Computerized Voting ... Security Problems

Computerized Voting Would Be Fraught with Security Problems, Experts Say
By MARGIE WYLIE
c.2000 Newhouse News Service

The nation holds its collective breath waiting for Florida to recount presidential votes, on paper punch cards, one by one. So why, in the computer age, are we still voting with such antiquated systems? Can't we do better?
Not really, computer security experts say. Punch cards may seem primitive, but the more complex a system, the more chance for errors and fraud. And purely digital voting systems are very complicated.

``Everybody is always looking for easy answers. They say that we wouldn't have all these problems if we just went to Internet voting, but when you stick computers in there, you are just magnifying the basic problems associated with any election,'' said Peter Neumann, principal scientist at SRI International, a Menlo Park, Calif., technology research firm.

Lauren Weinstein, co-founder of People for Internet Responsibility and a member of the Committee on Computers and Public Policy for the Association for Computing Machinery, agreed.

``Right now, if you are dealing with physical ballots, in order to commit a fraud, ballots have to disappear or be physically altered. With a computer, one guy sitting at a screen could twiddle one bit and there goes your election,'' Weinstein said.

Purely digital voting systems could be attacked at so many points that it is mind-boggling, experts say.

In the case of Internet voting, it would be a trivial matter to implant viruses in personal computers _ viruses that could wake up on Election Day and change people's votes, Weinstein said. ``We all download drivers and other software from the Net all the time,'' he said. ``It would be simple to put a little virus in those downloads.''

Closed systems -- in which voters don't cast ballots from their own PCs, but venture to the polls to make a purely digital vote -- aren't much better, said Rebecca Mercuri, a professor at Bryn Mawr College and forensic computer scientist who is finishing a doctoral dissertation about computerized voting.

The systems themselves would be made up of millions of lines of code that could contain errors or be tampered with by any number of people involved in the voting process, from the manufacturer on down to local election officials, Mercuri said.

She pointed to another Florida event -- the March 23, 1993 city elections in St. Petersburg -- as an example. In that case, during a test of two computerized vote tabulation systems, an industrial precinct in which there were zero registered voters showed 1,429 votes for the incumbent mayor. He won the election by 1,425 votes.

Election officials later testified in court that the votes were consolidated from the two systems being tested, but they could never pinpoint the precints from which the votes originated, Mercuri said.

A recount ultimately confirmed the election's outcome. But there was no way to know what factor -- error or fraud -- caused the tabulation problem. ``The bottom line with computers is that there's no smoking gun, it just goes away,'' Mercuri said.

Ernie Hawkins, president of the National Association of Clerks, Recorders and Election Officials and head of elections for Sacramento County in California, raised another question: ``How would you recount the ballots if there was a challenged election?''

Even with old lever machines, there are questions about whether votes are being recorded properly, Hawkins said. When the machines fail, there is no way to trace the votes. Some lever machines can make paper copies in case a manual recount is needed, but they are expensive and slow, he said.

Manufacturers of Internet voting systems agree that they are subject to error and hacking, but say they're confident they can ultimately overcome security problems.

``You have the same problems with absentee or mail-in balloting,'' said John Bodine, director of business development for eBallot.net Inc., based in Seattle. If a system were built with security and maintained with integrity, online voting could be one of many viable options for voting, he said.

But those ``ifs'' are too big for Neumann.

``I would not trust a computerized voting system even if I had written it myself, because of the many ways in which such systems can be subverted,'' he wrote in a recent issue of Risk Digest, his e-mail newsletter.

``It's not a panacea,'' Weinstein agreed. ``One of the worst things we could do is use the current confusion as a rallying cry for wholesale jumping into these other technologies, which frankly could make what's going on in Florida look like a sunny day in comparison.''

(Margie Wylie can be contacted at margie.wylie@newhouse.com)