Criticism of electronic voting machines' security is mounting

IDG News Service - As presidential primary season approaches, a debate is raging about electronic voting -- and IT professionals and computer scientists are among the loudest critics.
The issue has grown in urgency thanks to the Help America Vote Act of 2002, Congress' attempt to forestall a repeat of the infamous Florida election debacle of 2000. The bill, known as HAVA, makes as much as $3.8 billion in funding available to states in the short term for replacing older punch card and lever election equipment -- reforms that must be implemented by January 2006.
Manufacturers of the latest generation of electronic touch-screen voting devices, known as direct recording electronic (DRE) machines, are poised to reap the rewards of the spending spree. But controversy roils over whether DREs are secure and bug-free.
Incidents of electronic voting machine malfunctions have fueled the fire, as have thorough security reviews of DREs commissioned recently by election officials in various states. Those reviews have found high-risk vulnerabilities in the systems sold by Diebold Inc., Election Systems & Software Inc., Sequoia Voting Systems Inc. and Hart InterCivic Inc.
For its part, Hart viewed Compuware Corp.'s review of its system on behalf of the state of Ohio (download PDF) as a "very positive report," according to company Chairman David Hart. He said it will be easy to implement the changes called for.
Similarly, Sequoia spokesman Alfie Charles said that his company's system scored well in the same Ohio review and that Sequoia has made many of the recommended changes. "We'll do whatever officials require us to do," Charles said.
Neither Diebold nor Election Systems made representatives available for comment.
Meanwhile, six vendors -- those four plus Advanced Voting Solutions Inc. and Unilect Corp. -- this week responded to the controversy by banding together to form an organization called the Election Technology Council, which will address ethics and security practices, among other issues (see story).
"We came together because our environment has become chaotic," said Hart. "We need to be able to speak as an industry in a single voice on the areas being regulated. ... We want to be part of the debate and tell our industry's side of the story. There's a lot of misinformation."
Still, many IT professionals engaged in the issue are troubled by the limits of computer systems reliability.
Seattle software developer Erik Nilsson's experience writing database code in the historic 1994 South African election made him feel "like a small cog in an overwhelming and complex process," he said. Technologists have to gain an understanding