Study recommends reporting e-voting machine defects to national database

NYU's Brennan Center says many problems can be traced to lack of vendor accountability

The Brennan Center for Justice at the New York University School of Law is calling on the federal government to create a national, searchable database for reporting and recording information on defects in electronic voting systems.

In a 70-page report on voting system failures, the nonpartisan public policy and law institute also recommended the creation of a federal statute that would require manufacturers of e-voting machines to publicly report any known defects in their products under penalty of law.

The Brennan center released the report, Voting System Failures: A Database Solution (download PDF), this week -- at the same time that problems with electronic voting machines were reported at several polling locations across New York state as voters attempted to cast ballots in the state's primary election.

Lawrence Norden, senior counsel at the Brennan Center and author of the report, said a study by the center found a relative lack of vendor accountability today for problems caused by defective voting machines.

He noted that numerous instances of problems caused by defective e-voting systems in recent years haven't prompted state and federal governments to create rules for their use. Thus, voting system vendors have often failed to provide timely and full information on defects that are known or should be known.

Norden noted that vendors often blame problems on errors by poll workers or on administrative issues rather than admit to product defects. "When we spoke to election officials, many times we found that vendors were aware of problems with their systems or should have known about them," he said.

The Brennan Center examines 14 separate incidents where e-voting machine defects caused considerable problems during an election.

For instance, election officials in Ohio discovered that some 1,000 votes in the 2008 Presidential primary election were not counted in nine counties that used touchscreen or optical scan systems manufactured by Diebold Election Systems, which was later sold to Election Systems and Software.

According to the report, Diebold initially blamed the problems on human error and the state's installation of an antivirus product on the voting systems. After being prompted by state officials to conduct a more thorough investigation, the company later acknowledged that the problem in fact resulted from a programming error in the proprietary operating system that ran the machine.

The same problem was found to have occurred in the same systems during a 2004 election in DuPage County, Ill., indicating that Diebold had been aware of the issue.

In another instance cited in the report, election officials in Humboldt County, Calif., discovered during a post-election audit that the county's Premier Election Solutions voting machines did not count some 200 votes. A subsequent investigation revealed that the e-voting machines failed to maintain required logs of important system events, causing the generation of inaccurate data and time stamps that led operators to delete crucial audit logs.

Following that investigation, California Secretary of State Debra Bowen told the U.S. Election Assistance Commission (EAC) that Premier, formerly Diebold, had known about the problems for at least four years and failed to warn the county about it.

Officials at ES&S, which now owns the machines involved in both instances, were not available for comment.

Requiring vendors to publicly report such problems, and to compile the problems in a central database, is one way to address the issue, Norden said.

The EAC, created as part of the 2002 Help America Vote Act, is responsible for testing and certifying electronic voting systems. The EAC has set up a system for alerting election officials of the results of the tests. However, the alerting system only applies to relatively new e-voting machines and not the vast majority of older systems that are in use around the country, Norden said in his report.

Norden said the EAC should be given the resources necessary to implement a central database and it should be granted the statutory authority to enforce compliance with reporting requirements.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies