E-voting faces a test at the polls

NIST works on standards as debate continues over systems’ reliability.

During polling hours on Nov. 7, the political focus will shift from promises, pronouncements and recriminations to results — and not just for the candidates.

Election Day also will serve as a referendum on a critical issue that isn’t even on the ballot: whether electronic voting systems have earned voters’ trust and whether they provide accurate, efficient results.

From a technology perspective, federal and private election system analysts agree that existing equipment does provide potential opportunities for hacking. Federal voting system standards, recently reinforced, are on track to suppress more of the flaws in time for the 2008 general election, according to National Institute of Standards and Technology officials who are developing the new standards.

Federal and state officials who endorse the use of electronic voting systems point to improvements in accessibility and usability that electronic systems have brought to the polling process. They hold that the new equipment offers fewer opportunities for abuse than paper ballots and that it has improved security.

Opponents, including some elected officials and independent analysts as well as scholars and commentators, marshal conflicting technical arguments and anecdotes to support their cases.

Attention to election integrity skyrocketed after the disputed 2002 election.
Congress took action by passing the Help America Vote Act of 2002, which mandated better voting technology standards and, over the past four years, has funneled more than $3 billion to states for new voting equipment and other reforms.

HAVA established the Election Assistance Commission to oversee the process and directed NIST to lead improved equipment standards as well as provide technical support to the commission.

HAVA mandated a Technical Guidelines Development Committee, led by NIST, to provide advice to the commission and develop the standards.

“The standards are geared for states to acquire voting systems that are secure, reliable, usable and accessible,” said Mark Skall, NIST’s Software Diagnostics and Test Center director, who oversees voting system standards work.

NIST already has updated standards previously issued by the National Association of State Election Directors in 2002, and expects to clear dramatically improved guidelines next year.

While the existing standards progressively have improved the process that testing laboratories use to evaluate voting equipment, Skall said, there are vulnerable areas that the new standard will address.

“Clearly, there are issues with security,” Skall said. “There are issues with wireless [communications in the voting systems], for example. These are the issues that the TGDC is looking at right now.”

The 2007 standards will impose stringent provisions for the use of secure wireless components in voting systems, Skall added.

“One of the things we have done is have threat assessment workshops,” he said.
“There is a potential for [malware attacks], but that doesn’t mean they have happened.”

Skall noted, “All of this [voting system development] is a trade-off between the potential liability [for attacks] and the cost of fixing the systems.”

NIST will develop standards that will improve the systems without putting their cost above what state officials can pay.

Skall said existing standards need several important enhancements.

One area of vulnerability is access control. The new standards will specify the need to provide role-based access that would limit the systems’ use to approved persons.

Another critical capability that voting systems need is independent verification, entering every vote twice to allow effective recounts, Skall said.

“Right now, the only form of independent verification is paper records, but there are many problems with paper,” Skall said.

He noted that paper can jam, that it is not accessible by blind people and doesn’t foster quick, efficient recounts.

“Another area is open-ended testing, which would look at back doors and glitches,” Skall said. “We are looking for any problems and techniques [that could be used to misuse the systems].”

“The way computer systems work, there is never any guarantee that any system will be completely secure,” Skall said. “That’s why we have to be diligent in testing the systems.”

NIST doesn’t test voting systems. But it does help EAC certify commercial labs for their capability to test the gear. Two labs have interim certification now, and officials expect others to apply.

Although EAC has produced certification guidelines, HAVA does not require states to certify voting machines.

Even with the work at NIST, many critics of electronic voting remain.

The Brennan Center at New York University Law School sponsored a technical analysis of the systems. The school billed the report as the first such study to examine all the e-voting hardware and software.

Deborah Goldberg, the center’s Democracy Program director, tied technical problems pinpointed in the report to inadequate federal funding for HAVA reforms.

Before, during and after

The problems, according to the report, include insertion of corrupt software into machines before Election Day, wireless and other remote attacks on voting machines on Election Day, attacks on the tally servers that add up votes from several precincts and denial-of-service attacks.

“I would say that the localities that have responsibility to implement HAVA are not getting nearly the resources or support they need,” Goldberg said.

The funds should go to help local officials purchase good equipment and adopt security countermeasures for voting equipment that the center has pinpointed, she said.

Goldberg also emphasized the need for federal funding to improve training for poll workers so they can help voters use the equipment properly.

The report described technical countermeasures that local and state officials could adopt to offset the security flaws but said few jurisdictions had done so. The center analyzed more than 120 possible attacks on voting systems.

Some believe HAVA has been successful.

“I believe we have made good progress,” said the election commission’s chairman, Paul DeGregorio. “The money given to states is being used well to improve education [and provide equipment]. We have seen more reform in the past six years than in [the previous] 200.”

DeGregorio added, “It worries me a great deal that all these academics are out there who take a voting device, open it up and say, ‘I can hack into the device.’ They are not looking at how the machines are secured,” DeGregorio said. “I fear that a lot of this criticism may discourage voters from participating.”

On Nov. 7, the invisible ballot choice on the integrity of voting equipment will partly be reflected in the scale of voter participation, as well as in reports of any system failures. Until then, it’s all technical electioneering.