'Crash tested' e-voting machines spread doubt on Super Tuesday

Six states at 'high risk'

High performance access to file storage

Crash tests

Elections officials in California, Ohio Florida and Colorado have all either scrapped touch-screen voting or placed tough new limits on their use. While critics of e-voting have generally applauded the moves, not everyone is happy.

"The efforts, especially in California and Colorado and Ohio, have been to cast doubts and aspersions on the electronic voting equipment by the very tests that were conducted," says Stephen Weir, the County Clerk of California's Contra Costa County and the head of the California Association of Clerks and Election Officials. "We feel that was grossly unfair and really designed with a conclusion in mind, and that was to decertify the voting systems."

In Weir's mind, California's study was akin to the crash tests car makers perform on new models before they are delivered to consumers. Laboratory scientists strap a dummy into a vehicle that's had its brakes disconnected and is sent hurtling into a brick wall.

"Yeah, the dummy is going to go through the windshield every time," he says. Just like the crash tests, he argues, the e-voting studies didn't take into account the real-world protections that are provided by things like security workers at polling places. "None of us had a chance to say: 'By the way, here's what it looks like when you have brakes, seat belts, et cetera,'" he complains.

It's a critique that's shared with some political science experts, including Henry Brady, another professor at UC Berkeley. While he remains concerned about electronic voting's susceptibility to equipment failure or tampering, he says those risks are being exaggerated at the exclusion of others.

One such risk few people pay attention to is the use of optical scanning machines that require ballots to be transported to a central office before being processed. That leaves them vulnerable to all kinds of tampering.

"We're so focused on the security issue that we've sometimes gotten rid of e-voting machines with paper trails... and replaced them with optical scan systems with a central count," he says.

Another overlooked problem, he says, is the confusing layout elections officials sometimes choose for paper or touch-screen ballots. Sarasota County's high undercount rate in the 2006 election was most likely the result of a ballot form that included two races on the same page, a mistake that could have been made using paper ballots.

Brady's suspicion may be correct. But because the ES&S machines used by Sarasota County didn't provide paper receipts showing how, or if, each person voted, it's hard to know for sure. And it's criticisms like these that are perhaps the most common refrain among e-voting opponents.

Son of Hanging Chad

When computers are the sole means used to register a vote, there's nothing tactile or otherwise to review later if anomalies are found. That's a deficiency that's largely not found with older methods of voting. Even during the hanging chad debacle of 2000, there were punch cards that could be inspected.

"These machines are an unnecessary risk," says Brian Chess, chief scientist at Fortify Software, a security company that supplied software that was used by officials in California, Ohio and Florida to analyze the source code of touch-screen machines. "They weren't developed with state-of-the-art security in mind or robustness in mind." (Fortify has offered to make its software available free of charge to voting officials throughout the country so they can independently analyze their systems.)

He says the experience companies like Diebold have gained in building highly secure automatic teller machines is of little value when designing e-voting machines. That's because the requirements for the two machines are vastly different. ATMs collect copious amounts of information about who is using the machine, exactly what was transacted and when. Touch-screen machines, by contrast, require that ballots be cast in secret.

In many respects, the move to e-voting is the result of the contested presidential election of 2000, which was settled only after a 5-4 vote along party lines by justices of the US Supreme Court. The controversy brought attention to the aging fleet of analog voting systems and affirmed voters' resolve for equipment that would be more dependable.

But for a growing number people, the resulting reliance on computers represents a step backward, not only because they are perceived as more vulnerable to malfunctions and tampering but also because there's no easy way to know if the results they report are accurate.

"With e-voting, there's a greater danger that we could have a problem on a much wider scale," says Avi Rubin, a professor at Johns Hopkins University and a longtime critic of touch-screen voting machines. "If we have an e-voting system and you get a result that appears perfectly believable and is wrong, you would have no way of knowing that. We don't know, and that right there is cause for concern." ®

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
Singapore decides 'three strikes' laws are too intrusive
When even a prurient island nation thinks an idea is dodgy it has problems
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
Reprieve for Weev: Court disowns AT&T hacker's conviction
Appeals court strikes down landmark sentence
US taxman blows Win XP deadline, must now spend millions on custom support
Gov't IT likened to 'a Model T with a lot of things on top of it'
prev story


Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.