Digg this story   Add to del.icio.us  
E-Voting security debate comes home
Kevin Poulsen, SecurityFocus 2003-01-30

Should electronic ballots decide the next presidential election? Some respected computer scientists and security experts say the risks posed by malicious hackers, equipment failure or subtle programming errors make fully-electronic voting systems a bad idea. On Friday, they're taking that fight to their own backyard, trying to stop local officials from introducing the systems into 5,000 voting booths in the heart of California's Silicon Valley.

"In all-electronic systems there is absolutely no evidence that the vote you cast goes in correctly," says Peter Neumann, principal scientist at SRI International. "There's no voter-validated record, so Trojan horses or accidents can happen without any evidence that anything has gone wrong."

Usually featuring touch screens and simple ATM-like interfaces, electronic voting systems gained enormous popularity following the punch card-related glitches of the trouble-plagued 2000 election. By some estimates one out of five votes were cast electronically last November. The systems are not connected to the Internet; instead, voters' ballots are typically stored on an internal hard drive until the polls close. Then they're copied onto another electronic medium -- a portable disk or a non-volatile memory card -- and taken to a central counting facility.

It's the paperless nature of the transaction that bothers critics.

"The problem is that between the moment the voter touches the screen and says, 'Cast this vote,' and the time that the vote is counted, it's really up to the company that wrote the software to say that there were no errors or deliberate tampering that interfered with the vote," says David Dill, a computer science professor at Stanford University.

Rise of the Machines
Dill, Neumann, and the ACM's Barbara Simons are expected to offer public comments Friday afternoon in San Jose, Calif., when a committee of the Santa Clara County's board of supervisors is scheduled to vote on whether to purchase the all-electronic voting system made by Oakland-based Sequoia Voting Systems.

A representative of the company, which makes touch screen voting systems used in sixteen states, says the computer scientists concerns are misplaced.

"There are a number of tests and checks and balances in the process," says Alfie Charles, Sequoia's public affairs director. "The systems include a logic and accuracy test prior to an election, as well as after, so you can input a number of known votes and ensure that the votes were recorded and tallied exactly as they were entered into the system."

Security procedures also guard against tampering, Charles says. For example, immediately before an election Sequoia gives a copy of the voting software to state officials to lock up. That copy can later be checked against the software actually running on the machines if any question of the election's integrity is raised after the polls close.

"There are a lot of steps in place that a lot of people that are involved in computer security aren't aware of, and unfortunately they're causing a lot of undue concern for voters," says Charles.

The computer scientists say they'd be happier, but not convinced, if companies making the electronic voting systems released their code for public review. On Friday they hope to persuade Santa Clara County to embrace a system in which electronic voting stations print a hard copy of the voter's ballot. The voter can then review the printout before manually depositing it in a ballot box. "I think this could be the place that the tide turns on this, because if the county makes this decision the rest of the country may pay special attention to it," says Dill. "It is Silicon Valley, and the area has a special reputation for technical competence."

    Digg this story   Add to del.icio.us  
Comments Mode:


Privacy Statement
Copyright 2010, SecurityFocus