October 6, 2005 4:00 AM PDT

E-voting hobbled by security concerns

It's been nearly five years since Americans received a painful education on the perils of traditional voting machines in Florida and almost one year since the 2004 election revealed perplexing irregularities in Ohio's vote tabulation methods.

Yet no uniform security standards exist for electronic voting machines. Even though they were used to tabulate a third of the votes in last year's presidential run, nearly all electronic voting machines in use today remain black boxes without external methods of verifying that the results have not been altered or sabotaged.

Possible threats to an accurate electronic vote tally are legion. They include everything from worms and viruses infecting Microsoft Windows-equipped systems to equipment tampering, code alteration and ballot box stuffing. On Friday, the National Institute of Standards and Technology, which is charged with researching voting security, is convening a conference in Gaithersburg, Md., to explore technological countermeasures.

News.context

What's new:
Nearly all electronic voting machines in use today remain black boxes without external methods of verifying that the results have not been altered or sabotaged.

Bottom line:
The National Institute of Standards and Technology, which is charged with researching voting security, is convening a conference to explore technological countermeasures.

More stories on e-voting

In principle, there should be an easy solution: Require that e-voting machines include what's known as a voter-verifiable paper trail. That would permit a voter to review a physical printout with his or her selections--perhaps under glass so the receipt can't be removed--which would also provide a way to perform a manual recount, if necessary.

But a complicated mix of partisan politics and the relative paucity of voter-verifiable products available today has delayed the switch to improved technology, according to election experts interviewed by CNET News.com.

Congress in 2002 also handed $650 million, through the Help America Vote Act (HAVA), to state officials for the purchase of electronic voting machines without imposing any voter-verifiable requirements. The money has already been spent, and federal politicians aren't eager to write a similar check again.

"They've spent the money provided by HAVA on machines without a paper trail," says Matt Zimmerman, an attorney at the Electronic Frontier Foundation in San Francisco who researches electronic voting. "And now they say they don't have money to upgrade."

Activists for the blind, too, have urged the speedy adoption of electronic voting machines. The National Federation of the Blind has filed a lawsuit (Click for PDF) against Volusia County, Fla., seeking an injunction forcing the installation of touch screen voting machines that are accessible to blind voters but lack a paper trail.

A congressional bottleneck
In Congress, at least four bills requiring paper trails were introduced in the first few weeks of 2005. All remain bottled up in committee, however, in part because key Republicans view e-voting reform as a Democratic ploy to cast doubt on the last two presidential races.

Counting votes
More and more votes are being cast
on electronic machines, thanks to
a federal law giving hundreds of
millions of dollars to states to
pay for upgrades. Punched cards'
popularity is dropping.

"This is one of those circumstances where you have a particular committee chairman, in this case Chairman Bob Ney of the House Administration Committee, who simply does not believe that there is an issue there," said Patrick Eddington, spokesman for Rep. Rush Holt, D-N.J. Holt is backing H.R.550, which requires an "individual voter-verified paper record" and is strongly supported by computer scientists.

Ney replied through a representative that states were free to set their own standards--including voter-verifiable ballots--under the 2002 HAVA law. "The congressman does not believe there should be a national federal mandate at this point in time," said Brian Walsh, a spokesman for Ney, an Ohio Republican. "In his view, the Help America Vote Act has not been implemented yet, and he's not supportive of reopening the bill until it has been fully implemented."

While Congress is tying itself in partisan knots, state legislators have been busy pressing ahead. At least 25 states have enacted verified-voting legislation, according to VerifiedVoting.org, with seven states adopting the requirement in the last three months alone. Legislation is pending in many others.

"The transparency of voting systems is critical to ensuring that the public is supportive of an election, mostly proving that the loser actually lost," said Cameron Wilson, the public-policy director of the Association for Computing Machinery, which supports verified-voting laws. "We (also) feel you should have stronger engineering and testing of both the design and operation."

Adding impetus to this state-by-state legislative trend is a report released last month by an election commission headed by former President Jimmy Carter and former Secretary of State

CONTINUED:
Page 1 | 2

8 comments

Join the conversation!
Add your comment
e voting
If this is so good, then why is security so lacks!
Companies that have personnel infomation cannot secure your personnel info. then how can e voting secure the vote so that theirs no compermise of your vote? if the black box vote machines uses windows base most of that has back door entry, could this be so someone can change your vote? Who dose the elite want in office?
Posted by (3 comments )
Reply Link Flag
E voting should never use Windows
Given the problems that exsist with Windows, which M$ is unable to get a grasp on, this POS should never, ever be used for something as important as an election. Use some type of proprietary system used only on voting machines.
Posted by Gerald Quaglia (72 comments )
Reply Link Flag
Democracy is at stake
Why so many states put their faith in non-auditable eVoting machines is astounding. Using such a device with known programming & security flaws is akin to opening the results to gross manipulation by the man behind the curtain in The Wizard of Oz.

How can there be a fair & democratic election when someone can connect to a county's vote tabulator via an insecure "back door" and rather quickly alter the vote results? And the sad part is without real tracking mechanisms, no one would know.

Sure, you may have the right to vote, but what if your vote is never counted? With these flawed devices, vote-thefts can run rampant (as have been shown repeatedly in recent years). The whole notion of Democracy is at stake.

