Skip the navigation

E-vote at Risk

Despite vendor assurances, researchers remain concerned about the security and reliability of electronic voting systems.

By Dan Verton
October 18, 2004 12:00 PM ET

Computerworld - This November, as many as 50 million Americans could vote for president using some form of electronic touch-screen system, the vast majority of which have been designed by McKinney, Texas-based Diebold Election Systems. That has some IT and security researchers holding their breath because of the faulty track record of Diebold's technology and a government-endorsed testing and certification process that they say is deeply flawed.

Those critics say that direct recording electronic (DRE) voting systems remain vulnerable to manipulation and malfunction, particularly in states that have ignored some recommendations of independent researchers, like Maryland has.

State election officials, on the other hand, say they are confident that appropriate safeguards are in place to ensure the security and accuracy of the 2004 vote.

Among the most pressing issues cited by critics are a lack of technical standards governing DRE software development, the failure of the government to impose transparency on the software testing and certification process, and the lack of technical security knowledge throughout the many state and local jurisdictions that oversee elections where DREs will be used.

Johns Hopkins University professor Aviel Rubin, who last year published a study of portions of the Diebold software code, says the quality of that code was below minimum standards for a production system. Rubin's report cites a lack of industry-standard change-control processes and documentation, as well as specific technical weaknesses.

Jonathan Gossels, founder of SystemExperts Corp. in Sudbury, Mass., says his review of the Diebold code showed that it was "amateurish" in its design. More important, the amount of code that has been studied and found wanting "is only the tip of the iceberg" of the millions of lines of C++ and Microsoft Windows-based code that powers the Diebold touch-screen systems and back-end management servers, says Gossels.

The testing procedures of vendors, particularly Diebold, are also under suspicion. Jerry Rudisin, CEO of Agitar Software Inc., a software testing company in Mountain View, Calif., says he suspects that the original Diebold code wasn't subjected to unit testing based on the lack of change-control documentation. And because of this, "a lot of bugs end up getting through to the deployed systems," he says.

A January 2004 study by the Innovative Solutions Cell at Columbia, Md.-based RABA Technologies LLC tested Diebold systems that were to be deployed for Maryland's March 2004 primaries. The study found the general lack of security awareness in the Diebold code "a valid and troubling revelation." In addition, the report confirmed Rubin's assertion that there was little evidence that widely accepted standards of software development had been followed.

Mystery Tests

One of the most critical aspects of the voting system development process is the testing and certification of hardware and software to ensure that they meet voluntary federal voting standards for security and reliability. Three vendors act as so-called independent testing authorities (ITA). However, IT experts are highly critical of the testing process because of its secrecy.

Our Commenting Policies
Blog Spotlight

Staff member at a senior center calls this pilot fish, complaining that her printer won't work. And since she's the kind of user who thinks computers just get in the way of getting her job done, fish has his work cut out for him.