October 6, 2005 4:00 AM PDT
E-voting hobbled by security concerns
- Related Stories
E-voting report could push audit trailsOctober 4, 2005
Bill proposes e-voting paper trailFebruary 10, 2005
Standards aim to secure e-voting systemsJanuary 31, 2005
E-voting faces new scrutinyNovember 24, 2004
More e-voting glitches surfaceNovember 5, 2004
Feds want e-voting source code disclosedJune 8, 2004
High hopes for unscrambling the voteJune 8, 2004
(continued from previous page)
James Baker III. It states that a voter-verifiable paper audit trail will "increase citizens' confidence that their vote will be counted accurately," permit a recount, should one prove necessary, and allow a random selection of electronic voting machines to be tested for accuracy.
E-voting reformers divided
Complicating the move toward voter-verified receipts is a fierce internal debate between activists and computer scientists about how useful the receipts will prove in detecting election fraud.
"What I'm very much against is a requirement that all voting machines should have to have a paper trail," said Michael Shamos, a computer science professor at Carnegie Mellon University who has been the official examiner of electronic voting systems for Pennsylvania. He says the products with the necessary features aren't on the market yet.
"On a superficial, intuitive level, it sounds like a really appealing idea, and the proponents use some very persuasive arguments, usually along the nature of, 'You get a receipt when you go to the ATM, you get a receipt when you go to the grocery store, why can't we give you a receipt when you vote?'" Shamos said.
Shamos' counterarguments go something like this: Mandating paper trails will halt experimentation with better techniques, paper records have a long history of tampering by both major parties, and paper trails that record voters' choices on one long strip of paper will invade privacy because they show who voted first and last.
His last point--that long strip of paper--will be discussed at the NIST workshop Friday. A paper (Click for PDF) by John Wack of NIST notes that "this attack could be used to enforce vote selling,or simply to invade the privacy of voters and determine how particular individuals voted."
Michael Alvarez, co-director of the Caltech-MIT Voting Technology Project, says he's not opposed to the use of paper for purposes of voter verification. However, he adds, "we also have strongly argued that the legislation that moves in this direction ought to be open for the new technologies and shouldn't preclude the use of these other types of approaches."
That sort of nuanced argument tends to fall on deaf ears in state government. Ohio's law, for instance, calls for "a physical paper printout on which the voter's ballot choices, as registered by a direct recording electronic voting machine, are recorded."
Such a law, depending on how it's interpreted, could preclude innovative, cryptographically secure products such as two that are being developed by legendary inventor David Chaum and mathematician Andrew Neff that generate encrypted receipts for vote verification.
Next steps in the states
Manufacturers of electronic voting machines are racing to meet the different verified-voting deadlines and requirements set by state governments.
"What we have complies with proposed federal guidelines for 2005 and has already been approved by different states. Probably the most stringent is California, and we've already been certified by California," said Alfie Charles, a spokesperson for Sequoia Voting Systems. Sequoia's VeriVote printer was used in Nevada in the 2004 election.
All but one of Maryland's 24 counties use Diebold machines, first tested in the 2002 gubernatorial election, without voter-verifiable audit trails. After some Diebold source code leaked to the Internet, a group of computer scientists, including Maryland resident Avi Rubin, analyzed the software and concluded in a 2003 report that it falls "far below even the most minimal security standards applicable in other contexts."
Ross Goldstein, deputy administrator for the Maryland Board of Elections, says the state has commissioned a study by the University of Maryland at Baltimore County into voter verification. They're "going to get back to us with some recommendations in time to coincide with our next legislative session (starting in January) so it can be a guide for policymakers," Goldstein said.
But for now, he added, Maryland is confident in its current operation. "There's a lot of security and testing and different things that we do that obviously we feel very confident that we provide a very secure, very reliable voting system," Goldstein said.
Even if the dispute over voter-verified audit trails is eventually resolved, another lies on the horizon: access to source code used by voting machines. Should it be posted freely on the Internet, available only to researchers with credentials or kept a tightly held secret?
Shamos of Carnegie Mellon warns that advocates of more secure voting technology should tread carefully when demanding paper trails--or risk creating additional logs that could endanger voters' privacy.
It would be a shame, he said, if "people, in their frenzy to get rid of the perceived problems with voting security, in a misplaced effort to get some security, they've thrown away privacy."
CNET News.com's Anne Broache contributed to this report.
8 commentsJoin the conversation! Add your comment