In an informal poll of leading security executives conducted by Schwartz Communications' Security Practice Group, 13 out of 17 said they do not trust the security of e-voting systems. This follows last week's airing of the HBO documentary "Hacking Democracy" aired in US.
"It's like going back in time ten years and looking at software because the mistakes - some of the security issues - the vulnerabilities are so glaring," said Hugh Thompson, chief security strategist of Security Innovation, who was featured on the documentary. "They seem so obvious but they're uncaught by whatever procedures and checks and balances are out there."
The growing concern focuses on back-end technology driving most e-voting systems today being protected by laws that prevent anyone but vendors from seeing the underlying code. There are few opportunities for oversight or auditing, which most security professionals would agree are requisite to check for voting integrity. "Ensuring the integrity of electronic voting requires a complete audit trail of all activity to definitively know whether or not errors or fraud have taken place," said Cliff Pollan, CEO of Lumigent.
Steven Sprague of Wave Systems, a provider of trusted computing applications, agreed. "The audit and information assurance model is not complete and is too proprietary," he said. "Open systems models for authentication, software integrity and data signing are available and standards-based solutions could be very useful."
This lack of oversight, combined with lax security practices at county-level election offices is a recipe for disaster, Thompson said.
"If you have physical access to a machine called the central tabulator, which takes votes in from all of the different polling places, you can go in either before, during or after the election, you can double click a Microsoft Access Database file and change any root totals you want," he says. "There are no integrity checks."
Thompson said the worst part about this system is the fact that many of these tabulators are just normal computers that are often available for office use when an election isn't going on.
"In one place, we saw that you could go in and browse the internet," he said. As experts such as Thompson and others continue to air concerns about the integrity of these systems, they hope that voters will recognise that e-voting concerns are not simply complaints from conspiracy theorists donning tin-foil hats.
"Voters need to be aware of how their votes move through the process," said Edward Adams, CEO of Security innovation, "but more importantly demand change and some reasonable testing and verification to have confidence in the fidelity of the process."
Click here to email Ericka Chickowski.
On Election Day, IT security executives have doubts about electronic voting
By Ericka Chickowski on Nov 7, 2006 9:27PM