About as Secure as
a Hotel Minibar"> Felten also contends that the physical locks used to prevent people from accessing the insides of Diebolds machines can be opened with common keys such as those used to secure hotel minibars. Those issues, as well as the problem of having no method to audit votes on some e-voting devices, could paint a grim picture of the project.Another high-profile e-voting critic, Avi Rubin, a professor of computer science at The Johns Hopkins University, in Baltimore, and author of the e-voting critique "Brave New Ballot," agreed that such shortcomings would never be tolerated in a private-sector IT rollout. "Election officials were so sure these systems would make elections easier they didnt even consider huge issues such as a lack of audit capabilities. These were people untrained as IT professionals who didnt even consider the security implications," Rubin said. "The result was the adoption of a bunch of half-baked solutions that by no means can be considered a reasonable way to conduct trustworthy elections; if you were in charge of a private-sector project like this, youd get fired; its that simple." A Blueprint for Failure While even the most jaded critics concede that its too soon to know for sure whether the current e-voting upgrade will indeed be considered a significant failure, experts say there are many lessons already learned that enterprises should consider when planning their own IT rollouts. "The biggest lesson [evident] right now is dont try to rush something of this scale," said Kimball Brace, president of Election Data Services, a political consulting company in Washington. "Its a hard lesson, and it was foisted upon us by the deadlines that the federal government and Congress pulled out of a hat," Brace said. The primary reason the e-voting project has stumbled so badly is that those in charge of the effort failed to view the move as an IT upgrade and had little appreciation for the size of the undertaking, Brace said. "They thought it could be done in this amount of time, and, despite the fact that election administrators said they needed more time, [Congress] didnt listen," he said. Brace pointed to a last-minute compromise passed just before the 2002 congressional elections known as the Help America Vote Act, or HAVA, as emblematic of the misguided rush to adopt e-voting tools. The policy was incomplete and set impossible deadlines, he said. Among other things, HAVA provided for a new agency, the U.S. Election Assistance Commission, which would foster changes in election laws to help election administrators grapple with e-voting. It took more than a year after the measure was passed, until December 2003, for the commissioners of the group to be appointed. When those commissioners had been named, experts said, they had no offices, no staff and no operating budget, and their work had to be completed in two years. Next Page: Running out of time.
"The states and counties that have bought this equipment know very little about how it works and dont have much evidence that it will meet requirements from a security perspective," said Felten in Princeton, N.J. "These devices will boot up and take votes, but, in terms of accuracy, there are not a lot of good reasons to trust them; a well-run enterprise procurement would allow for a lot more due diligence before buying."