NIST-backed panel calls for end to paperless voting
- By Michael Hardy
- Nov 30, 2006
Draft NIST white paper
The 2007 version of federal Voluntary Voting Systems Guidelines should include provisions that prevent paperless electronic voting machines from getting certified, according to a subcommittee advising the Election Assistance Commission.
The Security and Transparency Subcommittee of the commission’s Technical Guidelines Development Committee made the recommendation in a report posted on the National Institute of Standards and Technology's Web site earlier this month. NIST supports the committee.
Direct Recording Electronic (DRE) voting machines, better known as touch-screen machines, record votes electronically. However, many observers consider the machines to be prone to errors and potentially open to security breaches. With no paper record for officials to check the electronic totals against, officials are unable to audit the accuracy of the machines or to conduct recounts that don't depend on the original tallies, opponents of paperless voting say.
The subcommittee recommends that all systems certified under the 2007 guidelines be “software independent.” They define the term as meaning a system that provides a safeguard so that undetected errors in the electronic total can't affect the outcome of an election. In general, that means using electronic machines with a voter-verified paper record.
Optical scan voting systems already generate the paper record, because voters mark their ballots first before the computer reads their votes and adds them to the total counts. The marked ballots, if securely stored, can serve as a check to audit or recount the electronic results. DREs, however, do not generate any kind of paper record unless they are set up to do so.
Some all-electronic methods of providing software independence are under study, but only one, based on cryptography, is on the market, according to the report.
If the commission adopts the recommendations, paperless systems could still be used for a few years. But systems will probably be required to adhere to the 2007 standard by 2009 or 2010, according to the report.