Wednesday, December 07, 2005

Voting Machines Under Scrutiny

washingtonpost.com
Voting Machines Under Scrutiny
States Face a Jan. 1 Deadline to Meet Reliability Standards

By Brian Bergstein
Associated Press

The potential perils of electronic voting systems are bedeviling state officials as a Jan. 1 deadline approaches for complying with standards for the machines' reliability.

Across the country, officials are trying multiple methods to ensure that touch-screen voting machines can record and count votes without falling prey to software bugs, hackers, malicious insiders or other ills.

These are not theoretical problems -- in some states they have led to lost or miscounted votes.

One of the biggest concerns -- the frequent inability of computerized ballots to produce a written receipt of a vote -- has been addressed or is being tackled in most states.

An October report from the Government Accountability Office predicted that steps to improve the reliability of electronic voting "are unlikely to have a significant effect" in the 2006 off-year elections, partly because certification procedures remain a work in progress.

"There's not a lot of precedents in dealing with these electronic systems, so people are slowly figuring out the best way to do this," said Thad E. Hall, a political scientist at the University of Utah and co-author of "Point, Click, and Vote: The Future of Internet Voting."

In North Carolina, more stringent requirements -- which include placing the machines' software code in escrow for examination in case of a problem -- have led one supplier, Diebold Inc., to say it will withdraw from the state, where about 20 counties use Diebold voting machines.

A different type of showdown is brewing in California, where Secretary of State Bruce McPherson says he might force makers of the machines to prove their systems can withstand attacks from a hacker. One such test on a Diebold system -- Diebold machines were blamed for voting disruptions in a 2004 California primary -- is planned.

The state has been negotiating details with Harri Hursti, a security expert from Finland who uncovered severe flaws in a Diebold system used in Leon County, Fla. (He demonstrated how vote results could be changed, then made screens flash "Are we having fun yet?")

Similarly, elections officials in Franklin County, Ohio -- where older voting machines gave President Bush 3,893 extra votes in a preliminary count in 2004 -- recently asked computer experts to test newly purchased touch-screen voting machines from Election Systems and Software Inc.

Such designated hack attempts might be a flawed approach, because a failure proves only that a particular hacker could not break into a machine under certain conditions. That is not the same as opening things up to a broader group of researchers, as software developers sometimes do. Many critics of touch-screen election computers argue that the software should be publicly examined to make sure vote tampering could not occur.

A McPherson spokeswoman said the hacking test would be one of many factors in deciding whether to approve the voting machines. McPherson has released a 10-point plan for certification efforts, including a software code escrow system.

The scrutiny is likely to make California miss a Jan. 1 deadline set under the federal Help America Vote Act of 2002.

That law was aimed at phasing out the punch-card ballots and other old-fashioned systems that proved problematic in 2000. It requires states to improve disability access at polling places in addition to standardizing electronic voting systems.

A report by Election Data Services Inc., a political consulting firm, for the U.S. Election Assistance Commission determined that 23 percent of American voters used electronic ballots in 2004, a 12 percent increase over 2000.

Since then, largely because of warnings from computer security experts and grass-roots activism, many states have began requiring the machines to produce paper receipts that voters can examine. At least 25 states have such rules and 14 more have requirements pending, according to the Verified Voting Foundation.

"There's a long way to go -- making our elections truly trustworthy in this country is a multifaceted problem," said David L. Dill, a Stanford University computer scientist and founder of the foundation. But he added that he expected a "much better situation in 2006" and noted that improving electronic voting has become "a delightfully nonpartisan issue."

Manufacturers insist that their voting machines are reliable and that critics have made too much of isolated problems.

"Anytime there's an issue that happens with a particular voting system, all vendors are painted with the same broad brush," said Michelle Shafer, a spokeswoman for Sequoia Voting Systems Inc. "There are differences from product to product. You need to look at the track record of particular companies."