Home > Prominent Studies Show that Paperless Electronic Voting Systems are Vulnerable to Tampering and Failure

Prominent Studies Show that Paperless Electronic Voting Systems are  Vulnerable to Tampering and Failure

A number of studies and policy papers have concluded that paperless electronic voting systems also known as direct recording electronic (DRE) machines are vulnerable to tampering. Five of the more prominent studies are reviewed here.

Brennan Center Task Force on Voting System Security

In late June of 2006, The Brennan Center Task Force on Voting System Security, an initiative of the Brennan Center for Justice at NYU School of Law, released a report, “The Machinery of Democracy: Protecting Elections in an Electronic World.” The report was prepared by government and private sector scientists, voting machine experts, and security professionals drawn from the National Institute of Standards and Technology (NIST), the Lawrence Livermore National Laboratories, and leading research universities.

The researchers systematically analyzed the security vulnerabilities in all three of the nation’s most commonly purchased electronic voting systems: electronic machines (DREs) with a voter-verified paper record, without a voter-verified paper record, and precinct-counted optical scan systems (PCOS). The report surveyed hundreds of election officials around the country, categorized over 120 security threats, and evaluated countermeasures for repelling attacks.

The report’s authors concluded that all three of the nation’s most commonly purchased electronic voting systems are vulnerable to software attacks that could threaten the integrity of a state or national election. The authors also concluded that these security threats could be significantly mitigated by taking some specific countermeasures such as mandatory audits of paper records, parallel testing of DRE machines, solid practices with respect to chain of custody, and the banning of all wireless components on all voting systems.

Carter-Baker Commission on Federal Election Reform

In 2005, the Commission on Federal Election Reform was established to research the state of elctions in the United States and offer re recommendations for improvement. The bipartisan commission was led by former Democratic President Jimmy Carter and former Republican Secretary of State James Baker. In September 2005, the commission released its broad set of reform proposals covering a wide array of election issues. Key among them were the issues presented by voting technology.

The commissioners surveyed existing reports, academic studies, and other material to formulate their recommendations for DRE technology. They concluded that the benefits of DREs were offset by a lack of transparency and noted that DREs do not allow voters to check if their ballot is recorded correctly and that some DREs have no capacity for an independent recount. In their final report, the commissioners recommended that Congress pass legislation requiring all voting systems to produce a voter verified paper record and that states adopt formal auditing procedures to reconcile any disparity between the electronic ballot tally and the paper ballot tally. The text of the recommendations follows:

Congress should pass a law requiring that all voting machines be equipped with a voter-verifiable paper audit trail and, consistent with HAVA, be fully accessible to voters with disabilities. This is especially important for direct recording electronic (DRE) machines for four reasons: (a) to increase citizens’ confidence that their vote will be counted accurately, (b) to allow for a recount, (c) to provide a backup in cases of loss of votes due to computer malfunction, and (d) to test-through random selection of machines – whether the paper result is the same as the electronic result. Federal funds should be appropriated to the EAC to transfer to the states to implement this law. While paper trails and ballots currently provide the only means to meet the Commission’s recommended standards for transparency, new technologies may do so more effectively in the future. The Commission therefore urges research and development of new technologies to enhance transparency, security, and auditability of voting systems.

 

States should adopt unambiguous procedures to reconcile any disparity between the electronic ballot tally and the paper ballot tally. The Commission strongly recommends that states determine well in advance of elections which will be the ballot of record.[1]

2005 GAO Study on Election Machine Security and Reliability

In 2005, the Government Accountability Office (GAO) re released an extensive report assessing the significant security and reliability concerns that have been identified with electronic voting systems. The report, entitled “Federal efforts to improve security and reliability of electronic voting systems are under way, but key activities need to be completed,” surveyed over 80 studies and research reports related to the security of electronic voting systems and focused on systems associated with vote casting and counting. The report noted that these studies listed a number of potential security flaws including weak security controls, system design flaws, inadequate system version control, inadequate security testing, incorrect system configuration, and poor security management.

In characterizing some of the studies, the GAO noted that “studies found (1) some electronic voting systems did not encrypt cast ballots or system audit logs, and it was possible to alter both without being detected; (2) it was possible to alter the files that define how a ballot looks and works so that the votes for one candidate could be recorded for a different candidate; and (3) vendors installed uncertified versions of voting system software at the local level.”[2]

In their conclusion, the authors of the report noted that their review “pointed to a situation in which vendors may not be uniformly building security and reliability into their voting systems, and election officials may not always rigorously ensure the security and reliability of their systems when they acquire, test, operate and manage them.”[3]

Johns Hopkins University Information Security Institute Technical Report

In 2003, computer science professors from Johns Hopkins University, led by Dr. Avi Rubin, released one of the first widely circulated reports analyzing the security standards of a DRE system. In their report, “Analysis of an Electronic Voting System,” which reviewed Diebold’s AccuVote-TS systems, they found a string of vulnerabilities making the machines susceptible to tampering. For example, to operate the Diebold machines on Election Day, poll workers provide voters with “smartcards,” which are required to be entered into the machine to record a vote. The study found that it would be relatively easy for somebody to program their own “smartcard” and manipulate data. They also found that someone could intercept machines’ transfer information electronically and discover red weaknesses in the programming code. Dr. Rubin stated that he would have flunked a first-year student who turned in a program with such weak code.[4]

The Johns Hopkins study sparked a flurry of concern. The state of Maryland commissioned RABA Technologies to examine and critique the study. In its re review, RABA Technologies called for a “pervasive rewrite” of Diebold’s code.[5]  The study was also reviewed in a report entitled “Risk Assessment Report Diebold AccuVote-TS Voting System and Processes” prepared by Science Applications International Corporation, which also identified problems with the AccuVote-TS source code.[6]

May 2006 Black Box Voting Report on Critical Security Issues with the Diebold TSX

In May 2006, Finnish computer security expert Harri Hursti working with the organization BlackBoxVoting.org released a report documenting several security issues with the Diebold electronic voting terminals TSx and TS6. According to the report, “the security threats seem to enable a malicious person to compromise the equipment even years before actually using the exploit, possibly leaving the voting terminal incurably compromised.”[7] In other words, a computer hacker, doubling as a poll worker, would only need a few seconds of physical access to the machines to introduce a virus to the software by putting a memory card inside of the machine. Because the memory cards are transferred from one machine to another, this could cause the machines to fail or to simply change the vote outcome by switching votes.[8]

Computer scientists who work in the field reacted with shock at the extent of the vulnerability. Michael Shamos, a computer science professor at Carnegie Mellon University and long-time proponent of electronic voting machines, said: “It’s the most severe security flaw ever discovered in a voting system.”[9] Dr. Rubin, the computer science professor at Johns Hopkins and co-author of the previously mentioned study exposing technical flaws in a Diebold voting machine, said he feared that the latest security problem could be serious enough to cause an Election Day “meltdown” that could put precincts of machines out of action.[10] “It is like the nuclear bomb for e-voting systems,” Dr. Rubin said. ”It really makes the security flaw we found in [prior years] look trivial.”[11]