17 September 2006

Concerns with e-voting

I've always been leary with regards to the increasing use of e-voting. In theory, I think it's a great idea whose time has come. Practically, I've been concerned with the concept mainly because it seems to me the vast majority of e-voting machines lack a verifiable paper trail.

I'm far from expert in the technology, but I think of it like the unending "competition" between anti-virus software and viruses (including trojans, worms, adware/malware/spyware, what have you)--a new virus is detected, a counter-measure is developed, and another virus crops up. I'm worried that the same thing could happen with e-voting technology--and do we really want to deal with something like that with something as vital as voting? Software companies are on constant watch for potential and emerging attacks. I don't get the impression that e-voting machine companies are doing the same thing--whether because they don't think they need to, or because they don't have to, or they need a new publicist.

Anywhoo, what brought this up was an article I saw on cnet talking about a study where investigators were able to tamper with an e-voting machine. As written in the cnet blog:
"... a pretend presidential election in which George Washington receives four votes to Benedict Arnold's one. Yet, when the voting machine is queried at the end of the day, its paper printout states that Arnold received three votes to Washington's two. Even the memory card, designed as a backup, reports the same fraudulent result. There is no way for an observer after the fact to disprove that voters did not give Arnold three votes to Washington's two--except that we saw in the video that the voters did in fact vote differently. The researchers at Princeton exploited well-known software flaws with the Diebold Accu-vote-TS voting to construct their malicious code..."

Here are links to the cnet original post and to the study itself (pdf).

No comments: