What the U.S. Is Doing Wrong with E-Voting

Updated: The latest U.S. e-voting embarrassment is three systems flunking a California security examination.

Another body blow was struck to the already lousy reputation of U.S. e-voting when the office of California Secretary of State Debra Bowen on July 30 published investigation results showing that three major e-voting systems are liable to having their accuracy, security and/or integrity compromised.

Three systems flunked in the hastily conducted examinations: Diebolds GEMS 1.18.24/AccuVote, Hart Intercivic System 6.2.1 and Sequoias WinEDS version 3.1.012/Edge/Insight/400-C. Each machine is either an optical scan system or a DRE that uses Voter Verified Paper Audit Trail

Each system stores votes in its own way. If they can be compromised, the votes that the systems record may not be accurate. For example, if an attacker were to successfully execute arbitrary programs on one of the systems, the systems could be caused to misrecord votes even with the presence of a paper audit trail.

The full report is here.

The news is just the latest in a string of bad press earned by e-voting in the United States of America, where a mishmash of disparate systems is subject to exploit due to wireless communications capabilities and/or inherent flaws in commercial off-the-shelf software thats exempt from testing.

Members of the Technical Guidance Development Commission of the Election Assistance Commission, which grew out of President George W. Bushs Help America Vote Act of 2002, have said that they were aware of significant flaws in voting machines that could allow attackers to change election outcomes on the national or local level even while the TGDC drafted federal guidelines for the design and testing of those machines.

But as the 2008 election looms, the burning question is: Can we get it right?

Other countries have, after all, figured this stuff out.

Brazils been e-voting since 1996 (albeit with fraud still having crept in). The star of the international e-voting scene is arguably Australia, which is e-voting on machines that are based on Linux, using specs set by independent election officials that were posted on the Internet for one and all to vet—an open-source approach for which U.S. activists clamor.

"From what I have read, the U.S. systems are primitive compared [with those of] Australia," said Tom Worthington, a visiting fellow at the department of computer science at Australian National University, in Canberra, Australia, and an expert on e-voting technology, in an e-mail exchange with eWEEK.

Its worthwhile to pause and clarify what we mean when we use the term "e-voting." Electronic voting systems have actually been in use since the 1960s, with the advent of punch-card systems. The term "e-voting" nowadays refers to one of a medley of newer technologies. One e-voting system used on a large scale in India, the Netherlands, Venezuela and the United States is a newer optical scan system that reads a voters ballot mark and then collects and tabulates votes on a single machine.

Then theres Internet voting, which has been used in the United Kingdom, Estonia, Switzerland, Canada, the United States and France.

Then too there are hybrid systems, such as those that flunked the California review. They include an electronic ballot-marking device thats often a touch-screen system similar to a DRE voting system or other technology that prints a voter-verifiable paper ballot, paired with a separate machine to tabulate votes.

Security experts such as Bruce Schneier, writing in a 2006 report for the Brennan Center Task Force on Voting System Security titled "The Machinery of Democracy: Protecting Elections in an Electronic World," have said that the many types of attacks possible against newfangled e-voting systems include wireless exploits that could take advantage of unplanned vulnerabilities in the system software or hardware to plant a Trojan horse onto a machine.

/zimages/1/28571.gifClick here to read about why it is easy to break forensics software used for data recover during legal investigations.

"For this type of attack, a Trojan horse would not have to be inserted in advance of Election Day," according to the report. "Instead, an attacker aware of a vulnerability in the voting systems software or firmware could simply show up at the polling station and beam her Trojan horse into the machine using a wireless-enabled personal digital assistant."

Note that there have been no documented security breaches of e-voting systems in this country. New electronic machines that caused long reporting delays were used in a Cleveland county during the states 2006 primary election; that election resulted in the entire board of elections of Cuyahoga County being removed, but the two felony convictions had to do with what prosecutors called a rigged recount as opposed to any of the machines having been tampered with. When experts warn of potential holes, the emphasis is on potential.

Next Page: Poorly Designed in the USA.