October 6, 2005 4:00 AM PDT

E-voting hobbled by security concerns

(continued from previous page)

James Baker III. It states that a voter-verifiable paper audit trail will "increase citizens' confidence that their vote will be counted accurately," permit a recount, should one prove necessary, and allow a random selection of electronic voting machines to be tested for accuracy.

E-voting reformers divided
Complicating the move toward voter-verified receipts is a fierce internal debate between activists and computer scientists about how useful the receipts will prove in detecting election fraud.

Shamos
Michael Shamos,
computer science
professor, Carnegie
Mellon University

"What I'm very much against is a requirement that all voting machines should have to have a paper trail," said Michael Shamos, a computer science professor at Carnegie Mellon University who has been the official examiner of electronic voting systems for Pennsylvania. He says the products with the necessary features aren't on the market yet.

"On a superficial, intuitive level, it sounds like a really appealing idea, and the proponents use some very persuasive arguments, usually along the nature of, 'You get a receipt when you go to the ATM, you get a receipt when you go to the grocery store, why can't we give you a receipt when you vote?'" Shamos said.

Shamos' counterarguments go something like this: Mandating paper trails will halt experimentation with better techniques, paper records have a long history of tampering by both major parties, and paper trails that record voters' choices on one long strip of paper will invade privacy because they show who voted first and last.

His last point--that long strip of paper--will be discussed at the NIST workshop Friday. A paper (Click for PDF) by John Wack of NIST notes that "this attack could be used to enforce vote selling,or simply to invade the privacy of voters and determine how particular individuals voted."

Michael Alvarez, co-director of the Caltech-MIT Voting Technology Project, says he's not opposed to the use of paper for purposes of voter verification. However, he adds, "we also have strongly argued that the legislation that moves in this direction ought to be open for the new technologies and shouldn't preclude the use of these other types of approaches."

Alvarez
Michael Alvarez,
co-director,
Caltech/MIT Voting
Technology Project

That sort of nuanced argument tends to fall on deaf ears in state government. Ohio's law, for instance, calls for "a physical paper printout on which the voter's ballot choices, as registered by a direct recording electronic voting machine, are recorded."

Such a law, depending on how it's interpreted, could preclude innovative, cryptographically secure products such as two that are being developed by legendary inventor David Chaum and mathematician Andrew Neff that generate encrypted receipts for vote verification.

Next steps in the states
Manufacturers of electronic voting machines are racing to meet the different verified-voting deadlines and requirements set by state governments.

"What we have complies with proposed federal guidelines for 2005 and has already been approved by different states. Probably the most stringent is California, and we've already been certified by California," said Alfie Charles, a spokesperson for Sequoia Voting Systems. Sequoia's VeriVote printer was used in Nevada in the 2004 election.

All but one of Maryland's 24 counties use Diebold machines, first tested in the 2002 gubernatorial election, without voter-verifiable audit trails. After some Diebold source code leaked to the Internet, a group of computer scientists, including Maryland resident Avi Rubin, analyzed the software and concluded in a 2003 report that it falls "far below even the most minimal security standards applicable in other contexts."

Ross Goldstein, deputy administrator for the Maryland Board of Elections, says the state has commissioned a study by the University of Maryland at Baltimore County into voter verification. They're "going to get back to us with some recommendations in time to coincide with our next legislative session (starting in January) so it can be a guide for policymakers," Goldstein said.

But for now, he added, Maryland is confident in its current operation. "There's a lot of security and testing and different things that we do that obviously we feel very confident that we provide a very secure, very reliable voting system," Goldstein said.

Even if the dispute over voter-verified audit trails is eventually resolved, another lies on the horizon: access to source code used by voting machines. Should it be posted freely on the Internet, available only to researchers with credentials or kept a tightly held secret?

Shamos of Carnegie Mellon warns that advocates of more secure voting technology should tread carefully when demanding paper trails--or risk creating additional logs that could endanger voters' privacy.

It would be a shame, he said, if "people, in their frenzy to get rid of the perceived problems with voting security, in a misplaced effort to get some security, they've thrown away privacy."

CNET News.com's Anne Broache contributed to this report.

Previous page
Page 1 | 2

8 comments

Join the conversation!
Add your comment
e voting
If this is so good, then why is security so lacks!
Companies that have personnel infomation cannot secure your personnel info. then how can e voting secure the vote so that theirs no compermise of your vote? if the black box vote machines uses windows base most of that has back door entry, could this be so someone can change your vote? Who dose the elite want in office?
Posted by (3 comments )
Reply Link Flag
E voting should never use Windows
Given the problems that exsist with Windows, which M$ is unable to get a grasp on, this POS should never, ever be used for something as important as an election. Use some type of proprietary system used only on voting machines.
Posted by Gerald Quaglia (72 comments )
Reply Link Flag
Democracy is at stake
Why so many states put their faith in non-auditable eVoting machines is astounding. Using such a device with known programming & security flaws is akin to opening the results to gross manipulation by the man behind the curtain in The Wizard of Oz.

How can there be a fair & democratic election when someone can connect to a county's vote tabulator via an insecure "back door" and rather quickly alter the vote results? And the sad part is without real tracking mechanisms, no one would know.

Sure, you may have the right to vote, but what if your vote is never counted? With these flawed devices, vote-thefts can run rampant (as have been shown repeatedly in recent years). The whole notion of Democracy is at stake.

