Addendum from Tom

I think Bob is correct to be cautiously skeptical about both the stories he posts below. Both of these were making the rounds yesterday, and must have showed up in my own inbox at least a dozen times each. I was going to hold off on posting them because I don’t really have enough information to pass judgment on either, at this point — but since they’re up now, just keep in mind: unreliable information has, in the past, occasionally been forwarded around the net. Not often, of course, but you know — on rare occasions.

Update from a reader:

Don’t know how accurate the overall (election fraud) story is.

But one thing caught my attention:

This system is using *Access* as it’s database?

I do this sort of thing for a living. No one who is serious about creating a secure, reliable system would use Access as the database. Access was designed for single use systems. Microsoft does recommend it for sharing data between small groups of people. But basically even on that level it is not really reliable or secure. The point is that if whoever is in charge at the precinct level wants to engage in deliberate fraud (say by giving a smart high school kid access to the server on which database sits) stuff could be done at the database level without ever touching the program. (Even if the company is using decent encryption, there is probably script kiddie stuff out there on the net to beat it. And if they are using their own custom encryption, or the built in Access encryption, well I guarantee it can be beaten.)

In addition to fraud, Access is vulnerable to accident. Access databases (especially shared ones) tend to go bad very easily. And the logging (commit-rollback) capabilities are a joke. If you should have a power surge during a transaction, the odds are that it is restore from backup time – because you are not going to be able to rollback, and the odds are your dabase will be contaminated. (So if the power flickers during voting – you may well lose all votes cast prior to the surge. At the very least you won’t know which votes you lsot.)

I also wonder if the multiple ledgers are an attempt to get around this. The problem is , if they are all in the same database you gain no security (against accidental damage). And if they are in seperate databases but on the same server then it is not that unlikely that all three would be damaged by the same surge or flicker or brownout. And I can’t imagine having two servers per voting location.

The point is that access was not really designed for mission critical applications. Microsoft may sometimes market it as such – but it is not secure against either deliberate fraud or acccidental damage.