Home Blog Ask This Showcase Commentary Discussions About Us Contributors Contact Us
Following up on an important GAO report on electronic voting
ASK THIS | November 28, 2005

A recent GAO Report on electronic voting systems points to a number of security and reliability problems in electronic voting. Many of these problems can only be remedied by system vendors and state and local election officials. What steps are your state and local election officials taking in response to the report?

By Lawrence Norden

lawrence.norden@nyu.edu

 

Questions for your state and local election officials raised by the Government Accountability Office Report: Federal Efforts to Improve Security and Reliability of Electronic Voting Systems Are Under Way, but Key Activities Need to Be Completed.

  

Q.  In September 2005, the GAO issued a report noting significant security and reliability problems in current voting systems.  What specific steps has your jurisdiction taken to address these problems?  What steps are they committed to taking in order to deal with these problems before the November 2006 and 2008 elections?

 

Q.  Precisely what resources do election officials need in order to address the voting systems concerns described in the GAO report?  Do they need better funding, technical support, training for staff, or changes in laws and regulations in order to address these concerns? Will they be submitting requests for resources needed? Will they share those requests?

 

Q.  What kind of security review was/will be done before purchasing new voting machines in your jurisdiction?

 

Q.  Does your state/county retain independent experts to assess the security and reliability of their voting systems, procedures and physical plant?

 

Q.  Do election officials have any way of regularly and effectively checking that software in their voting systems is certified and has not been altered or substituted?  If so, what do they do to ensure this, and how often do they do it?

 

Q.  What kind of security training do election officials and poll workers in your jurisdiction receive?  What kind of security certification must contractors and employees have? 

 

Q.  The GAO has identified several studies which show specific design flaws in electronic voting systems that threaten the integrity of elections.  Are your state and/or local election officials in discussions with vendors about fixing these flaws before the November 2008 election?

 

Much of the current debate over voting machine security and reliability has centered on the type of machines jurisdictions purchase.  Should it be Precinct Count Optical Scans, in which the voter fills in her choices by marking the ovals of a paper ballot with a pen, and then scans the ballot through an electronic machine?  Or should it be the Direct Recording Electronic Machine (“DRE”), which allows the voter to pick candidates by touching a screen or buttons on an electronic machine?  If the jurisdiction picks DREs, should it purchase machines that have a voter verified paper trail, or not?

 

Security experts, vendors and election officials will provide different answers to these questions.  But all should agree that, no matter which voting system is purchased, it will be vulnerable to serious security and reliability problems unless proper precautions are taken.

 

The GAO report identified a substantial number of security and reliability problems related to electronic voting systems, and it made clear that many of these problems can only be addressed by state and local governments and/or voting machine vendors.  One of the most important issues raised by the report is what steps state and local election officials will take in advance of the 2006 and 2008 elections to ensure the integrity of their voting systems.

 

The GAO report recommends that “[e]lection officials should focus on the security issues related to electronic voting equipment before purchasing or implementing voting systems.”  (p. 41).  It specifically recommends that in soliciting bids for voting machines, election officials demand proposals that include security requirements and evaluation and test procedures. (Id.).  The GAO report further recommends that election officials “should review lessons learned from recent elections and implement relevant mitigation steps to address known security weaknesses.”  (Id.).

 

But the sheer number of the concerns identified by the GAO report could easily overwhelm anyone, particularly someone without expertise in security issues related to electronic voting.   The wise jurisdiction (regardless of whether the electronic voting system has been, or is about to be purchased) will hire independent security experts to review the reliability and security of current or prospective electronic voting systems.  Specifically, such a review should cover the problem areas identified by the GAO report, including: (a) hardware and software design of the machines; (b) hardware/firmware and software configuration; (c) testing and certification of voting machines and software; (d) election procedures; and (e) security management. 

 

The need for election officials and/or consultants with security and technical expertise becomes apparent when reviewing the specifics in the GAO report.  Among other things, the GAO report identifies instances where “local jurisdictions misconfigured their electronic voting systems,” leading to voters being unable to vote in certain races, or having their cast votes lost. (p. 29).  As the GAO report notes, past Election Day system failures in California, North Carolina, Pennsylvania, Florida and Ohio have already caused thousands of voters to be disenfranchised.  (p.31).  The root cause of each of these failures was not always known.  However, having independent assessments by professionals with expert-level security and technical qualifications should make such mishaps less likely in the future.

 

Such technologists should also take steps to ensure that voting software installed at the local level has been qualified at the national and state levels.  The GAO report highlights the danger that unreliable or uncertified versions of software could end up on voting systems.  It notes that, in separate instance in California and Indiana, “state officials found that two different vendors have violated regulations and state law by installing uncertified software on voting systems.”  (p.37). 

