December 05, 2005

"Via computer, a vote-counting headache"

Even in this election off-year, the potential perils of electronic voting systems are bedeviling some state officials, as a Jan. 1 deadline approaches for complying with new standards for the machines' reliability.

Across the country, officials are trying multiple methods to ensure that touch-screen voting machines can record and count votes without falling prey to software bugs, hackers, malicious insiders, or other ills that beset computers.

This isn't just theoretical; problems in some states have led to lost or miscounted votes.

One of the biggest concerns surrounding computerized ballots -- their frequent inability to produce a written receipt of a vote -- has been addressed or is being worked on most states.

Still, a report issued in October by the Government Accountability Office predicted that overall steps to improve the reliability of varied electronic voting machines ''are unlikely to have a significant effect" in next year's elections.

This, the GAO said, is partly because efforts to establish and disseminate the certification procedures remain a work in progress.

''There's not a lot of precedents in dealing with these electronic systems so people are slowly figuring out the best way to do this," said Thad Hall of the University of Utah and coauthor of ''Point, Click, and Vote: The Future of Internet Voting."

In North Carolina, officials Thursday certified Diebold Inc. and Election Systems & Software Inc. and conditionally certified Sequoia Voting Systems Inc. as voting machine vendors. The state adopted new requirements, which include placing the machines' software code in escrow in case of a problem.

Other states have similar rules, but Diebold had argued in court last week that North Carolina's law was too broad. The company said to comply, it would have to disclose proprietary code behind Microsoft Corp.'s Windows CE operating system, which is used in its machines.

While rival machine vendors say they can meet those standards, Diebold sought an exemption, asking a judge to protect it from criminal prosecution if it did not disclose the code. The judge declined to issue such a blanket protection.

A different kind of showdown is brewing in California, where the secretary of state, Bruce McPherson, said he might force e-voting machine makers to prove their systems can withstand attacks from a hacker.

One such test on a Diebold system -- Diebold machines were blamed for voting disruptions in a 2004 California primary -- is expected to happen in the next few weeks.

The state has been negotiating details with Finnish security specialist Harri Hursti, who uncovered severe flaws in a Diebold system used in Leon County, Fla. (He demonstrated how vote results could be changed, then made screens flash ''Are we having fun yet?")

Posted by Randy Riddle at December 5, 2005 08:54 AM