[link to index of press clippings]

From
Science News

Ballot Roulette

Computer scientists and mathematicians look for better ways to vote


Week of Nov 4, 2006; Vol. 170, No. 19
By Peter Weiss


Two months ago, in primaries for governor and congressional and state legislative seats in Maryland, many trips to the polls became painful experiences. ...

As voters and election officials grapple with new technologies, ... scientists are uncovering evidence of flaws in some of the latest gadgetry and seeking ways to improve voting systems.

...

The technologies that underlie the U.S. voting system have undergone a huge change in the past 6 years. According to ... Election Data Services, ... the percentage of citizens using computerized-voting machines has climbed from roughly 12 percent in 2000 to an expected 38 percent in this Tuesday's election.

Although the machines have gotten a bad rap, human foibles contributed to the recent problems, and the electronic systems are in some ways an improvement over older technology. But whether they are the best option remains to be seen, and the search for the most practical and secure voting technology goes on.

"Five to 10 years ago, computer scientists weren't paying attention" to the technology used in voting, notes computer scientist David A. Wagner of the University of California, Berkeley.

However, ... computer scientists and mathematicians specializing in encryption are now avidly taking part in the search for dependable and inviolable voting technology. ...

...

Open sesame

The technological transformation now under way in polling places has its roots back in 2000. ...

Identifying the 2000 election debacle as partly a technology failure, Congress in 2002 passed the Help America Vote Act (HAVA), ... Under HAVA, many electoral districts across the country have purchased electronic-voting machines to replace punch-card equipment and mechanical voting machines. The electronic machines typically either scan a paper ballot ... or record voters' selections made by means of buttons ...

The latter class of devices, known as direct-recording-electronic (DRE) machines, is ... the one that's attracted the most criticism ... Several analyses dating back to 2003 have identified security vulnerabilities in DREs ... In the past 3 years, however, more than 20 states have adopted rules requiring that DREs print a record of each person's vote.

Except for their voting software and a few other modifications, DREs differ little from everyday personal computers. Researchers familiar with the vulnerabilities of ordinary computers say they've found insecure aspects of touch-screen voting machines made by Diebold Election Systems of Allen, Texas. The company's DREs will be the most widely used electronic machines in this Tuesday's contests. Investigators have uncovered evidence, for instance, of inadequate protections of vote tallies and other data, opportunities for tampering with authorization cards or other features of the system, and easy-to-defeat physical barriers, ...

A 2003 security analysis of DREs made by the top four vendors—Diebold, Election Systems and Software, Hart InterCivic, and Sequoia Voting Systems—found security flaws in all the machines reviewed. Compuware Corp. of Detroit conducted that study for Ohio.

In one of the most recent studies of Diebold machines, a team of Princeton University computer security experts installed a computer program that boosts the tally of one candidate at the expense of his or her opponents. The researchers introduced the vote-stealing software into a machine in their lab by means of a memory card that polling officials routinely insert and remove during their duties. Because poll workers using the Diebold machines monitor only the total number of people voting—which the tampering doesn't alter—the monkey business could go undetected, Felten says.

In the same study, Felten, Ariel J. Feldman, and J. Alex Halderman, all of Princeton, made a computer virus that can reside on the memory card, install itself along with the vote-stealing software in whatever machine the card is inserted into, and then later infect any new, uninfected memory card that gets plugged in. ...

While the possibility of a voting machine virus had been hypothesized by other researchers, the new study shows that the threat is real, comments computer scientist Douglas W. Jones of the University of Iowa in Iowa City. "It's a demonstration that needed doing," he adds.

The Princeton findings—and those of previous analyses of Diebold machines—may have implications for other brands of DREs, Felten says.

Fortunately, there's no firm evidence so far that hackers or other miscreants have exploited the vulnerabilities that computer scientists have identified.

Representatives of Diebold, one of the vendors most under fire for security weaknesses, contend that the company has tightened security of its machines in response to earlier findings. ...

Diebold also points to a 2005 academic study indicating that DREs, compared with older methods, substantially reduce numbers of spoiled ballots that can't be counted (http://vote.caltech.edu/media/documents/wps/vtp_wp25.pdf).

Brainstorms

While some researchers probe for flaws in specific voting machines, others are tinkering with ways to make electronic voting work better.

At a voting-technology meeting in Vancouver, British Columbia in August, a research team including Wagner suggested a way to reduce the complexity of the programs used in touch-screen devices. ...

In the new proposal, Wagner and his colleagues suggest a different procedure in which election officials mock up in advance all the possible ballot screens, ... On Election Day, the computerized voting machine simply displays the screens and records voters' responses.

...

The team's prototype user interface required a mere 293 lines of programming instructions. By contrast, the Diebold AccuVote TS machine contains some 14,000 lines of user-interface code, ...

Thinking outside the box of the electronic-voting machine itself, another team at the Vancouver meeting proposed a simple way to boost security of an election district's central computers.

Election administrators typically upload tallies from those computers to the Web for the public to see, notes Iowa's Jones. That practice may open them to attack from computer hackers prowling cyberspace. "If [attackers] infiltrated your system and put in software that can be switched on and off somehow, [incoming] messages as simple as 1 bit are a threat," Jones notes.

With just $20 worth of electronic parts, Jones and Tom C. Bowersox, an Iowa computer science undergraduate, created a device that halts any such incoming messages, allowing data to flow only from the secure election computers to the outside.

Their invention is a takeoff on a one-way valve called a data diode, which typically keeps data from flowing out of a secure computing system.

"Security [of computer systems] is complicated, and usually you wait until you get burned," says Jones. "I don't want to get burned on democracy."

From the crypt

Taking another, very different, approach to modern election problems, a small cadre of scientists has been researching novel balloting schemes that rely primarily on clever math. In the past couple of years, several teams have devised ways to combine the high-level formulas of cryptography with paper ballots.

...

Still, cryptography remains out of the mainstream of voting technologies. That may change, however, given a recent push by cryptographers to redesign their systems and bring them to public attention.

...

Today, the California Institute of Technology and MIT run a joint institute devoted to voting technology. Other universities participate in ACCURATE, a research collaboration on the topic. For the past 2 years, the National Institute of Standards and Technology has been developing voting-technology guidelines and is now preparing a program to certify testing laboratories for voting equipment.

...