Fixing E-Voting

Thursday, two esteemed colleagues from the USACM Public Policy Committee, Barbara Simons and Ed Felten, two experts on computers and voting machines, testified in a Congressional hearing on electronic voting. More specifically, they stressed that we need a voter verifiable paper audit trail (VVPAT) or a or voter verified paper ballot (VVPB) for these machines. This isn't anything new; unfortunately, it just takes this long for Congress to start listening to this type of concern when it's already been a serious problem for a few years.

Two weeks ago, Dr. Felten and his staff at Princeton, released a report based on a study they conducted on the Diebold AccuVote-TS, a Direct Recording Electronic (DRE) device, that proved that this particular machine could be hacked in under a minute with "little if any risk of detection."

So yes, when the Diebold people (a company run by active, known Republicans) told Bush they would "deliver Ohio", they could have meant they would make sure he won there. Felten noted that "injecting a virus into a single computerized voting machine can affect an entire election." In other words, the people who were out there on the fringe saying Bush stole two elections could be right. (I'm not saying they are; I'm only saying it's now been scientifically and technically proven that it was a possibility.)

Here's a simple scenario on how it would work (so easy a dog could be trained to do it):

1) E-Voting machine is delivered to polling place and/or poll worker the week of the election.
2) Machines are initially tested to make sure they work. Someone is given one physical key. Then they leave.
3) Any time over the next few days, that person or another person (most likely a poll worker - they are unsupervised but would have easiest access) with the same key (there are only a few versions for over ten thousand machines, like hotel minibars) comes in, unlocks the back of one machine.
4) That person inserts a memory card and the card automatically uploads a virus. The person (or dog) then removes the card, locks the machine and leaves. Boom - done. Election won. The whole process takes under one minute.
5) The machine is given its pre-election test the day before or day of the election with no detection of the virus.
6) As the votes are processed, the virus changes them.
7) The virus then deletes itself in order to remove the evidence that it was there. The program is simple enough to write that even I could do it (and that's saying something).

So in order to prevent this sort of thing from happening (again?), here is what needs to be done in order to create machines and process that are truly secure and can provide a system that we can be reasonably sure produces accurate results:

- Collaboration of technical and election communities
- Increased use of independent technical security experts
- Further research to improve the voting systems
- More accessibility to companies designing these products
- More secure physical and crypto keys
- More robust hardware and software design
- Rigorous testing by third party experts
- Removed/reduced and/or encrypted access for random memory cards
- Stricter certification process
- Deployed with safeguards against failure
- Heightened security training and processes for poll workers
- Routine random manual audits
- Policies and procedures that guarantee the integrity of the paper and the quality of the printers used for printed paper trails
- Mandatory manual recounts
- Increased accountability

This may still seem like a complex problem and it is, but the best way to circumvent continued issues is with a verifiable paper trail, regardless of the system used. That's all we can hope for with one month until election day.

See also: RFK Jr's article in Rolling Stone.