines of 80 characters each. In ordinary
12-point monospaced typing, that's only 4"x8", a mere 9" diagonal!
(Newspaper print is even smaller, typically about 10-point type.)
The smallest notebook computers probably have 12-inch-diagonal
screens, corresponding to 16-point type. Many laptops and most
desktop computers have screens with at least a 16-inch-diagonal,
equivalent to 21-point type.
______________________________________________________________________
Q: How can voting computers be protected against power loss?
A: That depends on the duration of the power loss, and how much you
want to spend for "insurance".
Many computer power supplies these days can survive the most
common power glitch -- a fraction-of-a-second burp that makes the
lights flicker, and may reset the clock on a microwave.
An "uninterruptable power supply" (UPS), available for less
than $50, could keep the computer running during an outage of
several minutes. Larger and more expensive units could supply
power for hours.
For maximum immunity to power outage, use a laptop computer.
The internal battery typically is good for a few hours, and the
low power consumption means that an inexpensive UPS could keep it
running all day. With a laptop, however, extra shielding is
necessary to assure that voters cannot easily turn it off or
remove the diskette. In addition, system settings must be such
that it does not blank the screen or go into shutdown mode when
left unused for a while.
A portable generator also is an option. It could be
transported to any precinct to compensate for a local outage.
(Particularly if the precinct has UPS coverage for the time
necessary to get the generator set up.)
Yet another possibility is an inverter, hooked to a vehicle
battery. Inverters capable of delivering 375W are available
for less than $50. 750W inverters can be found for less than $100.
______________________________________________________________________
Q: SAVIOC protocol says to make multiple copies of the final diskette
available to the press and others right after the polls close, but
would this not exaggerate the problem of declaring a contest over
long before Hawaii and Alaska have finished voting?
A: Yes. If the media will not behave responsibly, diskettes still
should be copied immediately, but then should be placed in police
evidence bags or protected in some other clearly tamper-proof way,
and distributed later. Before that, however, SAVerify should be
used to generate a "fingerprint" (hash code) of the diskettes. That
fingerprint CAN and SHOULD be distributed immediately as proof against
tampering.
______________________________________________________________________
Q: Isn't it possible for someone to interrupt the startup process,
modify something, and then continue with a corrupted but apparently
normal voting process?
A: Possible, but very unlikely and easily prevented. It is very
unlikely because the extensive checks done within the program are
likely to detect any modifications. It also is easily prevented by
having people with opposing interests monitor the startup process
carefully to assure that nothing "unusual" happens.
______________________________________________________________________
Q: Isn't it possible for someone to substitute a "special" diskette
for a valid voting diskette?
A: Yes. That's why proper procedures are so important. The diskettes
distributed publicly before and after voting must be clearly no
different from the actual voting diskette. Poll watchers must
allow no opportunity for someone to switch diskettes.
______________________________________________________________________
Q: Isn't it difficult for people with no computer experience to use
this system?
A: No. It is possible to vote using only three clearly-marked keys
(except when adding a write-in name). Fear of computers is the
real problem, and that is easily overcome by having practice
voting systems readily available. After completing one practice
session, computer-phobic voters often comment, "That was fun!"
In one demo at a retirement community, volunteers who literally had
never touched a computer before were instructing others after one
or two practice ballots.
______________________________________________________________________
Q: Since the SAVIOC software is downloadable from the web, couldn't
a hacker substitute a malicious program for the original and
affect all users nationwide?
A: Yes, but No. A hacker might be able to substitute a different
program for a brief time; however, regular checking of the
downloaded version would detect any such substitution and correct
it. Not every voting locale would download it at the same time,
so only a few would ever get the bad version. E-mails to all
licensed users would alert them to the problem, so they could then
get the correct version. Furthermore, if jurisdictions make it a
point to download twice, at times days or weeks apart, any
discrepancy would alert them to try again. The SAVerify program
on the web site provides yet another way to detect substitutions.
It permits verification that can be ultra-secure.
______________________________________________________________________
Q: SAVIOC includes lots of internal checks, and even offers a "hashing
algorithm" to check that files have not been modified. Doesn't all
this guarantee that there has been no tampering?
A: No. No system can completely verify itself. Would you believe every
person who says, "I'm sober." or "I'm honest." or "I'm sane."? If
anyone claims to be drunk or dishonest or insane, it's best to believe
that claim. If any of the checks provided by SAVIOC indicates
a problem, it's certain that there is a problem (whether or not it would
affect the election). The absence of error indications does not
guarantee the absence of tampering. Human vigilance is essential.
(See the manual that is part of the download.) SAVIOC does not claim
impenetrable security; it just claims to be more secure and trustworthy
than any other system.
______________________________________________________________________
Do you have other questions?
Jump directly to any page:
The SAVIOC home page is www.savioc.com