Should voting go paperless?

When voters go to the polls in November, they will face any one of several voting machines. What remains unclear is how many voters will end up using the increasingly controversial touch-screen machines. For those who do, the question is whether they will see any paper record of their vote.

The debate about the systems is growing louder as the election nears, and there is widespread disagreement about them, even within specific groups. Some computer scientists consider them to be vulnerable to malicious code, while others don't. Many election officials like the machines, while others voice security concerns.

The Election Assistance Commission held its first public hearing last week to discuss the risks and advantages of the electronic voting systems. The commission was created by the Help America Vote Act of 2002 (HAVA), which was passed in response to the Florida voting debacle in the last presidential election.

The hearing came the week after California Secretary of State Kevin Shelley decertified all touch-screen voting systems in his state and urged the attorney general to file criminal charges against Diebold Inc. for allegedly lying about the certification status of its equipment.

In California, counties that want to use the machines will either have to implement a paper record system in time for the November election or adopt 23 other security measures for Shelley to recertify their machines, he said. Touch-screen machines and related equipment caused problems in some California counties during this year's primary election, including a malfunction that forced more than half of San Diego County's polling places to open an hour or more late.

Direct recording electronic (DRE) machines, made by several companies, are widely acknowledged to solve some persistent problems that other voting systems do not, including access for voters with disabilites and prevention of voter errors.

However, some computer scientists have insisted that the machines are vulnerable to fraud. An unscrupulous programmer working for one of the machine's vendors could add code that would convert some votes for a particular candidate into votes for the opposing candidate, said Aviel Rubin, a Johns Hopkins University professor. That's a scenario that vendors and other supporters of the system say is far-fetched.

"A few critics have tried to play to the fears of many Americans by spreading myths, misinformation and conspiracy theories, but frankly, the facts are irrefutable," said Harris Miller, president of the Information Technology Association of America, in a written statement. "Electronic voting systems work, and work well."

Miller specifically criticized Rubin.

Rubin backed off some of his fears after serving as a volunteer at a Maryland polling place in the March primary. However, he still maintains that the systems are vulnerable and believes that the paper receipts should be required. Rubin also argues that vendors should have to open their code to public scrutiny, rather than keeping it proprietary. As it stands, vendors control too much of the process, he said.

Diebold officials have not made their source code available; however, it was posted on a Web site. Rubin reviewed that code and found vulnerabilities. And he said it is impossible to assess whether competing machines are more or less secure because companies won't allow him to study their code.

"I am a strong proponent of opening these machines to scrutiny," he said.

Mark Radke, director of marketing at Diebold Election Systems, said that many fears about DREs are theoretical. He emphasized the ability of the machines to alert voters to common errors such as overvoting — selecting too many candidates in a race, which will make the ballot invalid — or neglecting to vote in a race.

Voters have to weigh strong security against an unattainable ideal of perfect security, said William Welsh, a board member of Election Systems and Software, one of Diebold's competitors.

"Nobody would buy a safe that can be easily opened, but everybody buys a safe that can be cracked" by a determined thief, he said. "The same holds true for voting systems."

META Group Inc. analyst Amy Santenello, who was not at the hearing, said poorly trained poll workers are the most significant problem for jurisdictions adopting DREs.

Without training, workers are likely to make mistakes, such as the Florida crew that locked up their machines at the end of the day during the 2002 midterm elections without realizing they had to transfer the vote data to a centralized computer to be tallied, Santenello said. In that case, the mistake was discovered in time for the votes to be counted.