Security Of Electronic Voting Is Condemned - washingtonpost.com

Today's Washington Post features this article by Cameron Barr regarding draft recommendations issued this week by NIST (the National Institute of Standards and Technology) that condemn paperless electronic voting systems because they do not allow election officials to recount ballots independently from a voting machine's software.

If the recommendation is adopted it will be part of the next version of the federal voting system standards. The sad irony here is, that if NIST had been authorized to immediately begin its oversight of the federal standards after HAVA was enacted in October 2002, such a recommendation could have come years sooner, and before so much money had been unwisely spent on paperless electronic voting machines. Regardless, the draft recommendation may provide incentives to more states that have implemented paperless e-voting to retrofit the machines with voter-verified paper audit trail printers, or move to a paper-based voting system.

Exceprts from the Washington Post article are featured below.

---------

Paperless electronic voting machines used throughout the Washington region and much of the country "cannot be made secure," according to draft recommendations issued this week by a federal agency that advises the U.S. Election Assistance Commission.

The assessment by the National Institute of Standards and Technology, one of the government's premier research centers, is the most sweeping condemnation of such voting systems by a federal agency.

In a report hailed by critics of electronic voting, NIST said that voting systems should allow election officials to recount ballots independently from a voting machine's software. The recommendations endorse "optical-scan" systems in which voters mark paper ballots that are read by a computer and electronic systems that print a paper summary of each ballot, which voters review and elections officials save for recounts.

---

NIST's recommendations are to be debated next week before the Technical Guidelines Development Committee, charged by Congress to develop standards for voting systems. To become effective, NIST's recommendations must then be adopted by the Election Assistance Commission, which was created by Congress to promote changes in election systems after the 2000 debacle in Florida.

If the commission agrees with NIST, the practical impact may not be felt until 2009 or 2010, the soonest that new standards would be implemented. The standards that the Election Assistance Commission will adopt are voluntary, but most states require election officials to deploy voting systems that meet national or federal criteria.

---

NIST says in its report that the lack of a paper trail for each vote "is one of the main reasons behind continued questions about voting system security and diminished public confidence in elections." The report repeats the contention of the computer security community that "a single programmer could 'rig' a major election."

---

Computer scientists and others have said that the security of electronic voting systems cannot be guaranteed and that election officials should adopt systems that produce a paper record of each vote in case of a recount. The NIST report embraces that critique, introducing the concept of "software independence" in voting systems.

NIST says that voting systems should not rely on a machine's software to provide a record of the votes cast. Some electronic voting system manufacturers have introduced models that include printers to produce a separate record of each vote -- and that can be verified by a voter before leaving the machine -- but such paper trails have had their own problems.

----

"Why are we doing this at all? is the question people are asking," said Warren Stewart, policy director of VoteTrustUSA, a group critical of electronic voting systems. "We have a perfectly good system -- the paper-ballot optical-scan system."