Report says many e-voting systems are flawed

A task force for voting systems put together by NYU’s Brennan Center for Justice has issued a report concluding that a lot of the electronic voting systems in use (or proposed for use) are flawed, mostly due to rather simple security features and policies that haven’t been implemented.

The most widely used electronic-voting systems all have flaws that can be addressed relatively easily, but few states and counties have actually implemented recommended security measures, researchers concluded Tuesday.

Even the printing of paper records _ widely seen as a countermeasure to hacking and other attacks on ATM-like touchscreen machines _ does little good if audits aren’t routinely and automatically performed, researchers said. Their report said that fewer than half of the 26 states requiring paper records also require regular audits.

The report, based on interviews with elections officials and analyses of voting systems, came from the Task Force on Voting System Security convened by New York University’s Brennan Center for Justice. Task force members were from government, universities, security companies and nonprofit advocacy groups.

I have written on the topic of electronic voting before and the vast majority of what I suggested almost 2 years ago is still completely valid. In fact, the advances in the various technologies I work with have only made it easier to do what I suggested and the security provided is even better than it was at the time. The weak link is, as always, the human element. The one item the task force chose to hammer home was the propensity of voters to simply not look at the paper audit trail even when it’s available. This is a user education issue and it’s pretty simple to handle. The poll workers have a big sign up at every check-in table that shows what the screen looks like and a big honkin’ arrow pointed to where the paper audit receipt comes up. “Check to make sure what’s on the paper is how you voted,” should be all the instructions someone needs.

The task force also mentions a couple of items for any voting machine in use. First, they suggest banning wireless components on the voting machines. This, too, is a facet of my day job and I’m very capable of weighing in as an expert on the topic. So let me dispense with this little myth – it’s quite possible to secure a wireless link to a degree of confidence that running voting machines over it shouldn’t concern anyone. NSA-level resources can probably crack the security I’m talking about given the time. The issue is whether they can do it in time to do them any good. You see, intercepting the wireless transmission and cracking it will certainly tell them what was communicated by the voting machine to the base unit. So what? Seeing what the vote was does nothing. The whole danger is someone getting in there and changing votes or adding them. I submit (without getting into details, of course) that such a wireless link can be secured to the point where it will take longer to crack the security than they have to screw with the election. And if they bust the security keys on election day in 2006 that does them precisely zero good for election day 2007.

So, we can secure a wireless link. Better question: why would we need to? Wireless links are great for allowing network connections to places where you can’t or don’t want to run hardlines or cable connection. Is a voting location one of those? I think not. You generally have all the necessary machines in one room – a gym or a cafeteria – and they usually are in plain sight of one another. What’s the problem running network cables between them? Nothing, that’s what. So you run the cables between each one and a central switch, hook the switch to a router, the router to an outbound circuit and away you go. No wireless required. And since there’s no good reason to include it, you mandate that it is not included. Good call by the task force.

The second thing specifically mentioned is that the machines should be tested on election day in real conditions. I would think this would be standard operating procedure for a voting machine of any kind, electronic or otherwise. A complete morning-of test with a clearly bogus test ballot running the entire sequence – voter interaction with the machine, paper trail, audit check, data transmission, vote tally and report – should be considered a mandatory requirement every election day. It can work, we do it all the time for other critical systems.

I would add 1 other thing to the mix. The people responsible for handling the network connections and connective devices as well as the oversight of the software developers should be cleared personnel. They should undergo background checks and be well aware of the penalties for attempting to skew an election. There should be layers of overlapping oversight and as much care as possible should be taken to avoid situations where people can cooperatively defraud. The financial institutions have a lot of good procedures in place to assist them in this regard and they would work well in this case, too.

28 June, 2006 - Posted by Ric James | Politics, Technology