Though 2009 is an ‘off-year’ for most Federal elections, this November (like every November) is voting season for many local city and county offices, as well as a variety of state referendums.
Every voting year since 2000 (and some before) has raised the issue of voting accuracy, auditability, and security in current voting systems — particularly in electronic voting machines. The use of electronic voting machines has always been a decision of each local voting district, and so a variety of systems have been in use since the availability of electronic voting. Many districts have experimented with electronic voting, but switched back to paper ballots after counting irregularities or discovery of faulty algorithms in the systems. There is even a bill being debated in the House of Representatives that would ban all voting assistance machines that do not produce a paper ballot, primarily pushed by a group dedicated to providing ‘Voter Verified Paper Records’ in all elections.
Security in voting systems has been questioned on a variety of fronts. Many advocates in the United States call for open source code for voting machines; this is an idea that has been strongly resisted by existing players in the voting machine market. Other voter advocacy groups call for strict chain-of-custody rules for voting machines, or dismiss electronic methods altogether because of the risk of device tampering or malignant code. On top of other concerns is the possible anti-trust investigation of the company Election Systems & Software after their purchase of Diebold’s voting machine business.
While several voting, auditing, and verification standards have been developed and adopted by local municipalities, the National Institute of Standards (NIST) has been active in considering proposals and hosting open meetings on end-to-end voting standards for electronic voting. One of these meetings just concluded this week in Washington, D.C. Several other groups have hosted electronic voting security workshops, including security conferences (e.g., USENIX,
There are several security issues in electronic voting: voter authentication, visual verification, code integrity in voter tally algorithms, transmission security, and timing on both poll activity and vote count. One of the major threads of discussion and perhaps the root of security in electronic voting, however, is in audit. At the end of the day, if any irregularities occur in vote counting, transmission, or equipment failure, protection and relative anonymity of the voting record is the primary artifact needed in the forensic act of analyzing an election and its results.
For this reason, electronic voting is an important issue in secure processing and computing. Electronic voting machines should seek out methods to create auditable records for every voter, store them in some unalterable or anti-tamper fashion for a fixed period of time, provide multiple disaster-resistant back-up records, and still provide the degree of voter anonymity that is necessary to protect voter rights.
CPU Tech is excited about the possibility of addressing the challenges of electronic voting with our Acalis secure processor device and secure development environment, and integrating more of the failsafe features needed to support robust and accurate election capabilities.