CYBEREYE: Help America Vote: Trust but verify
There are some good things in the Voluntary Voting System Guidelines approved in December by the Election Assistance Commission, tasked by law with, among other things, overseeing the nation’s transition to electronic voting.
According to the commission, the guidelines “significantly increase security requirements for voting systems” certified under the program. Physical and software security requirements for electronic voting systems are spelled out, along with requirements for wireless and network security.
Best of all are the specifications for independent verification of ballots, which would go a long way toward ensuring that other security steps are effective and that votes can be accurately recorded, counted and recounted.
But the voluntary guidelines have a glaring flaw: They are voluntary. States may use them or not as they see fit, an important caveat as more states migrate toward electronic voting systems, opening up new avenues for wholesale vote tampering.
Fortunately, many states intend to use the new guidelines. According to EAC, about 39 states already use the current Federal Election Commission guidelines that will be superseded by EAC’s new iteration next year. But there is no guarantee of a uniform national standard for voting system security.
The Help America Vote Act of 2002, passed in the wake of the tortuous 2000 presidential election, requires EAC to write new guidelines and oversee certification of voting systems. Until now, the National Association of State Election Directors has overseen national certification. But HAVA does not require national certification. Some states use the national certification program, some have their own programs, some do both and some do neither.
HAVA does require some basic security for voting systems used in presidential elections. As of Jan. 1, all systems must allow voters to verify and correct their choices before casting the ballot and must produce a record that can be used to audit the results.
But neither provision ensures that the vote counted was the vote cast. The EAC voluntary guidelines have a requirement for an Independent Verification System that would produce two records of each vote, produced by separate systems and verified voters, which could be compared to verify results.
“Because the records are separately stored, an attacker who can compromise one will also have to compromise the other,” EAC reported, reducing the chances of successful tampering.
The most common type of independent verification system is the Voter Verifiable Paper Audit Trail. This produces a paper copy of the ballot that the voter approves before the electronic vote is cast. It can be used to audit results. In the case of a recount, the paper copy is the official record of the ballot.Paper tampering is harder
The advantage of the paper audit trail is that tampering is more difficult, because the skill sets needed to compromise both the paper and electronic ballots are so different.
The electronic-voting machine industry likes to point out that paper ballots have been abused for years, and that there is no evidence that their products have been compromised to throw an election. But that does not mean it cannot happen. In fact, voting officials and IT security experts have proven it can. And just because paper ballots are not perfect does not mean an electronic system isn’t better off with a paper audit trail.
The United States has been relying on national elections for 217 years. We should never stop trying to get it right.William Jackson is a GCN senior writer. E-mail him at [email protected]
Connect with the GCN staff on Twitter @GCNtech.