More Evidence of Vulnerability

On Wednesday, the Center for Information Technology Policy at Princeton released a study on the security of the Diebold AccuVote TS series of electronic voting platforms. The machines examined will be used by nearly 10% of registered voters in the November 2006 election, including all voters in Maryland and Georgia. The study found, among other things, that an attack on a single machine, which would change the outcome of a close election, carries a minimal risk of detection and that it can require as little as one minute of physical access for an attacker to install malicious software on a voting machine. Unfortunately, these flaws are not unique to the Diebold systems; all Direct Recording Electronic (DRE) machines are susceptible to similar attacks.

They conclude, though, that it is possible to build an affordable, reliable electronic system that contains adequate safeguards against malicious attacks.

Such a system would require not only a voting machine designed with more care and attention to security, but also an array of safeguards, including a well-designed voter-verifiable paper audit trail system, random audits and forensic analysis, and truly independent security review.

These conclusions come as no surprise to us. Our recent security report recommended, among other things, that states require audits of voter-verifiable paper records. We applaud the work of the Princeton researchers and implore states to consider these and other security threats when purchasing electronic voting machines.

Categories: General, Voting