NO CONFIDENCE VOTE: Nearly eight years after the contentious 2000 presidential election, electronic voting has yet to deliver on its promise of accurate, secure ballot tabulation, causing many states to revert back to paper ballots.
iStockphoto; Copyright: Konstantinos Kokkinis

With just nine months to go until Election Day, electronic voting machines remain as iffy and controversial as ever. The new technology was once widely viewed as an improvement over the antiquated paper ballots used in some states during the highly contentious 2000 presidential race that ushered George W. Bush into the White House (think: hanging chads). But it is still plagued by accuracy and security concerns.

In a recent report, the Government Accountability Office (GAO)—Congress's investigative arm—gave at best a lukewarm endorsement of electronic voting technology. Congress called upon the GAO to investigate the role that iVotronic direct-recording electronic (DRE) touch-screen voting machines, made by Election Systems & Software, Inc., in Omaha, Neb., played in the highly controversial 2006 election for Florida's 13th Congressional District, in which Republican Vern Buchanan edged out Democrat Christine Jennings by a whisker-thin 369 vote margin.

During that election, more than 18,000 of the 143,532 ballots cast on the e-voting machines in Florida's Sarasota County did not register a vote for either candidate. The GAO checked for flaws in voting machines used there during the election. As part of the effort, investigators examined the firmware (software embedded in the devices) to make sure it matched that certified by the State of Florida. They also tested the devices to make sure they properly recorded and counted the ballots and whether they could provide accurate results even if miscalibrated.

The agency's conclusion: "Although the test results cannot be used to provide absolute assurance, we believe that these test results, combined with the other reviews that have been conducted by Florida, GAO, and others, have significantly reduced the possibility that the iVotronic DREs were the cause of the undervote."

Although hardly a ringing endorsement for e-voting technology, the GAO's findings contradicted those of researchers at Dartmouth College and the University of California, Los Angeles, who, after conducting a separate study (released in September) found that the "exceptionally high ... undervote rate" in the Florida's 13th District race "was almost certainly caused by" a poorly designed and confusing electronic ballot displayed on the voting machine's touch screen.

Florida's own assessment of its e-voting technology statewide has been even less enthusiastic. The state last May commissioned a review led by Florida State University's Security and Assurance in Information Technology (SAIT) laboratory of voting system software made by Diebold Election Systems (which now calls itself Premier Election Solutions). Two months later, investigators released a scathing report in which they describe a glitch in Diebold's optical-scan firmware that enabled a "type of vote manipulation if an adversary can introduce an unofficial memory card into an active terminal" prior to an election. Such a card can be preprogrammed to essentially swap the electronically tabulated votes of two candidates or reroute all of one candidate's votes to a different candidate. The investigators simulated a cyber strike on their test systems and had no trouble carrying it out despite new mechanisms designed to protect against "similarly documented attacks in previous studies," the report states.

SAIT also found that the systems' encryption algorithms "had some cryptographic flaws," says SAIT co-director Alec Yasinsac, a Florida State University associate professor of computer science. In particular, the keys required to lock and unlock encrypted information were difficult to manage and safeguard against potential hackers. Once they cracked the encryption code, investigators found, intruders were able to access all encrypted data in the voting machine. "The types of attacks are very real," he says.