While surfing last night, I came across this document prepared by the
General Accounting Office after a review of issues raised with
electronic voting in Ohio and other places.
While electronic voting systems hold promise for a more accurate
and
efficient election process, numerous entities have raised concerns about
their security and reliability, citing instances of weak security controls,
system design flaws, inadequate system version control, inadequate
security testing, incorrect system configuration, poor security
management, and vague or incomplete voting system standards, among
other issues. For example, studies found (1) some electronic voting
systems did not encrypt cast ballots or system audit logs, and it was
possible to alter both without being detected; (2) it was possible to alter
the
files that define how a ballot looks and works so that the votes for one
candidate could be recorded for a different candidate; and (3) vendors
installed uncertified versions of voting system software at the local level.
It
is important to note that many of the reported concerns were drawn from
specific system makes and models or from a specific jurisdiction’s election,
and that there is a lack of consensus among election officials and other
experts on the pervasiveness of the concerns. Nevertheless, some of these
concerns were reported to have caused local problems in federal
elections-resulting in the loss or miscount of votes-and therefore merit
attention.
Disturbing, but fascinating read.
