E-voting: What can go wrong

Voting machines of all stripes have remarkably similar flaws and though geographically scattered, inaccurate tallies of votes are not likely to flip a whole presidential election, there is a "nightmare scenario" that could. Meanwhile on the state level, security issues have already popped up in the wake of various states' deployments of direct-recording electronic (DRE) voting machines.

Edward Felten, a go-to expert witness on some of the major security and software issues of our time, tackles these and other e-voting topics in the following interview.

[ For more on how technology is reshaping the race for the U.S. presidency, see InfoWorld's special report. ]

Felten is professor of computer science and director of the Center for Information Technology Policy at Princeton University in New Jersey, a state where he has given testimony in a class-action lawsuit involving voting machines. The suit, Gusciora v. McGreevy, was filed in 2004 and charges that DREs are illegal. It cites state law concerning accurate vote counting, but will not be resolved before the November elections.

Felten has been actively involved in a variety of major security and software cases and issues. In 2006, he and several students were able to hack into a Diebold Election Systems (now Premier Election Solutions) voting machine, and reported on the results. Felten was also involved in the U.S. government's antitrust case against Microsoft.

The IDG News Service interviewed Felten in his Princeton office a week before the 2008 presidential election. A Sequoia AVC Advantage voting machine, bought on the Internet and studied by his colleagues, was parked in a conference room around the corner. An edited transcript of the interview follows:

IDGNS: The New Jersey voting machine case revolves around Sequoia machines; you also hacked into a Diebold machine a few years ago and reported your findings. Are there different types of problems to expect depending on the machine manufacturer?

Felten: It's actually been remarkable how similar the problems have been from one manufacturer to another. There have been quite a few machines studied now by independent computer scientists. You see a lot of the same problems across the board.

IDGNS: What are those problems?

Felten: You see issues with the security and reliability of the machines, and that basically all comes down to the fact that the machines are computers and store the records of votes only in electronic memories that the voter can't see. And so there's a problem of how you can be sure that the software is recording correctly, in the way that the voter wanted them to be.

IDGNS: How hard was it to hack into the Diebold machine?

Felten: It's something that anybody who has technical skill could do, something that say, any of our computer science majors here would have the technical skill to do. What we showed was all that someone would need is physical access to a machine or to one of the removable memory cards that it uses for about a minute, and then the machines were susceptible to computer viruses of the same general type you see on PCs.