Saturday, October 23, 2004
This November, as many as 50 million Americans could vote for president using some form of electronic touch-screen system, the vast majority of which have been designed by McKinney, Texas-based Diebold Election Systems. That has some IT and security researchers holding their breath because of the faulty track record of Diebold's technology and a government-endorsed testing and certification process that they say is deeply flawed.
Those critics say that direct recording electronic (DRE) voting systems remain vulnerable to manipulation and malfunction, particularly in states that have ignored some recommendations of independent researchers, like Maryland has.
State election officials, on the other hand, say they are confident that appropriate safeguards are in place to ensure the security and accuracy of the 2004 vote.
Among the most pressing issues cited by critics are a lack of technical standards governing DRE software development, the failure of the government to impose transparency on the software testing and certification process, and the lack of technical security knowledge throughout the many state and local jurisdictions that oversee elections where DREs will be used.
One of the most critical aspects of the voting system development process is the testing and certification of hardware and software to ensure that they meet voluntary federal voting standards for security and reliability. Three vendors act as so-called independent testing authorities (ITA). However, IT experts are highly critical of the testing process because of its secrecy.
"Election officials are buying a software package, and there's not a lot of transparency," says Rudisin. "With voting software, you pretty much buy a pig in a poke."
Ciber Inc. in Greenwood Village, Colo., and SysTest Labs LLC in Denver act as the two software ITAs. Wyle Laboratories Inc. in El Segundo, Calif., is the hardware ITA. All of them refuse to provide details on how they test the voting equipment or on their findings.
"The ITAs that test these machines are hired by the vendors, so they are not independent and not neutral," says [Avi] Rubin
a fairly long article from
Computer World - October 18, 2004
E-vote at Risk
They also have a Sidebar: Where E-voting Went Wrong
featuring such gems as
5. Orange County, 2004: Hart InterCivic Inc. DREs trip circuit breaker and shut down when batteries die; voters are turned away from the polls.
6. Orange County, 2004: Hart access-code confusion causes 7,000 voters to receive the wrong ballots.
7. San Diego County, 2004: Diebold DREs lose votes; control modules fail to start up properly.
8. Bernalillo County, 2002: Insufficient memory results in failure to count 12,000 of 48,000 votes.