No mandate for e-voting, computer scientist says

No mandate for e-voting, computer scientist says

Despite wide use in last week’s presidential election, direct-recording electronic voting still is a faulty method of casting ballots, one computer scientist says.

“Paperless electronic-voting systems are completely unacceptable,” said Dan Wallach, assistant professor of computer science at Rice University.

Assurances about the machines’ accuracy and reliability are not based on verifiable data, Wallach said today at the Computer Security Institute’s annual conference in Washington.

Wallach was one of a team of computer scientists who in 2003 examined source code for voting machines from Diebold Election Systems Inc. of North Canton, Ohio, and reported numerous security flaws.

Cryptography implementation and access controls showed an “astonishingly naive design,” he said. “As far as we know, these flaws are still there today.”

Diebold has defended its technology and said the computer scientists examined an outdated version of the code.

Wallach countered that without access to current code for any voting machines, it’s impossible to verify manufacturers’ claims. The proprietary nature of the code and a lack of government standards for voting technology also make certification of the hardware and software meaningless, he said.

The IT Association of America hailed the Nov. 2 election as a validation of direct-recording technology. But Wallach said sporadic problems with the systems have been reported, and a thorough analysis of Election Day procedures and results is under way.

Plus, a paper ballot that can be recounted is essential to a reliable system, he said.

“Probably the best voting system we have today is the optical scan system, with a precinct-based scanner,” Wallach said. “It is very simple, it is accurate, and it is auditable.”

He suggested that a hybrid voting system that produces a verifiable paper ballot would be as reliable as optical systems and would offer convenience and accessibility for disabled voters.

A number of states, including California and Nevada, have laws or legislation pending to require that voting machines produce paper ballots.

Wallach said technical standards that demand transparent certification processes would go a long way toward increasing voting reliability.

“I think the Common Criteria would be a good place to start,” he said, referring to the set of internationally recognized standards for evaluating security technology, either against vendor claims or against a set of needs specified by a user.

About the Author

Connect with the GCN staff on Twitter @GCNtech.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.