April 10, 2008 2:02 PM PDT

Expert says flawed e-voting systems need constant audits

by Elinor Mills
  • Font size
  • Print
  • 3 comments

Elections departments around the country have spent millions on electronic voting systems that are flawed and officials aren't about to throw them out and start all over. The only solution is to conduct audits to verify the count after every election, a researcher and expert on electronic voting said at RSA 2008 on Thursday.

David Wagner, computer science professor at University of California, Berkeley, led a state of California-commissioned study last year of the three major electronic voting systems. The study found serious vulnerabilities in each system that would allow someone with access to just one of the machines to spread a virus that would infect all the other machines in the system and essentially control the outcome, he said in a panel discussion electronic voting.

The systems have architectural weaknesses, implementation flaws, and defects, similar to problems in commercial software that isn't designed with security in mind, according to Wagner.

"This puts our election officials in a terrible position," he said, adding that officials are stuck using the machines. As a result, audits are the only solution.

The audits should be public and they should be done automatically, as they are in California, which requires a paper trail, Wagner said. He praised the California audit methodology in which paper ballots are manually counted in a random sample of precincts.

Other researchers are coming to similar conclusions. At a conference in February, Princeton graduate student J. Alex Halderman suggested using machine-assisted auditing. And Ronald Rivest, professor of electrical engineering and computer science at MIT, said during a cryptographer's panel on Tuesday at RSA 2008 that voting systems should not depend on the software to capture the vote, but use paper or some other means.

The problem is, not every state that uses electronic voting equipment has a paper trail and many states don't do audits, even if they have paper ballots to count, Wagner said.

Hugh Thompson, chief security strategist at corporate security training firm People Security, who has researched flaws in e-voting systems, was pessimistic about whether audits will be widely adopted any time soon.

"If an election is close, in a lot of cases an audit, even if you have a paper trail, isn't conducted," he said. "In Florida, the election officials told us at the time that (in the event) they were suspicious, they didn't have authority to institute a recount."

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Security

Tags:

security,

electronic voting,

RSA 2008

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Nvidia puts NForce chipset development on hold
Opera 10 browser is here
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Related
Obama's open-government director opens up
Using Facebook and Twitter safely
U.S. cap and trade looks out of reach in 2010
Yahoo adds privacy tool, in time for FTC meetings
What's next for social gaming on the iPhone?
Rank your favorite songs with Rank'em
Iran Internet access down pre-protests, report says
Charting a course from virtual reality to the White House
Add a Comment (Log in or register) (3 Comments)
  • prev
  • 1
  • next
Absolutely right
by Leria April 10, 2008 11:46 PM PDT
This man is absolutely right. The e-voting systems that we have now need to be STRICTLY monitored and also to have a paper record of your vote that is given to you and another copy that the election officials keep in order to randomly audit the election.

We also need to make the code of these things public, so that people can point out deficiencies and attack vectors in the code, so those can be fixed.
Reply to this comment
by cassiechanting May 20, 2008 10:07 AM PDT
When are we going to feel safe? When can we make sure that our vote will count? Those questions and more trouble me. Your article reminds me of this exciting book I recently read on this very subject. Cassandra Chanting. The author is anonymous. But is sure smacks of what we see here!
Reply to this comment
by sfpearce August 7, 2008 9:19 PM PDT
Here is a short video about the recent successful display of open source voting software from the 2008 Linux-World convention:

http://www.youtube.com/watch?v=4E2eTg_LQ4E
Reply to this comment
(3 Comments)
  • prev
  • 1
  • next
advertisement

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET