E-Voting Vendors, Foes Count Down To Election Day
By Michael Cohn InternetWeek 13 October 2004
Foes Recruiting Techies As Poll-Watchers
With accusations spreading about electronic voting susceptibility to tampering, watchdog groups are calling on computer experts to come to the polls not only to vote, but to watch others vote.
So far the Verified Voting Foundation (VVF) has recruited more than 1,300 volunteers for its TechWatch program. Prior to the election, volunteers will observe tests conducted by election officials to make sure the equipment is working correctly. On Election Day, watchers will be posted at the polls and filing web-based incident reports as necessary.
The Election Incident Reporting System is designed to allow volunteers to rapidly collect information about election irregularities, and instantly alert attorneys and technology professionals to potential problems.
"We have people familiar with the equipment go in, observe, and make comments if they can," said Will Doherty, the VVF's executive director. On Election Day, technologists will be assigned as poll watchers and poll workers. Others will be available for rapid deployment to polling places where problems are reported.
But e-voting security critic Avi Rubin said the poll-watching effort will likely be minimal help. "Getting more people involved in elections is a good idea, but having more poll workers doesn't impact how the machines work," said Rubin, professor of computer science and technical director of Johns Hopkins University's Information Security Institute, who has exposed vulnerabilities in e-voting systems.
Meghan McCormick, a spokeswoman for Elections Systems & Software, one of the leading vendors of electronic voting systems, said her company welcomes the scrutiny. "If people are interested in watching, we welcome their interest. We are confident we will perform well," she said.
But Alfie Charles, vice president of business development at e-voting vendor Sequoia Voting Systems, cautioned against trusting TechWatch watchers too much. "It will be very important for the public and the media in particular to analyze the reports that come from these observers. Some of them have a clear agenda with the technology and are going to the polling places hoping for a problem to report," he said.
The controversy around e-voting comes as large portions of the U.S. are relying on the technology, following the election fiasco of 2000 and the Help America Vote Act (HAVA) of 2002 passed by Congress in response. In the coming election, e-voting will account for about 29 percent of votes, or 45 million voters, according to consultants Election Data Services.
Critics argue that e-voting machines are susceptible to tampering. In particular, the lack of paper records makes it difficult to detect tampering, critics say.
"If the machine malfunctions, there's no way to recreate an election and there's often no way to tell that the machine has malfunctioned," said Cindy Cohn, legal director of cyber-rights activists the Electronic Frontier Foundation.
But Harris N. Miller, president of the Information Technology Association of America (ITAA) said having a paper trail will not make the machines more reliable. He points out that printers are more liable to break down than computers, and the machines can print out a vote-by-vote tally on paper anytime.
Miller also said e-voting critics have a misconception that votes will be lost if a glitch occurs. If a glitch occurs, machines would continue to store all votes counted before any glitch. The machines are thoroughly tested by national testing laboratories approved by the U.S. government, and most localities hire their own independent testers, he said.
Two independent testing labs, CIBER and SysTest Labs, are federally approved to test voting software, and another, Wyle Laboratories, tests voting hardware.
E-voting critics, however, claim that these companies are paid by the e-voting machine manufacturers, so they have more incentive to cover up problems. The U.S. Election Assistance Commission is charged with investigating any problems with the systems, but complained in a report in May that it is too underfunded to perform its job adequately.
Some of the most serious problems with electronic voting systems have been uncovered by BlackBoxVoting.org, a publicly funded consumer protection organization for elections. The group presented problems it found with Diebold Election Systems' GEMS (Global Election Management System) tabulating system at a press conference in Washington last month. Bev Harris, executive director of BlackBoxVoting.org, showed a video demonstrating how a chimpanzee could erase audit logs on a Diebold machine.
She also disclosed newly discovered vulnerabilities in the Diebold GEMS software that made it open to hacking with simple Visual Basic scripts that could skew vote counts, as well as the software's practice of maintaining two sets of data that often don't match and can be easily manipulated.
Diebold's AccuVote-TS machine and GEMS tabulating software have been the most controversial of the e-voting systems. The company has been found using software not certified by election officials, and has been accused of providing porous security features.
Last month California Attorney General Bill Lockyer took over a false-claims lawsuit filed by Bev Harris and others against Diebold. The suit charges that Diebold sold the state balloting equipment vulnerable to software glitches or hacking.
Diebold did not return calls for this story. But Sequoia's Charles, a Diebold competitor, said his company's technology, people, policies, and procedures all combine to ensure the security and reliability of his its systems. Malicious attacks are more difficult to attempt successfully on electronic systems than on paper systems, he said.
"The [Sequoia Systems] machines are standalone devices, not connected to the Internet in any way," he said. "They're programmed by counties that conduct logic and accuracy tests to make sure the machines tabulate the votes accurately. Voters cast their ballots and they're stored in multiple places on the machines. The cartridges are removed at the end of the night and physically transported to the county for tabulation. There are backup copies and five different ways to conduct recounts on our electronic systems."
Meghan McCormick of Elections Systems & Software, another Diebold competitor, defends her company's security procedures, too. "Some of the equipment from other vendors runs on the Windows operating system, but ours runs on a proprietary system," she said. "We think that allows more security. We have integrated safeguard features at every step of the process to ensure everything is secure. All of our equipment is tested by independent testing authorities and meets federal standards. It is a unique electronic ballot not open to wireless or wired systems. It's not open to the Internet so there is no way for someone to tamper with it."
Miller noted that more than 2 million votes were not counted in the 2000 elections because people over-voted by indicating more than one candidate on their ballots. "With electronic machines, that's virtually impossible," he said. "That alone will enfranchise millions of voters."
Some technology research firms remain unconvinced. "Security is historically defined as availability, confidentiality, and integrity," notes Richard Hunter, vice president and research director at Gartner. "At one point, source code for Diebold was found on an unsecured server and distributed worldwide. This violates the confidentiality side of security."
Secure backup procedures must be in place to ensure that the voting public can have confidence in the results, Hunter said. He recommends stringent, independently certified security and testing of the machines and election databases.
"This is a procedural and process issue," said Hunter. "It's nothing more stringent than has already been demanded of publicly traded companies under Sarbanes-Oxley. If a company can put procedures in place to count the money correctly, then public officials should too."