E-voting under scrutiny as federal compliance deadline looms
Associated Press 30 November 2005
Even in this election off-year, the potential perils of electronic voting systems are bedeviling state officials as a Jan. 1 deadline approaches for complying with standards for the machines' reliability.
Across the country, officials are trying multiple methods to ensure that touch-screen voting machines can record and count votes without falling prey to software bugs, hackers, malicious insiders or other ills that beset computers.
This isn't just theoretical problems in some states already have led to lost or miscounted votes.
One of the biggest concerns surrounding computerized ballots their frequent inability to produce a written receipt of a vote has been addressed or is being tackled in most states.
Still, an October report from the Government Accountability Office predicted that overall steps to improve electronic voting machines' reliability ``are unlikely to have a significant effect'' in next year's elections, partly because certification procedures remain a work in progress.
``There's not a lot of precedents in dealing with these electronic systems so people are slowly figuring out the best way to do this,'' said Thad Hall, a political scientist at the University of Utah and co-author of ``Point, Click, and Vote: The Future of Internet Voting.''
In North Carolina, officials were expected to announce Thursday which voting machine vendors meet new standards for election equipment. The toughened requirements which include placing the machines' software code in escrow for examination in case of a problem have already led one top supplier, Diebold Inc., to say it will withdraw from the state, where about 20 counties use Diebold voting machines.
Other states have similar rules, but Diebold argued that North Carolina's law was too broad. The company said that to comply, it would have to disclose proprietary code behind Microsoft Corp.'s Windows CE operating system, which is used in its machines.
While rival machine vendors say they can meet those standards, Diebold sought to be exempted, asking a judge to protect it from criminal prosecution if it didn't disclose the code. The judge, Wake County's Narley Cashwell, declined to issue such a blanket protection.
A different kind of showdown is brewing in California, where Secretary of State Bruce McPherson says he might force e-voting machine makers to prove their systems can withstand attacks from a hacker.
One such test on a Diebold system Diebold machines were blamed for voting disruptions in a 2004 California primary is expected to happen in the next few weeks.
The state has been negotiating details with Finnish security expert Harri Hursti, who uncovered severe flaws in a Diebold system used in Leon County, Fla. (He demonstrated how vote results could be changed, then made screens flash ``Are we having fun yet?'')
Similarly, elections officials in Franklin County, Ohio where older voting machines gave President Bush 3,893 extra votes in a preliminary count in 2004 recently asked a group of computer experts to test newly purchased touch-screen voting machines from Election Systems & Software Inc.
Such designated hack attempts might be a flawed approach, because a failure proves only that a particular hacker couldn't break into a machine under certain conditions in a fixed period. That's not the same as opening things up to a broader group of researchers, as software developers sometimes do. Many critics of touch-screen election computers argue that the software should be publicly examined to make sure vote tampering couldn't occur.
But McPherson spokeswoman Nghia Nguyen Demovic said the hacking test would be just one of many factors in deciding whether to approve the voting machines. McPherson has released a 10-point plan for certification efforts, including a software code escrow system.
All the scrutiny is likely to make California miss a Jan. 1 deadline set under the Help America Vote Act of 2002.
That law was aimed at phasing out the punch card ballots and other old-fashioned systems that proved so problematic in 2000. It requires states to improve disability access at polling places in addition to standardizing electronic voting systems.
Demovic said McPherson's office was confident there was enough time to properly examine voting machines before California's next elections, the primary on June 6.
A report by Election Data Services, a political consulting firm, for the U.S. Election Assistance Commission determined that 23 percent of American voters used electronic ballots in 2004, up from 12 percent in 2000.
Since then, largely because of warnings from computer security experts and grassroots activism, many states have began requiring the machines to produce paper receipts that voters can examine. At least 25 states have such rules in place and 14 more have requirements pending, according to the Verified Voting Foundation.
``There's a long way to go making our elections truly trustworthy in this country is a multifaceted problem,'' said David Dill, a Stanford University computer scientist and founder of the Verified Voting Foundation.
But he added that he expected a ``much better situation in 2006'' and noted that improving electronic vote methods has become ``a delightfully nonpartisan issue.''
Voting machine makers insist that their systems are reliable, and that critics have made too much out of isolated problems.
``Any time there's an issue that happens with a particular voting system, all vendors are painted with the same broad brush,'' said Michelle Shafer, a spokeswoman for Sequoia Voting Systems Inc. ``There are differences from product to product. You need to look at the track record of particular companies.''