Md. elections CIO says e-voting flaws ‘mitigated’

Md. elections CIO says e-voting flaws ‘mitigated’

Maryland voters can rest assured their votes will be safely and accurately counted next month, said Pamela Woodside, CIO of the Maryland Elections Board.

Woodside spoke yesterday at an Association for Federal Information Resources Management luncheon in Washington.

The Free State is officially free of hanging chad and lever machines, Woodside said. All counties will use the AccuVote-TS Model ES-2000 direct-recording electronic voting system from Diebold Election Systems Inc. of North Canton, Ohio. Baltimore City is using the AVC Advantage Model 315 Direct Recording Electronic system from Sequoia Voting Systems Inc. of Hayward, Calif.

Security problems with the Diebold systems have been the subject of much controversy. Not long after Maryland signed the DRE contract with Diebold in July 2003, several professors at Johns Hopkins University issued a report on problems with the Diebold voting system.

The report’s author, Avi Rubin, a Johns Hopkins professor and director of Hopkins’ Information Security Institute, made some incorrect assumptions about the Diebold system, Woodside said. Rubin assumed the DRE computers would have an attached keyboard and be connected to the Internet, neither of which is the case, she said.

“The media grabbed hold of Rubin’s study and said, ‘The system is insecure. Your vote won’t count,’” Woodside said.

Gov. Robert Ehrlich ordered an independent review of the Diebold system. A risk assessment by Science Applications International Corp. of San Diego came up with 328 security requirements, 66 of which the Diebold equipment didn’t meet.

The Elections Board then put together a plan to ensure those requirements were met and presented it to the governor, Woodside said.

Maryland has made a series of adjustments to the Diebold equipment to mitigate the security vulnerabilities:

  • Each chief election judge is assigned a unique personal information number.

  • A backup site is available in case of a disaster on Election Day.

  • Anyone who touches the computer tabulation undergoes a background check—including fingerprinting.

  • Each of the 16,000 DRE units receives logic and accuracy testing. Woodside said elections staff loads ballots on each unit and tests to make sure the time is set correctly and the screen is laid out in portrait, not landscape, mode.

  • The encrypted ballot image is stored in flash memory.

  • Equipment is stored under lock and key.

  • Tape that changes color if it has been tampered with is placed on the keyhole where the memory card is stored. The tape is also applied to servers.

“Nobody can replace the memory card without our seeing that something was done,” she said.

Implementing the new voting equipment was “a lot like Y2K,” said Woodside, who managed the year 2000 rollover for the Housing and Urban Development Department. “There are no rain dates for Election Day.”

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.