, SecurityFocus 2003-01-30
Should electronic ballots decide the next presidential election? Some respected computer scientists and security experts say the risks posed by malicious hackers, equipment failure or subtle programming errors make fully-electronic voting systems a bad idea. On Friday, they're taking that fight to their own backyard, trying to stop local officials from introducing the systems into 5,000 voting booths in the heart of California's Silicon Valley."In all-electronic systems there is absolutely no evidence that the vote you cast goes in correctly," says Peter Neumann, principal scientist at SRI International. "There's no voter-validated record, so Trojan horses or accidents can happen without any evidence that anything has gone wrong."
Usually featuring touch screens and simple ATM-like interfaces, electronic voting systems gained enormous popularity following the punch card-related glitches of the trouble-plagued 2000 election. By some estimates one out of five votes were cast electronically last November. The systems are not connected to the Internet; instead, voters' ballots are typically stored on an internal hard drive until the polls close. Then they're copied onto another electronic medium -- a portable disk or a non-volatile memory card -- and taken to a central counting facility.
It's the paperless nature of the transaction that bothers critics.
"The problem is that between the moment the voter touches the screen and says, 'Cast this vote,' and the time that the vote is counted, it's really up to the company that wrote the software to say that there were no errors or deliberate tampering that interfered with the vote," says David Dill, a computer science professor at Stanford University.
Rise of the Machines
Dill, Neumann, and the ACM's Barbara Simons are
A representative of the company, which makes touch screen voting systems used in sixteen states, says the computer scientists concerns are misplaced.
"There are a number of tests and checks and balances in the process," says Alfie Charles, Sequoia's public affairs director. "The systems include a logic and accuracy test prior to an election, as well as after, so you can input a number of known votes and ensure that the votes were recorded and tallied exactly as they were entered into the system."
Security procedures also guard against tampering, Charles says. For example, immediately before an election
"There are a lot of steps in place that a lot of people that are involved in computer security aren't aware of, and unfortunately they're causing a lot of undue concern for voters," says Charles.
The computer scientists say they'd be happier, but not convinced, if companies making the electronic voting systems released their code for public review. On Friday they hope to persuade Santa Clara County to embrace a system in which electronic voting stations print a hard copy of the voter's ballot. The voter can then review the printout before manually depositing it in a ballot box. "I think this could be the place that the tide turns on this, because if the county makes this decision the rest of the country may pay special attention to it," says Dill. "It is Silicon Valley, and the area has a special reputation for technical competence."