[Engineering Feature]
The Ballot Is Open On Electronic Voting
E-voting will play a key role in the upcoming U.S. national election, despite ongoing charges that electronic voting machines are rife with security flaws and may be susceptible to EMI.
PUNCH CARDS IN OHIO Ohio's Franklin County, which includes Columbus, has been using DREs for 10 years. But Ohio said in July that it would not use Diebold's e-voting machines in the state for this year's general election. The decision was based on preliminary findings from a second round of security testing conducted by Compuware showing evidence of previously identified, but still unresolved, security issues. Despite Florida's experience, James Lee of the Ohio Secretary of State's office says that 69 of the state's 88 counties will use punch cards in the upcoming national election.
The Compuware study, conducted last year, identified risks in each of the four machines it analyzed. Test scenarios varied by vendor because the vendors' DRE systems are set up differently, but the study indicated flaws in each machine tested. According to the study, Diebold's AccuVote-TS supervisor card has an associated PIN provided by the company. Compuware discovered that the PIN is 1111 for all cards issued nationwide, suggesting that an unauthorized person with knowledge of this PIN could gain access to a supervisor card and use it to access the machine's supervisor functions. The study also found that an unauthorized person with access to Diebold's Global Election Management System (GEMS) server could then access the database and change ballot definition files and election results.
The ES&S Tally program, according to Compuware, has an "add-on" feature for collecting data from a broken machine, a function that can be repeated multiple times for the same machine, resulting in overcounting of votes. Another risk was that election results for ES&S's iVotronic machine might be uploaded to its system software multiple times, resulting in overcounting votes.
Compuware also found problems with Hart InterCivic's eSlate 3000 e-voting equipment (Fig. 1), what the company calls its Judge's Booth Controller (JBC). The JBC is connected to each of the company's eSlate 3000 voting machines using a daisy-chained cable. Compuware says the daisy-chain connection between voting units is accessible to the voter and can be disrupted by simply disconnecting a serial port. Once disconnected, the JBC must be power-cycled to bring the disconnected eSlates back on line. The risk, says Compuware, is that any unauthorized person can disconnect the daisy-chain connection, causing a disruption in voting.
In addition, access to supervisory functions in the eSlate 3000 is limited to opening and closing the polls and is controlled by physical access to the JBC and an option password. No warning is provided if the user tries to close the polls before the scheduled closing of the election. If the polls close prematurely, according to Compuware's tests, all eSlates attached to the JBC will be closed, potentially allowing any unauthorized person to access the JBC and close the polls prematurely. Hart InterCivic says it recently made design changes to its e-voting booth that improve its physical security and add intrusion detection. The company also says the processes were changed for its customers, and training procedures were updated to cover issues in the Compuware report.
Compuware also found that Sequoia Voting Systems' AVC Edge can be shut down using a switch on the back of the model without a password. According to tests, anyone could gain access to the AVC Edge while it's being transported to an election site or while in storage.
A HISTORY LESSON E-voting machines actually can be traced all the way back to 1964 with the Harris Votomatic, which was used in Georgia, Oregon, and California. IBM bought the Harris operation but didn't stick with the voting business very long. Other major industry companies have also taken a crack at the field.
Unisys Corp. has worked with Dell Corp. to develop a voting machine, and Microsoft, Cisco Systems, and Compaq Computer invested in the development of an Internet voting system. Sequoia Voting Systems has provided election services for more than a century and e-voting machines for the past 25 years. The touchscreen version of Sequoia's voting equipment has been around since 1999.
So, how well have e-voting machines worked in past elections? According to Professor Rubin, they seemed to have been rather effective in the 2002 congressional election, and most of the major vendors say they've corrected technical problems found by Compuware and from other studies. "But there's really no way to know," says Rubin. "If the machines record votes incorrectly, we would never find out."
Diebold remains the system of choice in several states and counties, despite all of the critical analysis and bad press. Bloomberg News reported that in March, about a third of 1600 polling places in San Diego County opened late because batteries in Diebold machines ran low. Also, Diebold e-voting machines in Orange and Alameda counties in California caused hundreds of voters to get the wrong ballots because their smart cards, used to register their votes, were coded incorrectly.
Reprints
