Digital Chads: E-Voting Errors Almost Inevitable

Past problems with e-voting and unanswered security issues offer up the possibility of errors and abuses on an unprecedented scale this election day. For some, it's just politics as usual.

A year ago, in their debut in Fairfax County, Va., electronic voting systems succeeded in uniting local Republicans and Democrats—in dismay. Problems with the systems in the local Fairfax elections threw the results in at least one race into doubt.

What concerns many election experts and voters alike is that history will repeat itself in the 2004 election. But on a national scale.

For Fairfax, 10 out of the 1,000 touch-screen DRE (direct recording electronic) voting machines failed on election day in 2003, and were then repaired and returned to the polls—all without security checks.

During the election, votes disappeared before the eyes of the citizens casting them because of a random software bug. Interviewed by the Washington Post newspaper, Republican Virginia state senator Keb Cuccinelli said, "Weve just done an electronic Florida."

Now, with advance electronic voting already taking place in Florida, there are fears that Florida will also repeat its 2000 election fiasco, only this time electronically. And theres plenty of reason for voters in other states to be concerned as well.

While hundreds of elections over the last year that depended on DRE voting machines have gone off without a hitch, there has been no test of the magnitude of next weeks presidential election for e-voting. With voter turnout expected to be high, and partisans on both sides looking for any advantage possible in "battleground" states, the possibility of widespread trouble is real.

A month after Fairfaxs flawed election, I attended a symposium on electronic voting at the National Institute of Standards and Technology, where election officials, vendors and computer scientists gathered to discuss the problems. It was both a fitting and an ironic place to hold the event—the Help America Vote Act, passed in the wake of the 2000 debacle in Florida, placed NIST in charge of overseeing the testing and certification of e-voting systems. But the same act had pushed states into buying e-voting systems well in advance of NISTs standards.

Notably absent from the event were executives of Diebold, which has sold its AccuVote touch-screen DREs to 37 states. Diebold, the most controversial of DRE voting machine vendors, has been widely excoriated for its chief executives pledge to deliver Ohio to the Republican party.

But the software for Diebolds system has drawn equal consternation, after the commented source code and documentation files for Diebolds GEMS election software was discovered stored on a public Diebold Website by e-voting activists.

One of the speakers at the NIST event was Avi Rubin, professor of computer science at Johns Hopkins University. Rubin had written a paper a href=>revealing major bugs in Diebolds AccuVote source code.

In a recent opinion piece in the Baltimore Sun, Rubin said, "If my experience as a computer scientist is any guide ... voters will not realize just how dangerous it is to rely on these machines to conduct a free and fair election with a reliable result."

/zimages/7/28571.gifPaper ballots have their own share of security problems. Click here to read more.

Thats because little has changed since the NIST conference. Theres no way of knowing how secure the code in many voting systems is. And the problem runs beyond the machines themselves.

For example, at the end of the election day, the voting results on a Diebold system are transmitted to a server running Diebolds GEMS election management software. The data is then stored in a Microsoft Access database—one with security that many people know how to circumvent.

Consultants at Science Applications International were commissioned by the state of Maryland to study Diebolds software. They uncovered so many potential security holes that the public version of their report was almost completely blackened with redaction marks—for fear that public knowledge of them would help hackers compromise the systems.

Without voter-approved paper ballots, the chances of a successful recount of any electronic system are low.

A University of Maryland study suggested that the state move to have Diebold add a paper audit trail to the voting systems it had already purchased. This prompted one Diebold engineer to suggest that the companys management charge "out the yin-yang" for the update.

/zimages/7/28571.gifClick here to read about Venezuelas recent troublesome experience with e-voting.

With both parties political parties primed for legal challenges in battleground states to contest results even before the votes have been cast, this first digital election may be the most expensive one ever for states that have installed e-voting systems without proper backups. Chances are, well all be paying out the "yin-yang," no matter who ends up winning the race.

/zimages/7/28571.gifCheck out eWEEK.coms Government Center at for the latest news and analysis of technologys impact on government practices and regulations, as well as coverage of the government IT sector.