Md. elections CIO offers e-voting assurances
BY Michael Hardy Federal Computer Week
Published on Oct. 7, 2004
As Election Day draws closer, Maryland officials are reassuring voters that the electronic voting machines that will be used in almost all of the state's polling places have been made secure.
At a luncheon held by the Association for Federal Information Resources Management, Pamela Woodside, chief information officer at the Maryland State Board of Elections, outlined the security measures that state officials have taken for the election.
Maryland was one of the early focal points of the controversy over so-called direct-recording electronic machines. Voters use a touch screen to cast votes, which are recorded electronically. Critics have charged that the machines should print out a paper record of the vote, which voters would verify and which could be used in a recount, if needed. When the information is only stored electronically, there is nothing to compare the electronic record to except other electronic records, which the machines also store internally, according to skeptics.
Maryland officials signed a contract last year to buy enough machines from Diebold Election Systems to disperse statewide, except in Baltimore, which already has an electronic system. Days after the contract was signed, a group of computer scientists including Aviel Rubin of Johns Hopkins University in Baltimore, published a paper citing security holes they had found in Diebold source code.
Their findings unnerved Maryland officials enough to put the Diebold contract on hold and commission a risk assessment, performed by Science Applications International Corp. Eventually, state officials went ahead with the purchase, but they implemented many of the security measures that SAIC officials and other analysts recommended, Woodside said.
For example, election officials put tamper tape over the keyhole that could allow access to each machine's memory card. Although the tape would not stop someone determined to gain access, it would show immediately that the machine had been compromised, she said.
Elections officials also changed the passwords for the machines. The machines come with a default identification code, which officials are supposed to change, but many neglect to, Woodside said. They also strengthened the encryption used for storing ballot images and transmitting unofficial totals across a point-to-point phone line. She emphasized that the results transmitted electronically are unofficial, and that they will be compared Nov. 3 to the tallies on the physical memory cards from the machines to make sure they match.
She defended the board against allegations that officials have not taken prudent measures, but said that not all officials are as alert. Her boss, elections supervisor Linda Lamone, often talks to officials from other states about security and gets blank stares, Woodside said.
"It's all brand-new for this community," she said.