I emphasise that the views I express are my own. I am not a member of a political party or of any lobby group. I have developed these opinions from the materials I was able to retrieve from the Department.
A list has been circulated of some 40 questions that I would wish to have addressed. I will mention the various roles of the citizens of Ireland. The people own the Constitution and have set up these institutions through the Oireachtas. The Minister and his Department implement the legislation. On the ground, the returning officers and presiding officers in the polling stations conduct the elections formally and statutorily. That has been the case since the State was established. We are now about to move to a new set of equipment and software where the roles are extended to the hardware and software manufacturers. There are issues surrounding hardware. The software developer is of particular note where the statutory count rules are implemented. Then come the testers and reviewers and to some extent certifiers. As we will see, the certification process is a little weak.
I have noted these points in the material supplied, showing that the Constitution and the electoral Acts are formal. We have to abide by them. They produce statutory rules which originally were solely in the hands of the returning officers but which will now be in the hands of voting machinery which is designed according to a specification issued by the Department, principally called the Count Rules and Commentary, a single document. This has been modified as this development has gone on. The voting machine and software are developed by Nedap in Holland, and the IES count PC is, as I understand it, subject to Mr. Callan's comments that it might be different, a normal PC, running specialised software developed by Groenendaal. My concerns are: who owns these various roles and who is allowed to change them, and under what control? Who designs them, tests them and operates them? There are quite a few new roles defined here which I would like to illustrate. The names in yellow boxes on the document supplied are those of the various owners, as I understand it. The Department owns the Count Rules and Commentary.
Owning is an interesting concept. The machinery is owned in due course by the returning officer, but the design is owned by Nedap, as is the software in the case of the voting machine. It is surveyed and certified by Kema, TNO and PTB, two of which companies are in Holland, I think, and one in Germany. On the software side, the Groenendaal Bureau writes the software we are most concerned about here. It is tested in a black box manner by the Electoral Reform Society in the UK. It is code-reviewed, but not tested, by Nathean Technologies in Dublin. We therefore have four Dutch companies, one German, two UK companies and a single Irish company assisting us in implementing the statutory rules necessary to run elections in Ireland.
The issues I am most concerned with are the documentation and testing. In my request to the Department I sought the systems design specification for the counting system. That was my original request. It was all I focused on because I am familiar with counting. I like the counting process and I understand it very well. Part 19 of the Electoral Act 1992 is engraved in my mind because I have had need to argue it from time to time with returning officers and fellow agents. It will be implemented in software, something with which I am very familiar. I wanted to see the test plan and the design plan. The Department responded quite correctly that it did not have that documentation. It still has not got it, after five requests under the Freedom of Information Act, two internal reviews and one appeal to the Information Commissioner. The principal reason the Department has not got the essential documentation is that it has not got a contract with the provider, and therefore section 6(9) of the Freedom of Information Act, which would allow it to retrieve those records, is not operative. I have appealed this to the Information Commissioner and the appeal continues. I submitted the appeal on 22 April but a decision has not yet been given.
There are other technical issues involving this system, in particular the use of the Microsoft Access database to hold the votes. Nobody in his or her right mind uses Microsoft Access for a critical system, and I will show formal opinion from Microsoft to that effect. We are concerned about the integrity of the vote. This matter has exercised us all. How can we ensure that the vote is safe? Typically in modern systems, whether they are gambling, financial or voting systems, we should provide for the integrity of each record with a MAC - a message authentication code - such as is used universally in systems in Dublin for e-top up vouchers, ATM withdrawals and for national lottery wagering transactions.
I mentioned cosmic rays. These are an interesting natural phenomenon that cause errors in large populations of computers. It is a verifiable condition, well understood in the literature. The best example here is a Counting PC in Schaerbeek in Belgium, which on 18 May this year credited one candidate with more votes than on his party's list - an impossibility. The votes were counted next day and it was discovered that the candidate had 4,096 votes too many. This count was formally done by the manufacturers, the Ministry of the Interior and the president of the canton. The conclusion was that a cosmic ray had flipped a bit and caused the extra votes. Such things happen and we must take them into account. To be fair, the Nedap design has taken it into account very well, but there is no evidence that it has been taken into account in the counting system.
As power failures occur all the time, there is considerable evidence in the material I have looked at that power failures are beginning to exercise the technologists in the Department as to what happens between the moment the yellow vote button is pressed and one's voting preferences move through the machinery before landing in the memory. That takes a few hundred milli-seconds, and things happen as the power fails. It is a very interesting exercise to figure out where the ballot is during that process. We need the integrity of the machine to handle that.
Those are the major issues I am worried about. My professional concerns revolving around the development of the environment are that the software in use is being re-released every three weeks. We have had 40 releases since January of last year. The releases being tested by ERS are already out of date. I do not know which particular release Nathean has most recently reviewed. It last reviewed version No. 111 and the draft report for that was refused to me. I appealed the decision and the deciding officer said I could have it on 31 December 2003. I have not got it yet, so I am in a position of some ignorance. I will be delighted to stand corrected by the Department and its officials on my lack of knowledge. I am suffering from a severe lack of knowledge regarding this matter. Yesterday I spent three hours reviewing Department files and it seems from the information I read that ERS has not tested the European ballot module. There is no evidence that it has tested the European vote, a very large vote, with 400,000 or 500,000 votes in each count. That is a heavy-duty load on a PC. It may be more than the ERS testing system can handle. I do not know. There is no evidence.
Up to a couple of days ago, Dutch code and messages were still being produced by the system. That is a serious concern for the understanding that we might have of the Dutch code being written by Groenendaal.
There is a major concern about how the returning officers will run these complex systems. They will need IT support, and concern has been expressed about how the officers will do the work. They primarily work in county court houses and elsewhere around the country where the PCs are on LANs. They might put the software on the LANs and the software might leak. That and other matters are of concern to the Department but I cannot see the formal solution.
Mr. Callan referred to the most worrying issue. The continuous improvement that he suggests is not evident to me in that currently it has not yet been proven to work in the first instance, before any improvement. The timetable which Groenendaal had hoped to meet was that the software would be developed by the end of April for testing in May and June by ERS and reviewed by Nathean. That has not happened, however. It is still in test as of a couple of weeks ago. It may have finished in the past few days, but as of a couple of weeks ago, ERS was still testing it - six months afterwards. I do not like the fact that there is no formal Chinese wall between the developers and the testers. The representatives of the testers in the UK were sending change requests directly to the developers, who were implementing the changes and there is evidence in the files that the project manager in the Department of the Environment, Heritage and Local Government is attempting to corral these frequent changes so that he will have a stable position to offer to Nathean for its review. In other words, changes are happening willy-nilly.
My concern is whether or not this is a safe system. In my professional opinion it is not. The other query I have is: who decides whether it is or not? It is the committee's role to adjudicate on this as the representatives of the Oireachtas and then tell the Department of the Environment, Heritage and Local Government how formal procedures are to be put in place to do the testing and the checking. There is no evidence of any formality in the procedures. The question as to who decides our votes and who decides the system that will count our votes rests with the committee.