Check out www.votergate.tv for an eye-opening account on what's really happening with the man behind that curtain.
Posted by (1 comment )
Reply Link Flag
It's not a bug, it's a feature !
pradeep P wrote:
> Why so many states put their faith in non-auditable eVoting machines is astounding.

It's not a bug, it's a feature !
Why do you think they buy those machines ...

a bit of humor ...
<a class="jive-link-external" href="http://www.boomchicago.nl/Section/Videos/BoomChicagoVotingMachine" target="_newWindow">http://www.boomchicago.nl/Section/Videos/BoomChicagoVotingMachine</a>
Posted by My-Self (242 comments )
Link Flag
The real value of e-voting for politicians...
The real value of e-voting for politicians is when the seller can assure the buyer that with his machines, the next vote outcome will satisfy the buyer.

<a class="jive-link-external" href="http://en.wikipedia.org/wiki/2004_U.S._Election_controversies_and_irregularities" target="_newWindow">http://en.wikipedia.org/wiki/2004_U.S._Election_controversies_and_irregularities</a>
Posted by My-Self (242 comments )
Reply Link Flag
SUCID Licenses Single Use Credit Card Number For E-Voting
SUCID Licenses Single Use Credit Card Number For E-Voting

EDIS the owner of the July 22 2003 Patent to the Single Use Credit Card Number ID Patent licensed earlier this year a Canadian Company, Single Use Credit Card ID, LTD, or "SUCID".

SUCID is joint venturing with a US Company, Single Use Voter ID, or "SUVID", to license entities for legal Internet gaming and voter ID uses of the Single Use Credit Card Number ID on ID theft protection EDI platforms respectively.

Simply put, this means the use of ID theft protection technology to assist voter protection is developing quickly. These companies will be moving quickly into the marketplace as the platform completes construction within the next six months.
Posted by (66 comments )
Reply Link Flag
Changes in EDI Secure LLLP ownership changed above SUCID response
Changes in EDI Secure LLLP ownership changed above SUCID response...


A year ago, January 2006, EDI Secure LLLP was purchased by IDPixie LLC which owns the patent US 6,598,031 B1 granted on July 22, 2003 for APPARATUS AND METHOD FOR ROUTING ENCRYPTED TRANSACTION CARD IDENTIFYING DATA THROUGH A PUBLIC TELEPHONE NETWORK from inventor Jeffrey Ice. So to update EDI Secure LLLP's place in the marketplace, I add the above and below data.

My Pledge

I, Mr. Abdul Tawala Ibn Ali Alishtari, pledge my Foundation to halt child slavery activities including his Global Peace Film Festival, Inc., at www.peacefilmfest.org. I pledge moral support of legal, peaceful activities and my non-profit gifts offshore, onshore and globally, primarily with philantrophy from my personal investment to help halt all fraud, violence and scams hurting innocent children, women and families so help me God.
Posted by Abdul Tawala Ibn Ali Ali (53 comments )
Link Flag
Shamos's objections to paper trail not entirely valid
Prof. Michael Shamos is described as objecting to providing
electronic voting machines with voter-verified paper trails
because printing vote records on long strips of paper could
enable someone to discover the identities of the voters who cast
them.
This problem is easily solved by not printing ballots on long
strips. Instead, each printed ballot would be torn off by the voter
and placed in a conventional ballot box, completely obscuring
the connection between ballots and voters.
In this variant of the voter-verified paper trail (promoted by
the Open Voting Consortium [1]), ballots would be officially cast
only when placed in the box. The electronic voting machine
would then be better described as an electronic ballot printer,
and any vote totals it produced would be no more than early,
unofficial estimates.
The paper ballots could be counted manually, of course (as
they are in many European countries), but because they are
printed by machine they would be reliably readable by
independent vote-counting scanners.

According to the article, Prof. Shamos also maintains that
"mandating paper trails will halt experimentation with better
techniques". Yes, laws can be too specific-- it's possible that
paper ballots may someday be superseded by superior
technology. Nevertheless, we have a serious problem here and
now, and it's one we can't afford to leave unsolved just because
the solution at hand is not provably optimal.
Instead of mandating paper trails specifically, voting-machine
laws should merely require that vote-verification technology be
transparent, i.e., understandable by the average voter. This
requirement is satisfied by paper ballots, whether filled in by
hand or printed by machine, but it leaves the door open to
superior technologies (it would appear to close the door,
however, to the sophisticated encryption technology proposed
by Chaum and Neff).

Finally, the article attributes to Prof. Shamos the indisputable
observation that paper records have a long history of tampering
by both major parties. Such tampering is possible only at the
retail level --attackers must interfere physically with each of the
ballot boxes they wish to corrupt-- and defenses against such
attacks, while not perfect, are well developed.
Voting-machine software, however, provides opportunities for
tampering at the wholesale level. A single malefactor can hide
vote-corrupting features in software that is installed in
thousands of voting machines, resulting in vote corruption far
removed in time and place from the original tampering, and on a
scale that retail vote tamperers could only dream of.
If paper trails or machine-printed ballots can transform the
election-tampering threat from wholesale to retail, it's one of
the best deals on offer.

Reference
--------
1. <a class="jive-link-external" href="http://www.openvotingconsortium.org/" target="_newWindow">http://www.openvotingconsortium.org/</a>
Posted by hr_austin (3 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.