E-voting companies store software in national library, but scientists remain concerned
RACHEL KONRAD
Associated Press 26 October 2004
SAN JOSE, Calif. - Addressing sharp criticism from computer scientists, the nation's largest voting machine companies are submitting millions of lines of code to the National Software Reference Library, potentially shedding light on the secret software used in elections.
But executives at the voting machine makers said Tuesday they would not submit their most valuable data - their proprietary source code. And they might not provide the library with copies of software patches, s and upgrades.
Computer scientists said the conciliatory gesture wouldn't help ensure the integrity of next week's presidential election, when as many as 29 million Americans will cast electronic ballots. Some researchers worry that hackers, software bugs, ill-trained poll workers or power outages could intentionally or accidentally erase or alter voting data.
"This is a step in the right direction," said Doug Jones, associate professor at the University of Iowa Department of Computer Science. "I just wish these steps had been taken earlier. I say hooray, but it's a long-term benefit with some pretty glaring caveats."
Executives from the largest equipment makers in the United States - Election Systems & Software, Sequoia Voting Systems, Diebold Election Systems and Hart InterCivic - announced Tuesday that they had already submitted many versions of the software that will be used to tally votes next week. The library, run by the National Institute of Standards and Technology, also holds proprietary code from Microsoft, Oracle and other technology giants.
Executives acted at the request of the U.S. Election Assistance Commission, a 1-year-old federal agency created through the Help America Vote Act.
EAC Chairman DeForest Soaries Jr. acknowledged that the data was far from complete. But he said the companies' ongoing submissions could eventually make election software more transparent to computer scientists, who want "open source" voting software that can be independently inspected.
"There's an old saying that the journey of 1,000 miles begins with a step," Soaries said. "We don't see this as the end-all of electronic voting security."
Scientists were pessimistic, noting that hackers could ballots on a particular machine without any worries that the library archives would foil them. No technology on the market today allows an election official to check software code that's already been installed and used on an individual voting machine and compare it to the software code stored in the library, noted library director Barbara Guttman.
Avi Rubin, technical director of the Information Security Institute of Johns Hopkins University, called the program "meaningless."
"At a high level, this plan sounds good," Rubin said. "It reminds me of when people take security measures simply for appearance's sake - to make you feel better. But it's not adding any real security."
The big vendors and a smaller company, Avante International Technology, said the archive now contains significant parts of the code to be used Nov. 2 in Florida, California, Georgia, Maryland, Delaware, New Mexico and Nevada. They also submitted vote-tallying software and other "election management" programs.
All the software in the library has been certified by independent testing authorities. Many states require such certification before running the programs in actual elections.
Mark Radke, a marketing director at Diebold, said data storage "should provide substantial assurance to the voting public that their vote is accurately and securely tabulated."
Companies submit data to the library on CD-ROMs, but the public cannot view the actual code. Instead, library technicians convert data into a mathematical algorithm known as a "hash" - the digital equivalent of a fingerprint.
Election supervisors can compare the hash on software they're about to install to the hash in the library. If the fingerprints don't match, they know the software is not the same one certified by an independent testing authority.
Earlier this year, California Secretary of State Kevin Shelley discovered that Diebold had installed uncertified software into voting machines before the March primary, prompting Shelley to ban some Diebold machines. The voluntary library project could make it easier for states to catch such problems - but only if supervisors check fingerprints, said Stanford University computer scientist David Dill.
"There ought to be a procedure where the software is double-checked, and if it doesn't match there ought to be an immediate forensic investigation and any anomaly immediately explained," Dill said.