One of the greatest challenges when securing computers is accounting for the unexpected, says Seth Hallem, CEO of Coverity, Inc., the San Francisco–based maker of the source code analysis software that SAIT used during its probe of Diebold's system. This is becoming more difficult as increasingly sophisticated software—including that which runs electronic voting machines—continues to grow to encyclopedic portions. One program can contain tens of millions of lines of code.
Whereas certain technology—such as pacemakers and other medical devices—are heavily regulated and must adhere to strict design and construction standards, voting machines are still mostly unregulated. "There's no validation of how the software for these systems is designed and built," Hallem says, adding that this is "surprising given the importance of voting machines to our national infrastructure."
This has caused problems throughout the U.S. as different states attempt to assess the effectiveness of their e-voting technology. Following a review of e-voting machine security vulnerabilities and source code, California Secretary of State Debra Bowen in August decertified all e-voting machines in her state, other than those designed for disabled voters. Ohio Secretary of State Jennifer Brunner recently released the results of a probe into her state's electronic voting systems that concluded they, too, were riddled with "critical security failures" that could impact the integrity of elections.
"In the year 2000, when the Florida election went nuts, there were some electronic systems, but by and large the vast majority was done on handwritten ballots and punch ballots," SAIT co-director Yasinsac says. In the wake of the controversy, e-voting was held up as a way to restore integrity to the process. "We pushed this technology even though it was not ready," he adds. "Much of the software that the machines used is more than 10 years old and has been revised heavily, making it harder to review."
Any significant changes in election technology will come too late for this year's bid for the White House. In states such as Maryland, where Democratic Governor Martin O'Malley has proposed spending $6.8 million to buy new optical-scan machines to improve the accuracy of that state's elections, the technology will not be ready to go until 2010. Meantime, legislation introduced to the U.S. House of Representatives last year by Rep. Rush Holt [D–N.J.] that would require voter-verified permanent paper ballots (amending the tech-friendly but misguided Help America Vote Act of 2002) is languishing in committee and will not impact this year's elections.