Lots of questions, few clear answers on e-voting
By William Jackson
GCN Staff
Computer security experts and election officials debating the merits of paperless voting before a House committee today presented widely differing opinions about the security of electronic voting.
One area of agreement among witnesses before the Committee on House Administration was that absolute security is impossible and the standard that direct-recording electronic voting machines must meet is “secure enough.”
“It is possible to have secure-enough paperless machines,” said Tadayoshi Kohno, a computer security expert from the University of California at San Diego. “But we don’t have those machines today, and we can’t have them by November.”
Britain J. Williams, professor emeritus of computer science and IT at Kenesaw State University, disagreed. Williams has worked with the Georgia Election Division, which began using DRE machines in 2000.
“We don’t believe we are in imminent danger in Georgia,” he said. “A DRE voting system is one of the simplest computer applications you could imagine. It just adds by one.” More secure machines could be developed, he said, but “we have to deal in the short term with what we have on the shelf right now.”
DRE voting typically uses touch-screen computers to record votes rather than paper ballots. Such machines have been in use for 25 years, but following the Florida fiasco in the 2000 presidential election many states began replacing mechanical machines and paper ballots with DRE. The Help America Vote Act provided $650 million to states to fund the switch and requires certification of all hardware and software.
Committee members were as divided as witnesses over how to address voter concerns about the technology. Rep. John L. Mica (R-Fla.) said the problem was people, not the machines.
“Unfortunately, I think what we need is a more intelligent electorate,” he said. “I’m discouraged that we’ve spent a lot of money on a system that doesn’t work.”
Rep. Vernon J. Ehlers (R-Mich.) said not enough money had been spent. He expressed concern about the lack of funding for the National Institute of Standards and Technology to develop technical standards for electronic voting.
Michael I. Shamos, with the School of Computer Science at Carnegie Mellon University, agreed that the lack of technical standards is a problem. He supported electronic voting machines as superior to paper, but said not all machines were reliable.
“This country has no systematic process for pinpointing these machines and keeping them out of the polls,” Shamos said.
Williams said Georgia has a process for assuring the quality of its voting machines. Code is tested extensively and signed with a digital hash before being installed on machines, and the hash can be used to verify that code residing on a machine has not been changed. He said Georgia had a greater number of uncounted votes than Florida in the 2000 election, and that the undercount has been reduced by 80 percent with the introduction of DRE voting.
Avi Rubin, director of Johns Hopkins University’s Information Security Institute, said the difficulty of spotting bugs and malicious code in programs makes electronic voting too questionable to risk. His solution would be an electronic system that would produce a paper ballot that a voter would cast.
“I am not fundamentally against electronic voting,” Rubin said. “Right now I think computers are not ready for this responsibility.”
Witnesses agreed that despite concerns, with only 120 days before the election, many people would be voting on machines that could be unsecure. How to ensure the most accurate vote possible in November?
“Test, test, test and train, train, train,” Shamos said.