No mandate for e-voting, computer scientist says

No mandate for e-voting, computer scientist says

Despite wide use in last week's presidential election, direct-recording electronic voting still is a faulty method of casting ballots, one computer scientist says.

'Paperless electronic-voting systems are completely unacceptable,' said Dan Wallach, assistant professor of computer science at Rice University.

Assurances about the machines' accuracy and reliability are not based on verifiable data, Wallach said today at the Computer Security Institute's annual conference in Washington.

Wallach was one of a team of computer scientists who in 2003 examined source code for voting machines from Diebold Election Systems Inc. of North Canton, Ohio, and reported numerous security flaws.

Cryptography implementation and access controls showed an 'astonishingly naive design,' he said. 'As far as we know, these flaws are still there today.'

Diebold has defended its technology and said the computer scientists examined an outdated version of the code.

Wallach countered that without access to current code for any voting machines, it's impossible to verify manufacturers' claims. The proprietary nature of the code and a lack of government standards for voting technology also make certification of the hardware and software meaningless, he said.

The IT Association of America hailed the Nov. 2 election as a validation of direct-recording technology. But Wallach said sporadic problems with the systems have been reported, and a thorough analysis of Election Day procedures and results is under way.

Plus, a paper ballot that can be recounted is essential to a reliable system, he said.

'Probably the best voting system we have today is the optical scan system, with a precinct-based scanner,' Wallach said. 'It is very simple, it is accurate, and it is auditable.'

He suggested that a hybrid voting system that produces a verifiable paper ballot would be as reliable as optical systems and would offer convenience and accessibility for disabled voters.

A number of states, including California and Nevada, have laws or legislation pending to require that voting machines produce paper ballots.

Wallach said technical standards that demand transparent certification processes would go a long way toward increasing voting reliability.

'I think the Common Criteria would be a good place to start,' he said, referring to the set of internationally recognized standards for evaluating security technology, either against vendor claims or against a set of needs specified by a user.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group