How secure is your ballot?

Tomorrow, more than a quarter of voters will select their candidates using touch sensitive screens, and each vote will be stored electronically on digital storage cards, similar to those used in many digital cameras. There's a lot to love about these machines, from their ease of use to the new accessibility options they provide disabled voters. In almost every way, these new machines represent a quantum leap when compared with prior technologies, such as punch cards. Unfortunately, the security provided by the machines is a major exception to this rule.

In 2000, when the reliability of Florida's punch-card counting equipment was cast into doubt, election officials were able to visually inspect and hand count each ballot. Though some votes could not be counted because they were only partially punched, nobody was able to convincingly claim that one candidate's chad was consistently harder to punch than another's. Thus, while errors were present in the counting process, they were essentially random -- the votes lost by both candidates to the infamous hanging chads should have canceled each other out. With many of the new completely electronic systems, there is no reason to believe that the random errors inherent in earlier systems haven't been replaced with systematic directives to switch votes from one candidate to another.

Election officials claim that because each machine has to be both certified and tested before every election, such a vote switching scenario is extremely unlikely. However, since verifying the security of all but the simplest electronic systems is a completely unsolved problem, certifiers can only claim that a given machine is not vulnerable to a small set of predetermined attacks. Moreover, in the one instance where public examination of electronic voting machines was possible, a huge number of potentially exploitable vulnerabilities were discovered -- vulnerabilities that were not uncovered during the certification process. To their credit, election officials claim to have either fixed or mitigated the problems that have been discovered.

Unfortunately, many more problems may remain. There is no way to know.

With traditional paper-based systems, we don't have to rely on the security of the voting systems. Instead, in contested elections, the electronic counting technologies can be sidestepped by manually counting the original ballots. With electronic machines, these original ballots are replaced by bits on a storage card that is never seen by the voter. The machine could have recorded them incorrectly and no one would be the wiser. It's for this reason that many computer security experts have advocated adding a voter-verified paper trail to electronic machines. Even if the machines are programmed to cheat on the electronic totals, the paper can still be recounted. Other solutions, based on cryptographic constructions, go even further. Not only do they allow voters to verify that their vote was cast correctly, but they also allow the voter to ensure that their vote was actually counted.

However, as there's clearly not enough time to implement any of these solutions before this election, the best we can do is keep our fingers crossed and hope that everyone plays by the rules.

ADAM STUBBLEFIELD is a Ph.D candidate in computer science at Johns Hopkins University. In 2003 he was part of a team that discovered multiple vulnerabilities in e-voting systems.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Guest Commentary,   Security Audit, Compliance and Standards,   Data Privacy and Protection,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Guest Commentary Google hacking exposes a world of security flaws Eliminating the threat of spam email attacks Outsourcing IT services: Is it worth the security risk? How permanent is your storage solution? Honeypots can strengthen reconnaissance and lower intrusion noise Freedom of speech or lack of professional responsibility? This year compliance, next year control Senior security member explains his position on Abagnale Computer Security Institute's leader responds to Abagnale flap Spokesman or poster child? Data Privacy and Protection New data protection laws MA 201 CMR 17 enforcement less likely with prompt reporting, cooperation Information security book excerpts and reviews Quiz: Compliance-driven role management Interpreting 'risk' in the Massachusetts data protection law Strategies for using technology to enable automated compliance How to prepare for a FERPA audit How to find virtual machines for greater virtualization compliance Quiz: Virtualization and compliance Compliance in the cloud Data Privacy and Protection Research RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary cypherpunk  (SearchSecurity.com) Data Encryption Standard  (SearchSecurity.com) P3P  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.