More Electronic Voting System-related Woes
July 27th, 2011
The stakes are high–if someone subverts voting systems or if voting systems do not produce valid results for some other reason, democracy itself is at risk–free voting is the foundation of a democratic society. A large proportion of the US public still remembers voting system problems in Florida and Ohio in the 2004 Presidential election that may very well have resulted in victory for a candidate who may not have been the bona fide winner.
With all this in mind, the US will soon have another national election. The political situation is grim, with a huge and hostile chiasm existing between the left and right, possibly the worst since the US Civil War. Political analysts are already projecting winners and losers in gubernatorial and legislative elections, but little is being said about the possibility that electronic voting systems might “throw” the results. Over the years there has been a movement from paper ballots to optical scan or lever operated systems to electronic voting systems to the point that nowadays electronic voting systems are commonplace. The possibility that one or more individuals who work for electronic voting system companies might deliberately alter the functionality of these systems remains–you might remember the now infamous message from the CEO of Diebold in 2003 which in effect pledged support to the Republican party. But evidence of subversion of voting systems remains a point of unsubstantiated speculation.
A more severe risk is that a voting system’s security could be breached, allowing someone to change voting results. Numerous researchers, including faculty members from Johns Hopkins University and the University of California at Davis have proven the viability of this risk. Voting system vendors have attempted to discredit these researchers and have at the same time also often made changes to these systems to remedy vulnerabilities identified by the researchers.
But there is a new and possibly more significant issue at hand. Electronic voting systems are IT systems that are subject to the same foibles as “normal” systems. Many of these systems were purchased and put into place in the late 1990s; others have been implemented more recently. Some of the older systems have been upgraded or replaced, often as the result of recent economic stimulus funding, but many have not been, Some of the more recently implemented systems are also starting to show their age. Computing systems are, after all, normally routinely retired after a limited number of years, but the same is not at all necessarily true of systems used in electronic voting. Increasingly, therefore, the concern is on the validity of voting system results as a function of operational reliability rather than tampering or sabotage.
What can be done? Why are university researchers and information security professionals not bemoaning the condition of these systems? Are we too focused on security risks per se and not on others that could very well be as severe if not more severe? The sad answer is “yes.” Although information security professionals accomplish more than most people can fathom, once again we are reminded of our need to focus more broadly than on attackers, malicious code, and the like. And concerning the upcoming election, all we can do at this point is to cross our fingers and hope that voting systems more or less operate as intended.