The Real Problem with Voting Security

 
 
By Wayne Rash  |  Posted 2006-11-06
 
 
 

The Real Problem with Voting Security


On Nov. 7, a third of all U.S. voters will encounter electronic voting machines for the first time. As is the case in nearly any human enterprise that goes through a massive change, there will be problems.

There will be people who cant vote when they wish because poll workers werent properly trained, or because somebody forgot some vital piece of voting equipment. Or worse, there wont be enough poll workers to handle the rush of voters, and things will just take a long time.

But what is almost certain not to happen is for the vote, any vote, to be hacked. This is because in reality, todays electronic voting machines are probably the most secure ever designed.

Despite the hysterical warnings of anti-electronic voting luddites, and the activists who yearn for a return to the paper ballot, its harder to cheat on todays machines than it ever has been.

Forty-six years ago, during the Presidential election of 1960, hundreds of ballot boxes containing thousands of votes on paper ballots mysteriously disappeared in Chicago during the supposedly secure transfer between the polling places and the counting facility. They were gone for hours.

When they finally showed up, those ballot boxes contained a victory to John F. Kennedy. The question thats frequently asked, but which has never been answered, was whether something happened to those ballot boxes while they were out of sight.

A dozen years later, while I was a young reporter for a television station in Virginia, I noticed that the board of elections had taken to reading the counters on every voting machine both before and after they were moved to polling places, and the machines were sealed each time. Why?

The jostling the lever-based mechanical voting machines took while being transferred meant that the counters sometimes changed themselves. Numbers would be different just because of mechanical stress on the voting machines.

At a few polling places in Florida during the 2000 election, optical scan ballots in some precincts couldnt be counted accurately. The ballots had to be counted by hand, delaying the vote count by a day, and introducing the potential for inaccuracy.

Vote fraud? Not exactly.

The county involved was trying to save money and was given the job for printing the machine-readable ballots to a printer with no experience printing such forms. The timing marks were every so slightly misplaced, and the ballots couldnt be read by the optical scan machines.

No vote of confidence for e-voting. Click here to read more.

Confounding things, voting officials were doing everything they could to move away from paper ballots, if only because it was so easy to stuff ballot boxes.

All it would take is a loss of physical security for even a few minutes to swing a close election. And the loss of physical security for hours, as happened in Illinois, could result in a vote swing even in an election that isnt particularly close.

The solution for many localities was the mechanical voting machine. It might be cumbersome and prone to glitches, but it was hard to find a way to change large numbers of votes quickly. On the other hand, there was no way to tell whether that had happened or not. Mechanical voting machines had no audit trail at all.

But what voting officials did learn was that physical security of the voting machines was critical. Paper ballots and their easy-to-stuff ballot boxes were abandoned quickly except in the smallest communities.

Next Page: Hacking the vote not likely.

Hacking the Vote Not


Likely ">

Voting machines of whatever type were stored in warehouses that were locked and usually guarded. The machines themselves had security seals applied, and the seals were checked any time the machines were put into use.

In addition, counters were checked and rechecked, and the machines were checked for proper operation.

So now its 2006. More of the machines are electronic, and the only jurisdiction of any size still using the lever-style mechanical machines is the State of New York.

And suddenly, theres a cry about the fact that you might be able to hack the vote on an electronic machine. In fact, it has been proven that given enough time, computer scientists who had unfettered access to a machine, could eventually find a way to insert bogus votes.

NIST to certify voting machine security and standards. Click here to read more.

This should not be news. Given enough time, and enough access, any computer ever made can be hacked. But so can any other means of tabulation. Mechanical counters and paper markers can be handled fraudulently as well. There is nothing new here, other than the means of committing fraud.

The difference is that the voting machines on the market today use advanced encryption, they arent connected to a network and most of them have a means to create an audit trail.

Even if a way were found to jigger a machine, say with a handheld computer, youre talking about a single machine. And even then the security software would report an event that would alert the election staff.

Sure, it can be done, but its very difficult to hack the vote quickly or easily, and even harder to do it in large numbers.

In short, its no more possible to commit vote fraud than it ever was, and in most cases, its a lot less likely. Given the voter verifiable paper trails on 70 percent of todays electronic machines, its probably almost impossible to actually get away with it.

The charges of the anti-electronic voting activists are playing on the lack of understanding by the media, the voting administrators and lawmakers to raise an issue that is, in short, bogus.

What they should be doing instead is focusing on an issue thats significantly more likely to be a problem, and thats poll worker recruitment and training.

Every person I talked to in researching a companion story to this column said they were worried that there wouldnt be enough properly trained poll workers to meet the needs of the voting public.

Instead of chasing imaginary charges of hacking the vote, local officials and others involved in this debate should be spending their time and resources on making sure the people who carry out the voting process know how to operate the machines, know who to call for help, and how to keep them physically secure.

Its not going to be hackers who steal the vote in this election. But it could be stolen by ineptitude and disorganization, especially if election workers are focusing on the wrong problem.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

Rocket Fuel