E-vote at Risk
Despite vendor assurances, researchers remain concerned about the security and reliability of electronic voting systems.
Computerworld - This November, as many as 50 million Americans could vote for president using some form of electronic touch-screen system, the vast majority of which have been designed by McKinney, Texas-based Diebold Election Systems. That has some IT and security researchers holding their breath because of the faulty track record of Diebold's technology and a government-endorsed testing and certification process that they say is deeply flawed.
Those critics say that direct recording electronic (DRE) voting systems remain vulnerable to manipulation and malfunction, particularly in states that have ignored some recommendations of independent researchers, like Maryland has.
State election officials, on the other hand, say they are confident that appropriate safeguards are in place to ensure the security and accuracy of the 2004 vote.
Among the most pressing issues cited by critics are a lack of technical standards governing DRE software development, the failure of the government to impose transparency on the software testing and certification process, and the lack of technical security knowledge throughout the many state and local jurisdictions that oversee elections where DREs will be used.
Johns Hopkins University professor Aviel Rubin, who last year published a study of portions of the Diebold software code, says the quality of that code was below minimum standards for a production system. Rubin's report cites a lack of industry-standard change-control processes and documentation, as well as specific technical weaknesses.
Jonathan Gossels, founder of SystemExperts Corp. in Sudbury, Mass., says his review of the Diebold code showed that it was "amateurish" in its design. More important, the amount of code that has been studied and found wanting "is only the tip of the iceberg" of the millions of lines of C++ and Microsoft Windows-based code that powers the Diebold touch-screen systems and back-end management servers, says Gossels.
The testing procedures of vendors, particularly Diebold, are also under suspicion. Jerry Rudisin, CEO of Agitar Software Inc., a software testing company in Mountain View, Calif., says he suspects that the original Diebold code wasn't subjected to unit testing based on the lack of change-control documentation. And because of this, "a lot of bugs end up getting through to the deployed systems," he says.
A January 2004 study by the Innovative Solutions Cell at Columbia, Md.-based RABA Technologies LLC tested Diebold systems that were to be deployed for Maryland's March 2004 primaries. The study found the general lack of security awareness in the Diebold code "a valid and troubling revelation." In addition, the report confirmed Rubin's assertion that there was little evidence that widely accepted standards of software development had been followed.
One of the most critical aspects of the voting system development process is the testing and certification of hardware and software to ensure that they meet voluntary federal voting standards for security and reliability. Three vendors act as so-called independent testing authorities (ITA). However, IT experts are highly critical of the testing process because of its secrecy.
This state transportation department uses computer science students from a local university as programming interns, and everyone is happy with the arrangement -- until one intern learns how to bring down the mainframe.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Path Selection Infographic
- Path Selection Infographic
- Hyperconvergence Infographic
- A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era
- From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- How WAN Optimization Helps Enterprises Reduce Costs
- If you wanted to break down innovation into a tidy equation, it might go something like this: Technology + Connectivity = Productivity. Productivity... All Government IT White Papers
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Mobile Security: Containerizing Enterprise Data In this on-demand webinar, Fixmo's Lee Cocking, VP of corporate strategy, explains why Apple-ization trends like mobility and "bring-your-own-device" (BYOD) are driving the...
- Endpoint Data Management: Protecting the Perimeter of the Internet of Things Not surprisingly, "Internet of Things" (IoT) and Big Data present new challenges AND opportunities for enterprise IT. Teams need to harness, secure and...
- How to Protect Enterprise Data Yet Enable Secure Access for End Users Learn how BYOD, Big Data and the use of rogue applications and devices is putting corporate data at risk, best practices from IT...
- All Government IT Webcasts