E-voting's Rush to Failure

Computerworld - In the wake of the painful experiences of 2000, the choice of the mechanism used to record and tally votes in this year's presidential election may be almost as controversial as the battle between the candidates. Unfortunately, a hefty portion of state and local jurisdictions have prematurely adopted electronic voting systems.
E-voting in this year's election is a terrible idea because of both real technical limitations and the perception that the systems are unreliable and vulnerable to tampering. That's something of a problem, considering more than 30% of all voting in the election will be done on electronic machines.
This isn't just a public relations issue or one that will go away when citizens get used to the technology. A mounting record of problems with e-voting has tarnished elections in Georgia, California and Texas, among other places, and seems to justify widespread voter skepticism.
Part of the problem arises from the complexity of e-voting systems. The code that makes up these systems is so large that there's no efficient way for election officials to ensure that it's free of malware or to completely debug it, according to testimony Johns Hopkins University professor Avi Rubin gave before the U.S. Election Assistance Commission this spring.
The technology simply isn't ready to be used for the most basic and critical function in any democracy. And even if it were, the processes and protocols needed to monitor even high-performing systems aren't in place, judging by the report from IT security experts assembled by the Brennan Center for Justice at New York University School of Law and the Leadership Conference on Civil Rights. The panel's mandate was to devise a strategy for ensuring the security of touch-screen direct-recording electronic (DRE) voting systems.
The recommendations of the group are all eminently sensible: Train all election workers on security procedures. Develop random testing procedures to detect malicious code or bugs in e-voting software. Create and follow standardized procedures for responding to security threats and incidents. You get the idea. But it's a little alarming that the panel had to make these recommendations to fill an existing procedural gap.
To be fair, the chief recommendation of the panel isn't so obvious, and following it is essential to the success of any e-voting system. According to the report, each jurisdiction that plans to use an e-voting system should hire a well-qualified independent security group to evaluate the system's potential for failure and vulnerability to attack. The outside security team should be free of ties to systems vendors and be