In his Aug. 23 commentary, "E-Voting: Its Security, Stupid," Ben Rothke proved he is out of touch with reality when he compared elections with Internet commerce and wrote of "intrinsic" security flaws in electronic voting technology.
E-commerce and electronic tax filing are conducted over the Internet. Electronic voting is not. When you send money or information to your bank or your government online, it is technically vulnerable to millions of users around the world, even though security specialists have done a pretty good job of protecting against fraud and identity theft. So going slow on online voting makes sense, although it is disappointing that the U.S. Department of Defense dropped its planned controlled experiment for online voting in this falls election for U.S. military personnel abroad.
What has not happened is a single, verifiable instance of tampering involving electronic voting machines. One reason: When DRE (direct recording electronic) machines are used as part of a well-run election, they are subjected to a thorough vetting process and stored securely before and after the polls are open. Another reason is that DRE machines are not connected to the Internet.
So vulnerability boils down to a rogue programmer conspiring to steal public office. This attacker must go undetected by DRE manufacturers testing and quality assurance personnel, by independent test labs, by state testing officials, and by county and local officials. This scenario is nowhere near as likely as a hanging chad. Nor is it an intrinsic flaw, as Rothke asserts.
Further, the software engineers and businesspeople behind these machines are working with federal, state and local officials to mitigate that vulnerability. For example, U.S. Elections Assistance Commission Chairman DeForest Soaries recently announced a strategy to help ensure the integrity of the federal election this fall. My organization, the Information Technology Association of America, endorsed his strategy.
Soaries urges voting software vendors to allow analyses of their software code and to submit, voluntarily, code to the National Institute of Standards and Technologys National Software Reference Library. The strategy also calls upon the commission to ask jurisdictions using electronic voting technology to choose from optional security measures that include paper verification, voice verification and random testing of e-voting systems.
Electronic voting is proven and practical. As with any technology, it is as perfect as the people using it and the processes of which it becomes part. To date, we have seen flaws in the machine handling, data storage and data entry. Perhaps Rothke could be more specific about the actual security vulnerabilities—as opposed to theoretical vulnerabilities—of todays e-voting software. Meanwhile, the security flaws Rothke is concerned about have not appeared; if the e-voting community has its way, they never will.
Harris Miller is president of the ITAA. Free Spectrum is a forum for the IT community. Send submissions to firstname.lastname@example.org.