May 16, 2006
Latest Security Vulnerability in Paperless Electronic Voting
Underscores Urgent Need for Paper Trail; Auditing
A critical security vulnerability has been brought to light in Diebold touch screen voting machines, just as several primaries are about to occur.
According to the report (available in redacted version at www.blackboxvoting.org) by computer expert Harri Hursti, the machines have insufficient protection to prevent malicious firmware from being installed. If bad firmware were installed, it would be difficult to detect, and it might be difficult to install new clean firmware. A wide variety of poll workers, shippers, technicians and so on, have physical access to voting machines at various times; any of these people might be able to use that access to install bad firmware.
Shockingly, news of the security flaw was topped off on Monday with news that both Diebold and the State of Maryland have been aware of the security vulnerability for at least two years.
Diebold's confidence in election officials is heartwarming. But what really matters is the confidence of the voting public. What are these same election officials to do when disgruntled candidates question the results of their elections? They cant point to federal and state safeguards, which completely overlooked this glaring problem. In most places using Diebold touch screen machines, there will be no voter-verified paper records to recount. In those jurisdictions in particular, Diebold has left election officials with no method to defend themselves or their elections when questions arise.
It is easy for people to learn the wrong lesson from this incident: that we need more stringent computer security. More stringent security is desirable (depending on how much it costs), but wont solve the real problem. The cause of the real problem is the use of paperless electronic voting, which is fatally flawed as a concept. Modern computer systems cannot be made sufficiently secure to handle all-electronic voting with secret ballots. Mistakes or tampering at any level, from the software to the circuits in the chips can change electronic votes, undetectably.
This incident is just one of many, involving products from many different manufacturers. It wont be the last. Indeed, such problems will never end as long as paperless electronic voting is in place.
Suppose we had the best possible practices, such as thorough background checks of the ownership, management, and employees of vendors, meticulous and intrusive reviews of the design and manufacture of the equipment by truly independent experts, and so on the kinds of measures used for regulation of gambling equipment. Even these measures would not eliminate programming errors and security holes. Even in a best-case scenario, there will always be people who can hack the machines (including the programmers who write the code in the first place). Voters will never know whether their votes were recorded and counted accurately.
Given the current state of technology, elections cannot be trustworthy unless there are voter-verified paper records of the votes and a significant portion of those paper records are manually counted to check the machine counts. We cant guarantee that machines will always function correctly, but each voter can make sure that his or her vote has been correctly recorded on paper (preferably by the voters own hand).
Every jurisdiction with voter-verified paper records (paper ballots or paper audit trail printouts verified by the voter) should publicly carry out a manual audit, after the initial vote count is reported, with random selection of the areas to be counted. Voters should encourage their election officials to carry out such an audit regardless of whether it is required by law in their state in order to check the voting system for accuracy. Currently, more than twice as many jurisdictions offer voter-verified paper records than there are jurisdictions that require audits.
Whatever you do, dont let these problems discourage you from voting. If you dont vote, you can be sure that your vote wont count. Instead, contact your elected officials and the candidates and make sure they understand that paperless electronic voting must be replaced with systems that provide a voter-verified paper record that is manually audited our democracy depends upon it.