This year, the U.S. will pick a new president using electronic voting machines that can be hacked, security experts said Thursday at the RSA Conference in San Francisco.
As the November election approaches, the question before officials is not how to fix known bugs in their e-voting systems, but rather, how best to check them for fraud, said David Wagner, an associate professor with the University of California, Berkeley's computer science department.
Wagner was part of the team that audited California's voting systems during the state's review of electronic voting, and the problems his team found affect counties across the U.S. "The three systems we looked at are three of the most widely used around the nation," he said during an e-voting panel discussion at the show. "They're going to be using them in the 2008 elections; they're still going to have the same vulnerabilities we found."
With images of Florida's laborious 2000 presidential recount in their minds, county officials have spent billions over the past eight years on electronic voting systems. These systems are supposed to take the guesswork out of vote-counting. The problem is that they are insecure, and now states are being forced to make do with buggy equipment, panel members agreed. "We have spent billions of dollars on equipment," Wagner said. "We don't have another several billion dollars."
The California audit examined systems from Diebold Elections Systems, Hart InterCivic and Sequoia Voting Systems, ultimately permitting their use in 2008, but only under certain conditions. In testing, Wagner and his team found that they could introduce a computer virus to any of the three systems, which would then spread throughout the county and ultimately skew the vote count.
This year most California voters will use paper ballots, which give officials a way to audit their machine-counted tallies for irregularities, but not all states have that option. About a quarter of the votes cast in the upcoming election will be on electronic voting equipment with no paper trail, Wagner said. And even the states that keep paper records are not necessarily checking their results. Only about a third of all states have records that are regularly audited.
That's too bad, he said, because the ability to check whether your voting system has been hacked is of paramount importance. "Security is not the most important thing," he said. "What's more important for elections is auditability."
Voting system vendors are in much the same position as Microsoft was around 1998 -- on the defensive and closed to most security researchers, Wagner said.
Recently, Princeton computer science professor Ed Felten was threatened with legal action after New Jersey counties asked him to review Sequoia AVC Advantage voting machines.
There is so much mistrust between the two communities, it is hard for them to communicate, said Alec Yasinsac, an associate professor at Florida State University. "It's very hard for the academics to approach the vendors," he said. Vendors worry that if they talk to security researchers, it might be tantamount to admitting that they have bugs.
"I think voting system vendors today are where Microsoft was 10 years ago," Wagner said.
Microsoft has since made an about-face and embraced the security research community it once spurned. Many of the company's harshest security critics now work for the software vendor.
Two years ago, Hugh Thompson found a way to doctor election results in the database used by Diebold's GEMS Central Tabulator, but on Thursday he said he would like to help the vendors improve their products and make electronic voting trustworthy. "We're not in it for just ripping them apart," he said. "We want something that's good."