December 1, 2006 11:25 AM PST
Report: Paperless e-voting is not secure
- Related Stories
Lawsuit alleges e-voting negligence in FloridaNovember 21, 2006
A sampling of e-voting glitches on election day 2006November 7, 2006
Standards to stimulate e-voting?October 6, 2006
The National Institute of Standards and Technology (NIST) says the U.S. government should decertify "direct-record electronic" machines that are not "software independent," according to a draft report (PDF).
The final report will be presented Monday and Tuesday to the federal Election Assistance Commission (EAC), which is working on new voting system guidelines. The EAC was established by the Help America Vote Act of 2002 to develop and oversee federal election voting guidelines, and administer funding to states that follow the law's requirements. The law also made NIST the primary advisor to the EAC over matters of voting technology.
Direct-record electronic, or DRE, systems, NIST said, "in practical terms cannot be made secure" in their current form because the results can not be independently verified. The report stresses the necessity of "software-independent" systems for verifying votes.
"A lot of us have been saying it, but to have a body like NIST, that is so well respected and nonpartisan and neutral, say it gives credibility to the argument," said Computer Science Professor Avi Rubin, technical director of the Information Security Institute at Johns Hopkins University, who has read the report. "I think we will now have a lot of play with legislators who are looking at these things."
Instead of DRE machines, NIST recommends optical-scan machines and DRE machines with voter-verified paper audit trail systems, or DRE-VVPAT systems.
Optical-scan machines require voters to mark paper ballots that can be quickly scanned to be counted, but also saved for a recount. They work in the same way as Scantron or SAT tests, with people filling in circles with a pen or pencil.
DRE-VVPAT machines offer voters a touch screen to vote on, followed by a printout of how they voted. Voters then verify the printout's accuracy before finalizing their vote, and that paper record can be used in a recount.
"There is software in optical-scan machines, but they can be audited independently, and that's the key. You have the paper ballots," said Rubin.
Not everyone was happy with the NIST report. States including Texas have already invested in new computer voting technology that might not meet NIST's recommendations.
"We are confident with the systems we have in place in Texas and feel that November's successful election stands as proof that elections in Texas are safe and secure," wrote Ashley Burton, communications specialist for the office of the Texas Secretary of State, which hadn't yet read the draft report.
"If, however, EAC did go with the recommendations (noted in an e-mail from CNET News.com) and mandate optical scans, it would cost Texas' counties a lot of money as they would need to buy the new equipment, among other burdens it would impose," Burton continued in an e-mail. "Also, challenges would arise for voters with disabilities in casting a secret ballot."
NIST's report is being released amid a climate of lawsuits on e-voting negligence and complaints of glitches with computer voting machines during the November 7 elections.
"I think that they very nicely capture the whole basic idea as to why computer scientists have been objecting by citing software independence," Rubin said. "The fact that the DRE software can not be audited by anything other than itself is a problem."
NIST made its recommendations after looking extensively at the security of computers, computer networks and data storage, and the human factors involved with regard to the security of voting, and methods for detecting and preventing fraud.
NIST did not completely close the door on electronic voting by computer or other future technology. It specifically mentioned that further research into other "immature" voting systems is needed before NIST can recommend them as secure means of voting.