Some things just don’t pass muster. Today in Wisconsin, in Waukesha County, we have an incident that falls in this category. LINK
Waukesha – The County Board’s Executive Committee has ordered an audit of the county clerk’s election equipment and system beginning with the September primary despite several memos she sent to the committee over the weekend defending her practices and resisting the move.County Clerk Kathy Nickolaus has maintained that as the one in charge of elections, she is responsible for the security and operation of the system. However, other county officials say they worry about the integrity of the old equipment and the system she’s using and whether she has adequate backup.
Where this goes really bad is revealed in this clip on Maddow tonight. The Ed show also has a piece about this.
In the clip, Kathy Nickolaus refers to human error and not hitting the save button and further that she is using an Access database for this. There is so much wrong with this I don’t know where to begin.
As a user and programmer of Access for over twenty years nobody would ever use it in the manner portrayed here. It just isn’t secure and provides no audit trail for record keeping purposes. Access itself can be programmed as a front end for an SQL Server databse or other ODBC data structure securely stored on a server. That is the normal mode of usage for this purpose. It provides strong security and an audit trail.
Secondly, Access has never, in all it’s versions over the years needed a user to press a save button. When entering data in a form or a tabular view, the record that has the focus, if it is changed, upon navigation to the next record, the one previous is automatically saved. If you close the DB, whatever record you are on is committed to the table where that record is stored. There is a save button but it is redundant to the notion of saving a record. The manner in which this has been portrayed by Ms. Nikolaus clearly states to an informed person that she has no clue of what she is talking about. What she has said here leaves all manner of questions. I would so love to be able to examine just how this system is configued and inspect the data.
For instance, in the table holding the data, each record has a unique ID. For every record ever entered this ID will be sequential. If you wanted to assure the table has never been manipulated all you’d have to do is look at the record sequence. There must not be any missing record ID’s. If there are ten records then there must be an ID for each record numbered 1-10. If some are missing (deleted records) then you’d see an interruption in the sequence and have to ask what happened to the missing numbered record. Why was it deleted? More commonly there would be a record entry reversing a previous entry for audit purposes. You see this concept on a credit card bill where a charge is entered once as a debit and then, if a charge is reversed, it is entered again as a credit. This is part of the audit process where you can know every action performed and its purpose. Simply deleting records destroys the possibility of an audit. You should never be able to go back in time and modify a previous entry. You should only be able to make a new entry which effectively reverses the action of a previous entry. In an SQL data structure, this audit process is far more comprehensive. An SQL server, if so configured, records every person who connects to the database and records every action on every record performed by that person for that connected session. In the interest of data integrity, in my view, this is a minimum for assuring the data hasn’t been compromised and is 100% auditable. Even then, this assumes a DB administrator who knows what they’re doing and who is intent upon mischief hasn’t gotten in there and modified something.
In any case, what we see here is seriously unacceptable. No other assessment is possible. If what we see here is any indication of how municipalities perform these operations we’re in really deep trouble. At the very least, we have some major idiots running this stuff who should never be allowed near a computer or be allowed to make decisions of how public computer systems are provisioned.