Washington, DC, July 19, 2006 - David Wagner, a well-known researcher in information security and electronic voting, testified today that the federal qualification process for voting machines is not working. At a Congressional hearing reviewing new federal voluntary standards for voting equipment, Wagner, an associate professor of Computer Science at the University of California, Berkeley, said that paperless voting machines are the systems most vulnerable to security problems. The joint hearing was held by the U.S. House of Representatives Committee on House Administration and the Committee on Science.
"We've seen security defects that allow a single person with insider access and some technical knowledge could switch votes, perhaps undetected, and potentially swing an election," he said. "These problems should be weeded out by the independent testing process, but it is clear that this system isn't working." He proposed several recommendations to make existing voting systems as secure and reliable as possible for the upcoming election cycle.
The hearing examined whether the voluntary federal standards for voting equipment, issued in 2005, are likely to improve the accuracy and security of voting, and to see if states are likely to adopt the standards. The hearing followed a recent report from the Government Accountability Office that found widespread inconsistency in the use of federal technology standards.
"We have grave reservations about the safeguards in place with many of the computerized voting technologies being used," said Eugene Spafford, Chair of ACM's Committee on Public Policy (USACM). "New federal standards and a certification process hold promise for addressing some of these problems, but more must be done to ensure the integrity of our elections in the face of software and hardware errors as well as the possibility of undetectable tampering," he said.
Spafford, who directs the Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue University, released a letter to Congress urging further actions to ensure that voting is accurate, secure and error-free. They include:
- A formal feedback process for translating lessons learned into best practices
- A more transparent testing process with results available to the public
- Clear usability and security standards to minimize variances in designs
- A mechanism for interim updates to reflect emerging threats
- Voter verified paper trails to mitigate risks from software and hardware flaws
The full text of the letter is at http://www.acm.org/usacm/Letters/USACM_Evoting_Comments.pdf
Wagner is a member of the California Secretary of State's Voting Systems Technology Assessment Advisory Board. He was also a member of the ACM Committee on Guidelines for Implementation of Voter Registration Databases. The committee issued recommendations in February 2006 to ensure that electronic records of information submitted by citizens registering to vote are accurate, private, and secure. http://www.acm.org/usacm/VRD/
ACM, the Association for Computing Machinery http://www.acm.org, is an educational and scientific society uniting the world's computing educators, researchers and professionals to inspire dialogue, share resources and address the field's challenges. ACM strengthens the profession's collective voice through strong leadership, promotion of the highest standards, and recognition of technical excellence. ACM supports the professional growth of its members by providing opportunities for life-long learning, career development, and professional networking.