Here's a summary guide to the GAO report on electronic voting and vote-counting systems for those who haven't read it yet
http://www.gao.gov/new.items/d05956.pdfAs of yet, the non-partisan report issued by the US Government Accountability Office to the Congressional Committees on Government Reform and on the Judiciary in late October 2005 has received little media attention. Yet the implications of the well researched and carefully worded 107-pg.-long document for our elections are ominous. The electronic voting and vote-counting systems currently in place are neither secure, nor reliable. Their numerous weaknesses and vulnerabilities “have the potential to affect election outcomes,” the GAO report warns. (p.53)
On October 29, 2002, the Congressional Help America Vote Act (HAVA) funded the purchase of electronic voting technology. By August 31, 2005, a total of $2,5 billion had been disbursed to purchase new electronic voting systems. In the 2004 elections 35% of US voters used optical scan systems and 29% cast their votes into direct recording electronic systems.
HAVA also required that states meet federally mandated improvements in voting standards. (p.19) It established the Election Assistance Commission (EAC) in order to adopt “voluntary systems guidelines,” to manage a “national program to testing, certification, decertification, and recertification” of voting systems and to maintain a clearinghouse of information on voting systems administration. The EAC was to be appointed 120 days after HAVA was enacted. It took the President a whole year to appoint the 4 EAC commissioners, who began their work in January 2004 after their Senate confirmation. Sadly, the commission received only $1.2 million in funding for its important work in fiscal year 2004 and $14 million in 2005. (p. 20)
Thus, electronic voting systems were purchased and put in place across the country prior to updating and implementing national standards for ensuring the security and reliability of the new technology. The current security provisions are vague and incomplete. The voluntary status of the guidelines also leaves states “free to adopt them in whole or part, or reject them entirely.” (p. 32)
The central part of the GAO report (pp. 25-38) highlights the security weaknesses and vulnerabilities of the electronic voting systems currently in place:
• Data files containing cast votes are not encrypted to protect them from being viewed and modified.
• Other computer programs can access cast votes and alter them without the system recording this action in its audit logs.
• Some ballot definition files can be altered on some models so that votes shown on the touch screen for one candidate could be counted for another candidate.
• A regional vote tabulation computer could be accessed via a modem connection.
• Using altered memory cards an optical scan system could be accessed and modified without leaving any record in the audit log.
• Security examinations revealed inadequate password protections, including easily guessed passwords, or IDs usable by all supervisors.
• Smart cards or memory cards are not secured on some voting systems, making them easily accessible to vote multiple times, change vote totals and produce false election results.
• Reliance on telecommunications or networking services, including wireless communication, exposes electronic voting data to risk of intrusion.
• Since requirements for source code information is inadequate, source code may contain hidden (and potentially malicious) functionality.
• Current tests assess functionality, while security flaws can escape testing.
• System failures and malfunctions during elections have led to polling place disruptions, disenfranchised voters and vote-counting errors.
• Poor version control of software made installation of uncertified software possible in California and Indiana.
Although there is no consensus about the pervasiveness of the problems uncovered in various locations, if the security weaknesses and vulnerabilities of the electronic systems currently in place are exploited, “changes in election results could go undetected,” the GAO report concludes. (p. 38) There is evidence that these weaknesses and vulnerabilities “have caused problems with recent elections, resulting in the loss and miscount of votes.” (p. 38)
In its conclusion, the GAO report states that national initiatives are under way to improve voting system security and reliability, but it also warns that “important initiatives are unlikely to affect the 2006 elections, due, at least in part, to delays in appointment of EAC commissioners and in funding the commission.” (p. 52) Until then, the voting systems that many state and local jurisdictions rely on for their elections, do not deserve the trust placed in them by the electorate.
For questions about matters discussed in the GAO report, please contact David Powner at (202) 512-9286 or at pownerd@gao.gov or Randolph Hite at (202) 512-3439 or at hiter@gao.gov (p. 57)
http://www.gao.gov/new.items/d05956.pdf