No mandate for e-voting, computer scientist says

No mandate for e-voting, computer scientist says

Despite wide use in last week’s presidential election, direct-recording electronic voting still is a faulty method of casting ballots, one computer scientist says.

“Paperless electronic-voting systems are completely unacceptable,” said Dan Wallach, assistant professor of computer science at Rice University.

Assurances about the machines’ accuracy and reliability are not based on verifiable data, Wallach said today at the Computer Security Institute’s annual conference in Washington.

Wallach was one of a team of computer scientists who in 2003 examined source code for voting machines from Diebold Election Systems Inc. of North Canton, Ohio, and reported numerous security flaws.

Cryptography implementation and access controls showed an “astonishingly naive design,” he said. “As far as we know, these flaws are still there today.”

Diebold has defended its technology and said the computer scientists examined an outdated version of the code.

Wallach countered that without access to current code for any voting machines, it’s impossible to verify manufacturers’ claims. The proprietary nature of the code and a lack of government standards for voting technology also make certification of the hardware and software meaningless, he said.

The IT Association of America hailed the Nov. 2 election as a validation of direct-recording technology. But Wallach said sporadic problems with the systems have been reported, and a thorough analysis of Election Day procedures and results is under way.

Plus, a paper ballot that can be recounted is essential to a reliable system, he said.

“Probably the best voting system we have today is the optical scan system, with a precinct-based scanner,” Wallach said. “It is very simple, it is accurate, and it is auditable.”

He suggested that a hybrid voting system that produces a verifiable paper ballot would be as reliable as optical systems and would offer convenience and accessibility for disabled voters.

A number of states, including California and Nevada, have laws or legislation pending to require that voting machines produce paper ballots.

Wallach said technical standards that demand transparent certification processes would go a long way toward increasing voting reliability.

“I think the Common Criteria would be a good place to start,” he said, referring to the set of internationally recognized standards for evaluating security technology, either against vendor claims or against a set of needs specified by a user.

About the Author

Connect with the GCN staff on Twitter @GCNtech.

Featured

  • Comment
    customer experience (garagestock/Shutterstock.com)

    Leveraging the TMF to improve customer experience

    Focusing on customer experience as part of the Technology Modernization Fund investment strategy will enable agencies to improve service and build trust in government.

  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

Stay Connected