Check out www.votergate.tv for an eye-opening account on what's really happening with the man behind that curtain.
Posted by (1 comment )
Reply Link Flag
It's not a bug, it's a feature !
pradeep P wrote:
> Why so many states put their faith in non-auditable eVoting machines is astounding.

It's not a bug, it's a feature !
Why do you think they buy those machines ...

a bit of humor ...
<a class="jive-link-external" href="http://www.boomchicago.nl/Section/Videos/BoomChicagoVotingMachine" target="_newWindow">http://www.boomchicago.nl/Section/Videos/BoomChicagoVotingMachine</a>
Posted by My-Self (242 comments )
Link Flag
The real value of e-voting for politicians...
The real value of e-voting for politicians is when the seller can assure the buyer that with his machines, the next vote outcome will satisfy the buyer.

<a class="jive-link-external" href="http://en.wikipedia.org/wiki/2004_U.S._Election_controversies_and_irregularities" target="_newWindow">http://en.wikipedia.org/wiki/2004_U.S._Election_controversies_and_irregularities</a>
Posted by My-Self (242 comments )
Reply Link Flag
SUCID Licenses Single Use Credit Card Number For E-Voting
SUCID Licenses Single Use Credit Card Number For E-Voting

EDIS the owner of the July 22 2003 Patent to the Single Use Credit Card Number ID Patent licensed earlier this year a Canadian Company, Single Use Credit Card ID, LTD, or "SUCID".

SUCID is joint venturing with a US Company, Single Use Voter ID, or "SUVID", to license entities for legal Internet gaming and voter ID uses of the Single Use Credit Card Number ID on ID theft protection EDI platforms respectively.

Simply put, this means the use of ID theft protection technology to assist voter protection is developing quickly. These companies will be moving quickly into the marketplace as the platform completes construction within the next six months.
Posted by (66 comments )
Reply Link Flag
Changes in EDI Secure LLLP ownership changed above SUCID response
Changes in EDI Secure LLLP ownership changed above SUCID response...


A year ago, January 2006, EDI Secure LLLP was purchased by IDPixie LLC which owns the patent US 6,598,031 B1 granted on July 22, 2003 for APPARATUS AND METHOD FOR ROUTING ENCRYPTED TRANSACTION CARD IDENTIFYING DATA THROUGH A PUBLIC TELEPHONE NETWORK from inventor Jeffrey Ice. So to update EDI Secure LLLP's place in the marketplace, I add the above and below data.

My Pledge

I, Mr. Abdul Tawala Ibn Ali Alishtari, pledge my Foundation to halt child slavery activities including his Global Peace Film Festival, Inc., at www.peacefilmfest.org. I pledge moral support of legal, peaceful activities and my non-profit gifts offshore, onshore and globally, primarily with philantrophy from my personal investment to help halt all fraud, violence and scams hurting innocent children, women and families so help me God.
Posted by Abdul Tawala Ibn Ali Ali (53 comments )
Link Flag
Shamos's objections to paper trail not entirely valid
Prof. Michael Shamos is described as objecting to providing
electronic voting machines with voter-verified paper trails
because printing vote records on long strips of paper could
enable someone to discover the identities of the voters who cast
them.
This problem is easily solved by not printing ballots on long
strips. Instead, each printed ballot would be torn off by the voter
and placed in a conventional ballot box, completely obscuring
the connection between ballots and voters.
In this variant of the voter-verified paper trail (promoted by
the Open Voting Consortium [1]), ballots would be officially cast
only when placed in the box. The electronic voting machine
would then be better described as an electronic ballot printer,
and any vote totals it produced would be no more than early,
unofficial estimates.
The paper ballots could be counted manually, of course (as
they are in many European countries), but because they are
printed by machine they would be reliably readable by
independent vote-counting scanners.

According to the article, Prof. Shamos also maintains that
"mandating paper trails will halt experimentation with better
techniques". Yes, laws can be too specific-- it's possible that
paper ballots may someday be superseded by superior
technology. Nevertheless, we have a serious problem here and
now, and it's one we can't afford to leave unsolved just because
the solution at hand is not provably optimal.
Instead of mandating paper trails specifically, voting-machine
laws should merely require that vote-verification technology be
transparent, i.e., understandable by the average voter. This
requirement is satisfied by paper ballots, whether filled in by
hand or printed by machine, but it leaves the door open to
superior technologies (it would appear to close the door,
however, to the sophisticated encryption technology proposed
by Chaum and Neff).

Finally, the article attributes to Prof. Shamos the indisputable
observation that paper records have a long history of tampering
by both major parties. Such tampering is possible only at the
retail level --attackers must interfere physically with each of the
ballot boxes they wish to corrupt-- and defenses against such
attacks, while not perfect, are well developed.
Voting-machine software, however, provides opportunities for
tampering at the wholesale level. A single malefactor can hide
vote-corrupting features in software that is installed in
thousands of voting machines, resulting in vote corruption far
removed in time and place from the original tampering, and on a
scale that retail vote tamperers could only dream of.
If paper trails or machine-printed ballots can transform the
election-tampering threat from wholesale to retail, it's one of
the best deals on offer.

Reference
--------
1. <a class="jive-link-external" href="http://www.openvotingconsortium.org/" target="_newWindow">http://www.openvotingconsortium.org/</a>
Posted by hr_austin (3 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.