Third Party & Independents Archives

HAVA Series Part Five: More Problems With Electronic Voting Security

Despite DREs being the new wave of technology there exists tremendous security issues with these systems that are not addressed in HAVA, and thus that could affect the successfulness of HAVA itself.

In “Analysis of an Electronic Voting System” the authors note that in Diebold’s AccuVote – TS DRE cryptography is rarely used, and when it is utilized is done poorly, further the author’s note that the system is written in C++ which is not type-safe (55). Due to this lack of cryptography in a mock election it was possible for voters to “modify smartcards to vote more than once (and) implement a ballot reordering attack which tricks voters into voting for the wrong candidate” (56).

The security problems involving DRE’s can be found in nearly every aspect of the voting process. When Diebold accidentally left a copy of its source code on an unencrypted internet site one computer scientist who found it stated that “They made mistakes I wouldn’t expect an undergraduate in computer security to make,” these mistakes are compounded as they increase the likelihood of fraud and error (57). Furthermore computer scientists have concluded that DRE’s are the most vulnerable to fraud, the systems where fraud can have the largest affect on the electoral outcome, and have the lowest probability of being detected (58). The fact that vendors hide their software means that it is much more difficult for elections officials to find and fix malicious, fraudulent, computer code (59).

The fraud possible through DRE’s is unlike anything we have ever seen before, and because virtually zero security measures are mandated through HAVA the likelihood of fraud is heightened. Through creating smartcards similar to the smartcards used at polling places, these created cards are called homebrew smartcards, the Compuware Report, commissioned by the state of Ohio, found that voters could vote multiple times or even close the polls early (60). At Diebold the administrator PIN code across the country is widely known to be 1111, another vendor ES & S doesn’t even encrypt their administrator cards, and a further vendor Sequoia has machines where polls can be closed by simply hitting a button on the back of the machine (61).

Ballot definition, the data that provides info to the system such as candidate, precinct, etc, is also seriously unsecured. Although fraud involving ballot definition could be very serious, as an attacker could change the system to make votes for one candidate go to another, none of the four major vendors encrypt this information (62). There have been numerous events consistent with fraud involving ballot definition, including: during the 2002 election in Union County, Florida 2462 Democratic and Republican votes were read as all being cast for the Republican and in the 2004 presidential election in Maryland some DRE’s omitted some races from even appearing on the ballot (63).

Another major security issue involving DRE’s concerns audit logs, which logs all material that occurs on a server. For the voters to have confidence in an election audit logs must be readable and accountable, yet the audit logs of all of the major vendors lack encryption (64). Researchers from the Compuware study found it easy to access, change and delete the logs; with the logs deleted there would be no evidence of fraud (65). Without HAVA mandating encryption vendors are given little motivation to spend the time, and money, to update security components, and thus HAVA actually increases in many ways the potential for fraud.

DRE’s have not just been found to be susceptible to fraud and error; there exists a long history of abnormalities regarding these machines. In Sarpy County, Nebraska DRE’s recorded too many votes; Ed Gilbert Deputy Sarpy County Election Commissioner described the problem saying “It affected thirty two of the eighty precincts. And I suppose as many as 10,000 votes” (66). In 2002 in San Luis Obispo County, California a machine closed the polls five hours early, while in the same year in a gubernatorial race in Miami County, Florida votes went uncounted because the machines were shut down improperly (67).

Works Cited:

55. Tadayoshi Kohno, Adam Stubblefield, et. al, “Analysis of an Electronic Voting System,” IEEE

Symposium on Security and Privacy 2004, IEEE Computer Security Press, May 2004.

56. Ibid.

57. Michael A. Carrier, “Vote Counting, Technology, and Unintended Consequences,” 652.

58 - 65. Ibid. 655 -660, 662

66. “Countinghouse Blues: Too Many Votes,” Available at

67. Michael A. Carrier, “Vote Counting, Technology, and Unintended Consequences,” 659

Previous parts in this series can be found at:
Part One:

Part Two:

Part Three:

Part Four:

Posted by Richard Rhodes at September 24, 2006 10:49 PM
Comment #183746

Electronic voting machines cannot be trusted — the vast majority of Americans do understand this by now.
While we can continue to complain about this attack on our democracy, we can also act now to make sure that all of our votes will count in November by visiting this webpage and sending a message to both our Senators, and to our Congressional Representative in the House:
Support the Emergency Paper Ballot Mandate of 2006

In primaries in Ohio, Maryland, California and numerous states across this nation, Electronic Voting Machines have caused serious problems at the polls, resulting in long lines, voters turned way from their polling places, and uncounted or miscounted votes. We must act now to ensure that every eligible voter can cast a ballot that counts on November 7.

Because our representatives in Washington are not addressing this threat to our democracy, netroots activists have drafted the Let America Vote Act: Emergency Paper Ballot Mandate of 2006.
This simple piece of proposed legislation mandates every voting jursidiction make available emergency paper ballots for the November 7, 2006 general election. These paper ballots will not be provisional ballots but regular ballots. They can be used by any voter who requests one - and will be used by every voter in the event of voting machine faliure. These emergency paper ballot votes must be counted immediately upon the close of polls.

Posted by: Adrienne at September 25, 2006 11:59 AM
Post a comment