I just got back from
Defcon, and while I was there I saw a great lecture called "Hack the Vote: Election 2004" by
Rebecca Mercuri and
Bev Harris. They spoke about the problems with the current electronic voting machines and why we need a user verifiable paper trails.
Bev Harris spoke first and told a story about she heard evidence of problems with electronic voting equipment. When she started investigating further she found all kinds of scary information about past problems with electronic voting machines from Diebold and Sequoia Voting Systems. For example, she found that the voting tabluation software provided by Sequoia Systems is written in VisualBasic Script, using an Access backend. Votes can simply be changed by opening the Access database and modifying the vote table. If that's not amazing enough, the table doesn't use a primary key, so you could delete a whole block of votes, and there would be proof that the votes ever existed. To make matters worse, in 2003 a vendor selling Sequoia equipment left the software in an unprotected FTP directory.
Diebold has similar problems, such as using "1111" as the secure password to access the backend administrative functions. The soure code for the Diebold systems were left on an unprotected website, which was then later analyzed by Avi Rubin, the directory Information Security Institute at John Hopkins University, who concluded that a talented 15 year old could rig the system and vote multiple times. Diebold machines were also decertified by the State of California when it was found that uncertified software patches were installed on some machines prior to the March 2004 Primary Election.
So, sure, the software is buggy and insecure, but has that actually led to any problems? According to VerifiedVoting.org, yes. In March 2002, Wellington, Florida held a run off election with only two candidates on the ballot. The election was decided by four votes, but 78 ballots were found to have no recorded vote. Elections Supervisor Theresa LePore came to the conclusion that 78 people must have come to their polling place, yet chose not to vote for either candidate in the only race. More examples of e-voting malfuctions can be found in a
PDF document on VerifiedVoting's website.
The second part of the lecture was delivered by Dr. Mercuri who discussed the need for Voter Verified Paper Audit Trail. This paper trail could simply be a print out of the voters choices that once approved drops into a sealed box giving a backup method of verifying the electronic voting results.
This paper trail is currently be considered as a requirment before more electronic voting machines can be approved for use in the State of California. If a county finds that it's existing equipment cannot produce a paper trail they must provide paper ballots on request.
I know I'm going to come off as a hand waving activist here, but if you think it's import that your vote is counted as you intend, you need to get involved in your county's election process. Read some of the URLs I've included, and then make your own decisions if electronic voting can be trusted. If, like myself, you don't think evoting is secure, get involved. Volunteer to be a poll worker, or join VerifiedVoting.org's
TechWatch program to monitor the vote count on November 2.
Related websites/articles:
http://msnbc.msn.com/id/5353926/
http://www.blackboxvoting.org/
http://www.notablesoftware.com/evote.html
http://www.verifiedvoting.org/