The debate over the security of electronic voting machines hasn't gone away after November's elections in the U.S.
In Florida, Christine Jennings, a Democratic candidate for U.S. House of Representatives, is pressing forward with a lawsuit asking for a revote. More than 18,000 people in Sarasota County, Florida, voted in other races on the ballot, but e-voting machines from Election Systems & Software Inc. didn't record a vote in Jennings' race, which she lost by 369 votes.
Meanwhile, in early December, the Technical Guidelines Development Committee (TGDC), an advisory board to the U.S. Elections Assistance Commission, voted to draft requirements for independently verifiable voting records, such as paper printouts, to be used with direct record electronic (DRE) machines.
Groups like the Association for Computing Machinery (ACM) have long been calling for independent audits for DREs, and Eugene Spafford, chairman of the group's U.S. policy committee, says there's still work to be done to ensure accurate e-voting. Spafford, a widely recognized computer security expert and executive director of the Purdue University Center for Education and Research in Information Assurance and Security, recently spoke to IDG News Service about e-voting security and reliability. An edited transcript of that interview follows.
IDGNS: Even with the TGDC's vote in December, an independent audit requirement would still be years away. What needs to be done sooner to improve e-voting security?
Spafford: Any equipment that's deployed should have something like that in place before the next election. Not all jurisdictions have finished their acquisition of new [voting] technology, so the vote may guide them in their decision. It may also help the vendors. Although it may be two to three years before the federal requirements take full effect, the trend is clear already.
IDGNS: One of the concerns at the TGDC meeting focused on the potential for e-voting machine printers to fail during elections. Are there other ways of creating independent audits?
Spafford: One of the things that needs to be clarified is, there are a number of different ways of using paper as an audit trail. There is indeed concern, and rightfully so, over simply tacking on a printer to an existing DRE. Those printers were never really designed for reliability. They jam and can cause problems.
The goal should be to design systems carefully with the fault levels in mind and an appropriate way of using paper, if that's the mechanism. Systems that mark individual ballots for optical scan is a form of paper that's auditable. They don't lead to the kinds of jams or problems that one would see with thermal paper printer roles. If you look at it as a design issue, there are many ways of using paper appropriately that don't have the disadvantages.
Other than paper, a number of different ideas have been discussed. For instance, one method that's been talked about is to have a video recording of the screen. A couple of ideas involve a cryptographic algorithm to create a kind of cryptographic receipt. Some of those ideas have raise concerns about preserving the anonymity of voters.
IDGNS: Some of those ideas don't sound like they'd get around the "black box" question with e-voting -- that people don't see what's going on in the machine.