Jan 30, 2004 (08:01 AM EST)
E-Voting System Has Security Risks

Read the Original Article at InformationWeek

Election insiders and hackers could disrupt or corrupt elections held using electronic voting machines made by Diebold Inc., according to a report presented to Maryland state legislators on Thursday. Diebold, however, says the report validates the security of their electronic voting systems. "Not only can many of the issues be mitigated by March, many have been already," says a Diebold spokesman. Maryland voters should not be concerned about the security or accuracy of the votes they cast electronically next month, he says.

The maker of electronic voting systems already has strengthened security by improving how the system handles passwords and by enhancing the encryption the system uses, the spokesman says.

The analysis of the voting system was conducted by RABA Technologies and made available on the Internet on Friday. The report concludes that while vulnerabilities exist, they can be fixed in time for Maryland's primary election in March. The report was prepared after RABA Technologies had security experts attempt to hack the system under actual election conditions.

Among the security concerns: Servers used in the test didn't have the most current Microsoft patches in place, leaving the systems up to potential attack. Also, easily guessed passwords made it possible to reveal the contents of smart cards used in the election process. Plus, the security team was able to use lock-picks to crack open a voting machine in about 10 seconds. The report also warned that someone using a standard handheld computer could alter the software to destroy or scramble results.

The report made it clear that all the vulnerabilities it cited could be fixed, but that an auditable paper trail of votes cast electronically should become a requirement.

"With all these near-term recommendations in place, we feel for this primary that the system will accurately render the election and is worthy of voter trust," the report stated. "However, between the March and November elections, we strongly feel that additional actions must be taken to mitigate increasing risks incumbent on a system that will receive broad scrutiny. Ultimately, we feel there will be a need for paper receipts, at least in a limited fashion."

Concerns raised about the security of electronic voting systems has sparked legislators at the state and federal levels to draft laws that would require auditable paper trails for all votes cast electronically. "It just makes sense to have something you can verify," says one state election official in California.