William Jackson | Cybereye: Campaign now for better voting methods

Midterm elections will be held tomorrow and millions of voters will go to the polls, many of them casting their ballots on electronic machines, to determine the political direction of the country for the next two years.Much has been said and written about the security and reliability of electronic voting, raising credible concerns about how trustworthy it is. It is too late to do anything about problems in the systems now being deployed in polling places around the nation, but it is the perfect time to begin planning for 2008. We should use the next 24 months to resolve issues that have plagued electronic voting for the last four years.I don’t mean that we should necessarily abandon electronic voting, or that it will be possible to solve all the security concerns in any voting technology.What I do mean is that we should come to an understanding of what the security issues really are, determine an acceptable level of risk for all voting systems, and then find ways to solve, mitigate or work around the problems until we reach that acceptable level.The debate over electronic voting has, to date, been conducted as a political squabble. Vendors clutch their proprietary software to their bosoms, invoke the sanctity of intellectual property and challenge their critics to prove there is anything wrong. The critics, denied access to the code, prove little and can only remind us that absence of evidence is not evidence of absence. In the end, little has been accomplished since the issue emerged in 2002.But there is a growing body of evidence, drawn from academic study and experience, that security vulnerabilities in electronic voting are real. It is time to address the security of our voting systems as the national security issue it is, and raise it above the level of routine hardware and software acquisition. There are a few steps that can be taken to help achieve this.First, Congress should follow the lead of 27 states that have written into their election laws requirements for a verifiable paper trail. A paper trail does not solve the technical issues of electronic voting, but it provides a backup mechanism for doing meaningful audits and recounts if needed.The Election Assistance Commission already recommends a paper trail in its Voluntary Voting System Guidelines but, as the name implies, these are voluntary. Congress could go a long way toward resolving current concerns by making the standards mandatory, and requiring certification and accreditation of voting systems using the standards.Second, industry needs to take its code off the pedestal of intellectual property and make it available for review before it is used in election systems. Voting is a public trust, and companies that presume to make a buck off the process should be prepared to show that they are meeting that trust.Last, states must be prepared to abandon systems that do not meet the public trust. Hundreds of millions of dollars have been spent on voting systems that could be flawed. It would be a shame to throw those dollars away, but it would be a bigger shame to throw away the votes.Let’s hope that state and federal government and industry work together in the next two years to deal with the very real security issues facing our electoral process. If that process is to work, the time for that cooperation to begin is now, not two years from now. .