One of the greatest challenges when securing computers is accounting for the unexpected, says Seth Hallem, CEO of Coverity, Inc., the San Francisco–based maker of the source code analysis software that SAIT used during its probe of Diebold's system. This is becoming more difficult as increasingly sophisticated software—including that which runs electronic voting machines—continues to grow to encyclopedic portions. One program can contain tens of millions of lines of code.
Whereas certain technology—such as pacemakers and other medical devices—are heavily regulated and must adhere to strict design and construction standards, voting machines are still mostly unregulated. "There's no validation of how the software for these systems is designed and built," Hallem says, adding that this is "surprising given the importance of voting machines to our national infrastructure."
This has caused problems throughout the U.S. as different states attempt to assess the effectiveness of their e-voting technology. Following a review of e-voting machine security vulnerabilities and source code, California Secretary of State Debra Bowen in August decertified all e-voting machines in her state, other than those designed for disabled voters. Ohio Secretary of State Jennifer Brunner recently released the results of a probe into her state's electronic voting systems that concluded they, too, were riddled with "critical security failures" that could impact the integrity of elections.
"In the year 2000, when the Florida election went nuts, there were some electronic systems, but by and large the vast majority was done on handwritten ballots and punch ballots," SAIT co-director Yasinsac says. In the wake of the controversy, e-voting was held up as a way to restore integrity to the process. "We pushed this technology even though it was not ready," he adds. "Much of the software that the machines used is more than 10 years old and has been revised heavily, making it harder to review."
Any significant changes in election technology will come too late for this year's bid for the White House. In states such as Maryland, where Democratic Governor Martin O'Malley has proposed spending $6.8 million to buy new optical-scan machines to improve the accuracy of that state's elections, the technology will not be ready to go until 2010. Meantime, legislation introduced to the U.S. House of Representatives last year by Rep. Rush Holt [D–N.J.] that would require voter-verified permanent paper ballots (amending the tech-friendly but misguided Help America Vote Act of 2002) is languishing in committee and will not impact this year's elections.
See what we're tweeting about
2 Comments
Add CommentAs mentioned, the problem with the Florida election, "was done on handwritten ballots and punch ballots"
Reply | Report Abuse | Link to thisThe problem is not the ballot, but the humans marking the ballots. Humans are notoriously error prone...
The solution is not leaping to ballot-less Internet voting but to improve the ballot itself.
The answer is a high tech physical ballot hardened against fraud and accident which is marked by machines similar to modern ink-jet printers.
This gives advantages of touch-screen voting without the nightmare of hackers rigging elections.
And ballot recounts can be done dozens of times because the ballots are real objects kept secure.
'EVMs illegally being used for a decade'
Reply | Report Abuse | Link to thisAuthor - Ajay Jagga, High Court Lawyer, India
Sanjay Sharma, TNN, Feb 22, 2010, 03.44am IST
CHANDIGARH: The electronic voting machines (EVMs) are being used in violation of the Information Technology Act 2000, a research paper has revealed.
Author of the research paper, advocate Ajay Jagga, told The Times of India, on Sunday that as per IT Act, 2000, a verifiable audit trail has to be provided in case of any electronic record, which is now admissible as evidence as per Evidence Act but in case of electronic voting, the voter does not get any receipt with regard to his voting.
The research paper recently attracted the attention of experts when a conference on "EVMs: How trustworthy? " in Chennai passed a unanimous resolution on February 13, to approach the Election Commission of India (ECI) for bringing the electronic voting procedure in tune with IT Act, 2000.
Jagga said he would soon approach ECI seeking formation of legal committee to remove the illegality or will knock the doors of court.He said the voter comes across a beep and flash, but what has happened inside the machine and whether the data has been recorded as per the wish of the elector, is not know. It is just like deposited money in the bank and official of the bank says no receipt is required.
The lawyer said, "Unless the voter gets a receipt like the one we get in ATM or after the use of debit or credit cards, all electronic transactions including a vote, are illegal." What is the evidence that the vote cast has really been recorded and that it has been recorded in the manner the voter intended, he asked.
For the purpose and to protect the secrecy of ballot, all such receipts, after the voter has checked his transaction, should be put in a box which should remain with ECI to be produced as evidence in case of a dispute, he said. The government amended the relevant laws in 1989 to equate EVM with ballot and ballot box to facilitate transition from ballot paper to EVM but the IT Act 2000 created a new complication that has to be immediately resolved in the interest of fairness of things, Jagga pointed out.