|
A US electronic voting system which sparked alarm in July when experts suggested it could subvert an election outcome, has been given the go-ahead.
Faulty software underpinning a touch-screen voting system used in past US elections has been revamped substantially and will be used by Maryland voters in the next US elections, says a report published by the Governor's Office of Maryland on Wednesday.
But the lead researcher on the original study showing that serious bugs in the software might allow one person to cast many votes, was sceptical.
Avi Rubin at Johns Hopkins University, maintains that by continuing to use the software - the Diebold AccuVote Touch Screen Voting System - American democracy remains jeopardized.
However, Shareese DeLeaver, a spokeswoman for the governor of Maryland, says: "We have reduced and eliminated many of the vulnerabilities previously associated with the Diebold machines."
Real vulnerabilities
The July study, published by computer scientists from Johns Hopkins University and Rice University, was based on leaked source code and showed how the Diebold touch-screen voting system could be misused. As well as enabling someone to cast more than one vote, the flaws could allow the transfer of votes from one candidate to another, they claimed.
In response to this study, Maryland's governor froze the state's planned purchase of $55.6 million worth of Diebold machines in August and ordered an independent security analysis of the software by Science Application International Corps (SAIC), an IT risk assessment firm in San Diego, California.
The SAIC report confirms that many of the security flaws found in the source code are real vulnerabilities and it attaches a "high risk of compromise" to the system as it stands.
Both the SAIC report and the official evaluation of its report stress that other flaws are not relevant because of the system of checks and balances that surround the implementation of the software during an election.
The report also stresses that some of the flaws were present only in the version of the source code seen by the computer scientists - not in the actual software.
"We are convinced that in the right environment these can be some of the most secure machines in the nation," says DeLeaver.
Risk of compromise
| |
| |
Subscribe to New Scientist for more news and features
|
| |
|
|
| |
|
|
| |
|
|
| |
|
|
| |
| |
For more related stories
search the print edition Archive
|
| |
| |
|
|
| |
|
|
| |
|
|
| |
|
|
| |
|
|
| |
|
|
| |
|
| |
The evaluation states that most of the worrying flaws have been corrected and includes plans to remedy the remaining ones in time for the next election.
Rubin says that the SAIC report is fair, but is worried about the evaluation. "What I am concerned about is that the plan of action released by the governor of Maryland does not seem to mesh with the report," he says.
"I wonder if they read the SAIC report. If you hire someone to do a study and they report a high risk of compromise, why in the world are you going to go ahead with the current system?" he asks.
Versions of Diebold voting systems are used by more than half the states in the US. In Georgia, the Diebold system is the only one available and was used in the election of their governor in 2002.
|
