Wednesday, October 5, 2005

A possible push for e-voting audit trails

In the push for simpler to use voting systems, that use current technology, we've (the U.S.) have embraced touch screen voting in a big way. Sure, it's a big advance over using paper cards, a technology developed and perfected in the 1930's.

E-voting report could push audit trails (Published: October 4, 2005, By Declan McCullagh, Staff Writer, CNET

Last month a study headed by President Carter and former Secretary of State Baker was unveiled. In their recommendations was one to give national identification cards to everybody, presumably to give higher faith in the accuracy of one-vote-per-person.

However this current article goes into one of the lesser publicized recommendations. To insert "voter-verified audit trails" into the system.

The article doesn't go into what those audit trails might be. Of course it's a political, not a technical, recommendation.

My technical recommendation is for the touch screen machine to print a paper ballot. The touch screen machine would have zero long term storage, and not be connected to any tallying computer. Instead the paper ballot is what's counted. The printed ballot could be easy to scan with a computer, all one has to do is use a known font and locations on the page. This would make the system just as convenient as a purely electronic and computerized voting system, but with the added assurance to the voter that their vote is what they meant, plus its easily recountable in case of questions.

However, one concern remains even with such a scannable paper ballot. What of security holes in the computers used to tally the votes?

This was demonstrated during the 2004 elections. One hole is that the Deibold machines have modems in them, and the modems might well be unsecured allowing "anybody" to log into the computer remotely. Barring physical access is the first barrier to creating a secure system, but the Deibold tallying machines don't provide that barrier because of the modem. The next level of the problem is that the Windows-based software Diebold implemented itself is not secure. For example there would be known passwords used to log into the computer. Secondly, once someone is logged in they can easily modify the underlying data files without using the vote tallying software at all. Hence, even if Diebold did a good job of making their application software secure, it doesn't matter because someone with access to the computer (e.g. by calling the modem) can fiddle with the data file directly.

This points to another political requirement that's needed. That a thorough security audit be done by computer security professionals.

I'll note that security audits are easier when the voting system uses open source software. With a closed source system like Diebolds, the proprietary nature of the software business prevents outside experts from doing an adequate review. The details would be hidden in unrevealed software, and if you can't see the details then how can you adequately review them?