Despite e-voting improvements, audits still needed for ballot integrity

E-voting technologies have gotten more reliable since 2000, Caltech-MIT Voting Technology Project says

Technology and process upgrades implemented since the controversial 2000 presidential election have made electronic voting machines more secure and reliable to use, the Caltech-MIT Voting Technology Project said in a report last week.

Even so, the only way to ensure the integrity of votes cast with the systems is to have mandatory auditing of the results and of all voting technologies used in an election, the 85-page report cautioned.

Rather than setting security standards for election equipment, the better approach for safeguarding ballot integrity is to hand-count a sufficiently large and random sample of the paper records of votes cast electronically, it said. "The 2000 United States presidential election put a spotlight on the fragility and vulnerability of voting technology," the report said. "It became clear that providing robust, accurate, and secure voting systems remained an important open technical problem" for the United States.

The Voting Technology Project is a joint initiative between MIT and Caltech and was launched originally to investigate the causes of the voting problems in Florida in 2000 and to make recommendations based on the findings.

Some progress has been made since 2000, said Michael Alvarez, professor of political science at Caltech and co-director of the Voting Technology Project. The antiquated lever voting and punch card systems that led to the infamous hanging chad fiasco in Florida have been mostly replaced with newer, more reliable optical scan and electronic voting systems, he said.

In the upcoming Nov. 6 elections, nearly three out of five counties will use optical-scan technology, with the rest relying on some form of direct record electronic systems. Only a very small number will use purely hand-counted paper ballots.

In the past 10 years, there has also been a move away from all-electronic voting systems to electronic systems that support a voter verifiable paper ballot trail, the report noted. Much of that particular trend has been by driven security concerns related to Direct Record Electronic (DRE) voting machines from companies such as Diebold.

The machines processed and stored all ballots electronically and offered little way for voters and election officially to determine for certain whether votes were being recorded as intended or counted as cast. Studies conducted by numerous researchers over the past few years have shown such DRE systems to be highly vulnerable to all sorts of tampering and compromises because of their poor design and engineering.

Because of such concerns, much attention has been paid to ensure that votes cast electronically this year have a paper record that can be counted and verified manually if needed. States such as California in particular have led the effort to get voting machine vendors to implement better security. The report pointed to the state's decertification of all DRE machines in 2007 as one example.

Post-election auditing technologies and approaches have also improved substantially since 2000, thanks mainly to efforts by security researchers and cryptographers, Alvarez said. At least half of all states will conduct post-election audits this year based on sound statistical principles, he said. Others, including California, have been conducting pilot risk-limiting audits to identify potential issues before votes are cast.

Another big improvement since 2000 is the growing use of centralized statewide voter registration databases for voter authentication and registration. Those databases have enabled quicker voter identification and given states a better way to address vote loss due to registration problems, Alvarez said. Voter registration databases have also made it easier for state election officials to rollout early voting facilities, he said.

In 2000, between four million to six million votes were lost nationwide because of voting equipment and ballot problems and because of voter registration problems. Because of the technology and process improvements implemented since then, the number of lost votes is expected to be dramatically lower.

Even so, concerns remain. The increased interest in Internet voting and vote-by-mail is worrisome, Alvarez noted. Both methods are inherently insecure and vulnerable to tampering and fraud. The federal system to certify electronic voting technologies to specific security standards has also been costly to implement and not particularly effective, he said.

When voters go to the elections this year they will see little that is new in terms of technology Alvarez said. "We haven't had an opportunity to improve voting technology" because of the recession, he said. "The problem that states and counties have had with public finances have made it difficult for election officials to invest in new technologies. We will hopefully see that change as public finances improve."

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is

See more by Jaikumar Vijayan on

Read more about government it in Computerworld's Government IT Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Government ITsecurity

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place