Panel snubs proposed e-voting check

At a periodic public meeting here, the Technical Guidelines Development Committee narrowly rejected on Monday a proposal designed to pave the way for a new requirement that all electronic voting systems be "software independent" and readily audited. The TGDC was created in 2002 under the umbrella of the National Institute of Standards and Technology (NIST) to advise the U.S. government on electronic voting machine standards.

Voting machines are considered "dependent" on software if an undetected bug or modification in their code can lead to an undetectable change in the election's outcome.

"That's sort of the worst possible result from a voting point of view," said Ron Rivest, a Massachusetts Institute of Technology electrical engineering and computer science professor, who proposed the recommendation. "You have an election result that's wrong, and you have no evidence to show you it's wrong."

That prospect prompted NIST staffers to urge against future use of software-dependent machines in a highly publicized draft report written for the committee's consideration. Most of the direct-record electronic machines, or DREs, in use today aren't considered software independent because they don't produce a paper trail or other record that allows auditors to independently verify vote tallies.

Another popular piece of electronic voting equipment known as an optical scan machine has earned more support because it involves feeding a hand-marked paper ballot into a computer for tallying, thus leaving behind a paper record that could be counted in an audit.

The 14-member advisory committee, composed of representatives from state elections boards, engineers, accessibility experts, and computer scientists, rejected the software independence requirement by a 6-6 vote, with two members absent or abstaining. Opponents of the proposal voiced concern that the focus on software alone was misguided or even overblown.

"To totally improve the security of the system, we need to put all the systems under equal scrutiny," said Stephen Berger, a committee member who serves as president of a Texas-based engineering consulting firm.

"We haven't proven that the processes that state election officials have used for a few decades now of testing and verifying the systems before they deploy them is failing. And now we're adding another requirement that they also be able to not only test before they deploy them, but also audit the systems after they deploy them," added Paul Miller, voting systems manager for the Secretary of State in Olympia, Wash.

The idea of replacing millions of dollars' worth of paperless machines has not won a ringing endorsement from all elections officials, many of whom claim there is not enough evidence that a paper trail would significantly enhance security or voter confidence. Thirty-five states either already have some form of paper trail in place or have a yet-to-be-implemented requirement on their books.

Rivest emphasized that he and the security subcommittee he led were not recommending that all states using paperless DREs immediately scrap their machines.

"Requiring software independence doesn't mean that this committee is saying existing DRE systems are insecure," he said. "What we're saying is we can't tell if they're secure or not."

Some consensus among members
Despite the rift over software security, there seemed to be more consensus among committee members that a paper trail is not necessarily the only solution to the problem.

The committee unanimously adopted another resolution designed to urge the voting industry to be more "innovative" in its approaches. Rivest said it would be a shame if Congress passed legislation specifically requiring paper receipts in voting machines--excluding potentially workable paperless verification options--even if it appears that paper is the most viable way to go right now.

A commissioner with the U.S. Election Assistance Commission, the federal agency charged with considering the committee's guidelines and supplying guidance to state elections officials, told the committee that she believed voter-verified paper receipts are not a cure-all. She noted the potential for paper jams and other printer failures, which have been documented in some precincts, and urged that the door be left open for new approaches.

"We should continue to research other forms of verification, because technology and solutions in this area, I believe, are rapidly increasing," Donetta Davidson, one of three sitting commissioners, said.

The committee plans to meet Tuesday to continue debating resolutions in the areas of voting machine security and transparency, testing requirements and privacy. It ultimately has until July 2007 to finalize its guidelines, which then go out for public comment and EAC approval or rejection. A new attempt at a software independence requirement could resurface at subsequent meetings.