Cyber Eye: E-voting really needs standards

An estimated 32 percent of American voters will cast electronic ballots in November, but their confidence could be undermined by worries about the security and reliability of the tallies.

After the contested 2000 presidential election, e-voting machines—often touch-screen notebook computers—were seen by many as a way to prevent a recurrence. Now security experts are raising a whole new set of fraud and error possibilities.

The House Administration Committee last month heard conflicting expert testimony.

The state of Georgia had an 80 percent reduction in uncounted votes in 2002 elections after it changed to touch-screen machines statewide, said Britain J. Williams, professor emeritus of computer science and IT at Kennesaw State University.

But Aviel D. Rubin, professor of computer science at Johns Hopkins University, said his examination of one e-voting company’s software code revealed a disturbing number of security flaws. He said better software development procedures are needed before computers can handle elections without the crutch of paper ballots.

Both sides are right

As is often the case in complex arguments, both sides are right.

E-voting has been around for 25 years without evidence of election fraud, but that is no guarantee that security flaws will not be exploited. It’s also true that with only about 90 days till the 2004 presidential election, millions of voters will have to use the machines whether they trust them or not.

The consensus seems to be that we’ll hope for the best this year, then spend the years before the next presidential election to beef up the standards.

Georgia extensively tested e-voting software before using it at the polls. The state signs approved software with the Secure Hash Algorithm 1 so that inspectors can detect any changes in the code after installation. But SHA-1 does not guarantee that the original software was free of flaws.

Current voting machine standards focus on function rather than security. An e-voting machine that works as expected isn’t necessarily tamperproof. Because bugs and malicious code are difficult to find, standards must begin at the development stage and be enforced with open, third-party evaluation of both code and process.

Everyone knows the risks associated with paper ballots. Tales of stuffed ballot boxes are legendary from Chicago to Texas. We are only now beginning to see the risks associated with e-voting. And if the history of elections and the history of computers teach us anything, it is that if a vulnerability can be exploited, it will be.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.