E-vote at Risk
Despite vendor assurances, researchers remain concerned about the security and reliability of electronic voting systems.
Computerworld - This November, as many as 50 million Americans could vote for president using some form of electronic touch-screen system, the vast majority of which have been designed by McKinney, Texas-based Diebold Election Systems. That has some IT and security researchers holding their breath because of the faulty track record of Diebold's technology and a government-endorsed testing and certification process that they say is deeply flawed.
Those critics say that direct recording electronic (DRE) voting systems remain vulnerable to manipulation and malfunction, particularly in states that have ignored some recommendations of independent researchers, like Maryland has.
State election officials, on the other hand, say they are confident that appropriate safeguards are in place to ensure the security and accuracy of the 2004 vote.
Among the most pressing issues cited by critics are a lack of technical standards governing DRE software development, the failure of the government to impose transparency on the software testing and certification process, and the lack of technical security knowledge throughout the many state and local jurisdictions that oversee elections where DREs will be used.
Johns Hopkins University professor Aviel Rubin, who last year published a study of portions of the Diebold software code, says the quality of that code was below minimum standards for a production system. Rubin's report cites a lack of industry-standard change-control processes and documentation, as well as specific technical weaknesses.
Jonathan Gossels, founder of SystemExperts Corp. in Sudbury, Mass., says his review of the Diebold code showed that it was "amateurish" in its design. More important, the amount of code that has been studied and found wanting "is only the tip of the iceberg" of the millions of lines of C++ and Microsoft Windows-based code that powers the Diebold touch-screen systems and back-end management servers, says Gossels.
The testing procedures of vendors, particularly Diebold, are also under suspicion. Jerry Rudisin, CEO of Agitar Software Inc., a software testing company in Mountain View, Calif., says he suspects that the original Diebold code wasn't subjected to unit testing based on the lack of change-control documentation. And because of this, "a lot of bugs end up getting through to the deployed systems," he says.
A January 2004 study by the Innovative Solutions Cell at Columbia, Md.-based RABA Technologies LLC tested Diebold systems that were to be deployed for Maryland's March 2004 primaries. The study found the general lack of security awareness in the Diebold code "a valid and troubling revelation." In addition, the report confirmed Rubin's assertion that there was little evidence that widely accepted standards of software development had been followed.
One of the most critical aspects of the voting system development process is the testing and certification of hardware and software to ensure that they meet voluntary federal voting standards for security and reliability. Three vendors act as so-called independent testing authorities (ITA). However, IT experts are highly critical of the testing process because of its secrecy.
- Google I/O 2013's Coolest Products and Services
- 10 Star Trek Technologies That are Almost Here
- 19 Generations of Computer Programmers
- 25 Must-Have Technologies for SMBs
- A walking tour: 33 questions to ask about your company's security
- 15 social media scams
- The 7 elements of a successful security awareness program
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Federal IT Innovation Caught in a Catch-22
- Fed resources shoring up old infrastructure, holding back new technologies.
- Harness IT -- An Introduction to Business Intelligence Solutions
- Learn the key selection criteria required to provide your organization with the capability to address structured data, unstructured data and mobile demands so...
- Business Intelligence Shows its Smarts
- Today's Business Intelligence (BI) tools provide a new way to think about data with self-service capabilities and user-friendly analytics that can be used...
- Proactive Planning for Big Data
- Big data is less about the terabytes and more about the query tools and business intelligence needed to make sense of massive amounts...
- Inquiry Spotlight: Consumer-Facing Identity
- The challenges of consumer-facing identity management, access management, and authentication differ in ways subtle and dramatic from those of the employee-facing variety. All Government IT White Papers
- Becoming An Analytics Driven Organization
- Join us on Tuesday, June 18, 2013, 11:00 AM EDT and learn how your agency can create an analytics culture that will enable...
- 3 Reasons Why Sepaton is the World's Fastest Backup Solution
- Leading analyst, Storage Switzerland learns how Sepaton backs up and deduplicates massive data volumes while maintaining the industry's fastest performance - all in...
- Enterprise File Sharing: All You Need to Know
- Security. Scalability. Control. These are just some of the many benefits of enterprise cloud file-sharing that you'll discover in this KnowledgeVault, packed with...
- Bridging HTTP and FTP with FileXpress Internet Server
- What if you could take an FTP server on your internal network, and allow external users (partners or customers) to securely access it...
- MFT and FileXpress - An Overview
- Business users and applications exchange files on a regular basis. File transfer is a core part of the flow of business activity. All Government IT Webcasts