Security researchers decry electronic voting systems
- By Trudy Walsh
- Aug 07, 2003
Government, academic and industry officials voiced concerns about existing electronic voting systems yesterday at the Usenix security conference in Washington, D.C.
David Elliott, assistant director of elections for Washington state, said current voting problems'such as the 2000 presidential election debacle and recent reports of serious security holes in direct-record electronic systems from Diebold Election Systems'were caused by 'years and years of benign neglect.'
Every year, state officials ask the same question: 'Do we buy another cop car, or do we update the voting machines?' Elliott said. 'We kept on buying cop cars. Now the only place besides election offices where you can find punch card machines is the Smithsonian.'
David Dill, a professor of computer science at Stanford University, said election officials and computer security experts have not communicated enough to solve election problems.
'Democracy rests on your shoulders,' he told the audience, which was made up largely of computer security researchers.
Election officials might not want the help of computer security experts, 'but they badly need your help to make these machines work in elections,' Dill said.
Dill predicted that governments will soon make 'a mass purchase of touch-screen machines, all of them probably as bad as Diebold's. Democracy is at risk because of these machines. We need to stop the acquisition of these paperless touch-screen machines, in their current form.'
Several speakers, including Douglas Jones, a professor of computer science at the University of Iowa, have called for the decertification of the Diebold DREs, which have been used in elections in more than 30 states.
Another speaker, Aviel Rubin, led a team that examined the voting software from Diebold, based in North Canton, Ohio. Rubin, technical director of the Information Security Institute at Johns Hopkins University, was one of the authors of a report issued last month titled 'Analysis of an Electronic Voting System,' which found that the Diebold system is 'far below even the most minimal security standards applicable in other contexts.'
cited the Diebold system's incorrect use of cryptography, vulnerabilities to network threats and poor software development processes.
Trudy Walsh is a senior writer for GCN.