Jurisdictions that have recently purchased, or are in the process of purchasing, electronic voting machines should be aware of the specific machine design problems identified in the GAO report.  Among other problems, the GAO noted that several examinations have shown that cast ballots and ballot definition files in many voting systems can be modified without leaving any record in the voting system’s audit logs.  It also noted that supervisor functions are often protected with weak or easily guessed passwords, and that these weak safeguards could be exploited in attacks against the integrity of elections.  Similarly, in many cases, the poor physical design of the hardware leaves it susceptible to attacks or accidental mishaps that could result in the loss of many votes. Voting machine vendors are responsible to election officials and the public to ensure that these and other vulnerabilities identified in the GAO report are remedied as soon as possible.

 Lawrence Norden is the author of the just published The Machinery of Democracy: Protecting Elections in an Electronic World (Academy Chicago Press), and is a counsel at the Brennan Center for Justice at the NYU School of Law.
E-mail: lawrence.norden@nyu.edu
Comments
Submit a comment - Jump to bottom of list

GAO Report

Voting - What Is, What Could Be
July 2001 report from the Caltech-MIT Voting Technology Project

Immediate Steps To Avoid Lost Votes
Recommendations from the Caltech-MIT Voting Technology Project.

On Verifying The Vote And Auditing Elections
Statement from the Caltech-MIT Voting Technology Project

Safeguarding the Vote
From the League of Women Voters

Recommendations for improving voting systems
From the Brennan Center

The perils of paperless e-voting
Stanford Professor David Dill on Niemanwatchdog.org

Questions about vote counting
Basic questions from Niemanwatchdog.org

Will your vote be counted?
Bev Harris on Niemanwatchdog.org
Martin Lobel
It’s time to do more than just say the economy is the No. 1 issue
If voters are to go into the midterm elections with any understanding at all, the press needs to get away from he-said, she-said reporting and look into the positions that candidates and the two parties are taking. Martin Lobel offers some vital questions.

William Claiborne
What a broken Senate looks like from far away...and why it matters
Our correspondent in Australia has ideas on how to improve things a little. But he’s not optimistic that anyone on Capitol Hill will be interested.

Steven Greenhut
How severe is the public employee pension problem across the U.S.? (Hint: Is a $3 trillion debt severe?)
Columnist and author Steven Greenhut looks at the ongoing pension issue, including abuses of it, and deals with some of the key questions.

Watchdog Blog
Herb Strentz
 Des Moines Fair Coverage, Part 2
Cleaning up in the wake of the 2010 Iowa State Fair will be daunting this year. In addition to the mess left by nearly 1 million visitors and thousands of farm animals, we have a continuing saga of news coverage that told of possible racial assaults and then, in Saturday Night Live fashion, appears [...]

Herb Strentz
 On ‘Beat Whitey Night’ in Des Moines
(Editor’s note: The incidents described here have become part of a developing story, as this Google link shows.) The Des Moines Register’s reluctance to identify criminal suspects or victims by race has turned into an outright refusal to do so. The closing night of the Iowa State Fair was marked by an observance not exactly on the [...]

Barry Sussman
 Justice Department Shows Its Mettle, Indicts Clemens
I got this note from a friend and colleague a little while after Roger Clemens was indicted by a federal grand jury on Aug. 19th: “And meanwhile, Condoleezza Rice, Donald Rumsfeld, CIA officials and others who lied to Congress in sworn testimony about Iraq go free. If we can ‘look forward, not backward’ on torture, perjury, [...]

Blog main page >>
Web Essentials
Leading journalism sites, blogs...
Enter your e-mail address
Spotlight On

TWITTER
Follow Nieman Watchdog on Twitter.
(Nieman Watchdog)

Telecoms charging more to do nothing
It's getting more expensive to have an unlisted phone number. What's the logic behind that?
(Center for Media and Democracy)

Prosecute those leaks
The Obama administration has indicted another alleged leaker, this time for reportedly passing along to Fox News an intelligence assessment that North Korea was likely to respond to U.N. sanctions by conducting another nuclear test.
(Secrecy News/Federation of American Scientists)

A broad array of massive financial crimes
As PRWatch.org shows, court-imposed settlements have only skimmed the surface of big banks' wrongdoing in the financial crisis.
(Center for Media and Democracy)

More Spotlights >>
Site Policies  |  Nieman Foundation Home  |  Harvard University Home | XML RSS |
© 2010 by the President and Fellows of Harvard College