Criticism of electronic voting machines’ security is mounting
By Elizabeth Heichler
DECEMBER 12, 2003
As presidential primary season approaches, a debate is raging about electronic voting and IT professionals and computer scientists are among the loudest critics.
The issue has grown in urgency thanks to the Help America Vote Act of 2002, Congress' attempt to forestall a repeat of the infamous Florida election debacle of 2000. The bill, known as HAVA, makes as much as $3.8 billion in funding available to states in the short term for replacing older punch card and lever election equipment reforms that must be implemented by January 2006.
Manufacturers of the latest generation of electronic touch-screen voting devices, known as direct recording electronic (DRE) machines, are poised to reap the rewards of the spending spree. But controversy roils over whether DREs are secure and bug-free.
Incidents of electronic voting machine malfunctions have fueled the fire, as have thorough security reviews of DREs commissioned recently by election officials in various states. Those reviews have found high-risk vulnerabilities in the systems sold by Diebold Inc., Election Systems & Software Inc., Sequoia Voting Systems Inc. and Hart InterCivic Inc.
For its part, Hart viewed Compuware Corp.'s review of its system on behalf of the state of Ohio (download PDF) as a "very positive report," according to company Chairman David Hart. He said it will be easy to implement the changes called for.
Similarly, Sequoia spokesman Alfie Charles said that his company's system scored well in the same Ohio review and that Sequoia has made many of the recommended changes. "We'll do whatever officials require us to do," Charles said.
Neither Diebold nor Election Systems made representatives available for comment.
Meanwhile, six vendors those four plus Advanced Voting Solutions Inc. and Unilect Corp. this week responded to the controversy by banding together to form an organization called the Election Technology Council, which will address ethics and security practices, among other issues (see story).
"We came together because our environment has become chaotic," said Hart. "We need to be able to speak as an industry in a single voice on the areas being regulated. ... We want to be part of the debate and tell our industry's side of the story. There's a lot of misinformation."
Still, many IT professionals engaged in the issue are troubled by the limits of computer systems reliability.
Seattle software developer Erik Nilsson's experience writing database code in the historic 1994 South African election made him feel "like a small cog in an overwhelming and complex process," he said. Technologists have to gain an understanding of the difficulty of running elections if they are to contribute to solving software security and quality problems, he said, because "there aren't very many coders who understand elections and not very many elections people who understand code."
Nilsson, who chairs the Computer Professionals for Social Responsibility working group on voting, is scathing on the subject of poor software quality in DREs. The lack of improvements to computer security since he became involved with it in 1987 has led him to conclude that for the time being, paper that is, an audit trail outside of self-contained DRE computers is still needed for safe elections.
Brit Williams begs to differ. The computer science professor at Kennesaw State University in Georgia is often on the opposite side of the argument from e-voting skeptics, but even his opponents credit him with running, for the state of Georgia, what may be the most thorough voting machine inspection regime in the country. While Georgia's rigorous tests have discovered unreliable units before they could be used at the polls, Williams said he trusts the machines as far as is necessary within a total security framework.
"People are looking at the security of electronic voting machines from a purely technical point of view, but security is a combination of physical, legal and procedural measures," said Williams. He said a paper audit trail isn't needed and would introduce logistical problems.
David Dill, a computer science professor at Stanford University in Palo Alto, Calif., is a recent arrival to the electronic voting discussion: He said that prior to January 2003, he wasn't deeply involved in any policy debates. But about a year ago, "it occurred to me that people were buying these machines, and nobody was minding the store," Dill said.
In addition to working to rally other technologists to his point of view via a Web site, VerifiedVoting.org, Dill got involved locally, in Santa Clara County, when he heard about planned purchases of DREs. He credits that local controversy with raising the alert and leading to a recent victory for his group: Late last month, California's secretary of state issued a mandate calling for voter-verifiable paper systems to be added to all polling units statewide.
Ted Selker, an associate professor at MIT's Media Lab, professes to be "as worried as the next guy about security." But he maintains that verification can be provided without paper, and he has developed what he claims is a secure voting architecture that uses multiple redundant software components. Selker said IT professionals need to get involved locally, but he wants to broaden the conversation to include how technology can improve other parts of the electoral process, such as voter registration.
"In 2000, between 1 and 3 million votes were lost in registration database problems," he said. "It's the top place votes get lost, and we're not focused on this."
Heichler is editor in chief of the IDG News Service.