This Tuesday San Diego County made history, becoming the largest U.S. metropolitan region to convert completely from paper to computerized voting in one election cycle. But the security of those votes just cast still hang like a chad in the political air since a paper audit of results need not be in place for two more years.
More than one disgruntled politician on election night questioned the security of information stored in those machines. Their suspicions were bolstered by months of intense debate between computer security experts and elections officials over how best to assure tamperproof e-ballots without creating voting chaos -- as was the case with paper-and-punch-hole votes during the 2000 presidential election that led to the reforms.
Citizens might enjoy voting booths with touch screens, but much remains uncertain about the security of e-voting data and whether cash-strapped municipalities can meet recommended, potentially costly security standards.
Diluting confidence was January's admission from VoteHere Inc., a Washington-based company that develops security technology for election voting, that sensitive software blueprints were stolen during an attack last fall. That intrusion may be linked to the March 2003 theft of source code from Diebold Election Systems of Ohio, which was broadcast on the Internet and found to contain serious security vulnerabilities.
At a recent symposium sponsored by the National Institute of Standards and Technology, security experts advocated better products -- not just procedures -- to ensure accurate and auditable e-votes.
"Good procedures are no excuse for deploying machines that are grossly insecure," says Avi Rubin, technical director for Johns Hopkins University's Information Security Institute.