Government rejects e-voting paper-trail proposal
Government, banking officials claim it's not necessary
IDG News Service - A U.S. government board looking at ways to improve the security of electronic voting has rejected one proposal that would have required election officials to use paper-trail ballots or other audit technologies with the machines.
The Technical Guidelines Development Committee (TGDC), an advisory board to the U.S. Elections Assistance Commission (EAC), on Monday failed to pass a proposal to certify only those direct record electronic (DRE) machines that use independent audit technology. Before the 6-6 vote, TGDC members expressed concerns that a requirement would create a costly mandate to local governments.
TGDC members said they will continue debate on ways to improve e-voting security. The TGDC could bring the proposal or an amended one back up at any time, said Michael Newman, a spokesman at the National Institute of Standards and Technology (NIST), the agency that helps the TGDC develop voting standards.
The proposal, advanced by NIST staff and TGDC member Ronald Rivest, a computer science professor at the Massachusetts Institute of Technology, would have required "software independent" DREs with some kind of independent audit mechanism, such as the voter-verified paper trail printouts advocated by some e-voting critics.
One advocate of paper-trail audits for DRE said he was disappointed with the TGDC's vote. The recommendation was a "much-needed step toward making certain that voting systems are secure, useable, and reliable," said Eugene Spafford, chairman of the U.S. policy committee at the Association for Computing Machinery (ACM).
"Software independence avoids reliance on the accuracy and security of the voting machine software in order to verify an election outcome," Spafford said by e-mail. "The ... initial recommendation was well-grounded, carefully balanced, and addressed an issue that is critical to the integrity of our election process."
Rivest and NIST staff members argued that there's no way to recount elections in which DREs were used without an independent audit mechanism, repeating e-voting critiques in a draft e-voting security white paper circulated last month.
"Simply put, the DRE architecture's inability to provide for independent audits of its electronic records makes it a poor choice for an environment in which detecting errors and fraud is important," the NIST paper said.
But advocates of the software independence approach aren't accusing DREs of being insecure, Rivest said. "What we're saying is we can't tell if they're secure or not," he added. "We don't know how to create requirements to tell if they're secure."
Other committee members said the proposal created new problems, including new requirements for local governments that have already spent their funding from the U.S. government to update election equipment.
"I'm not sure that we've really proven that the processes that state election officials have used for a few decades now of testing and verifying that the systems work ... are failing," said Paul Miller, voting systems manager at the Washington state Secretary of State's Office. "Now we're adding another requirement."
Rivest argued that nearly all software contains bugs, and voting officials shouldn't rely on imperfect software. "When students write software, it's buggy," he said. "When I write software it's buggy."
But Brittain Williams, representing the National Association of State Election Directors, said the U.S. banking industry has largely figured out how to conduct large-scale electronic transactions with few mistakes. "You say all software is buggy," he said. "The question is, can you test it to an acceptable list of security? The banking industry ... moves billions of dollars around every day with this buggy software without ever producing a single piece of paper."
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- Live Webcast 5 Steps to Assuring Quality of Experience In order to align monitoring and management practices with the true demands of the business, IT professionals must expand beyond traditional comfort zones...
- Live Webcast Master the Changing SAP Landscape with Performance Management SAP landscapes are not getting simpler. Gradually, business processes that used to be contained on a single SAP system now involve a range...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade.