News

Voting Machine Security Is Still an Open Question

U.S. national election polling happens on Tuesday, but computer glitches and security issues of the past still cast a long shadow over the vote. Stakes are high in the 2008 election season after electronic voting irregularities were reported in the past two U.S. Presidential elections.

The nation's most populous state, California, even took measures against problematic e-voting machines.

According to the findings of a 2007 review of voting systems in California, e-voting machines aren't secure. Last year, California decertified them for general use. Secretary of State Debra Bowen subsequently limited the use of such machines to one per polling place, to be used only by disabled voters.

When it comes to counting votes, there is a genuine need for "preventing the preventable" with voting machines, one security expert said, citing the example of Premier Voting Systems (PVS), a Diebold subsidiary that has seemed to "figure out how to get them all wrong." Even the physical keys to Diebold's voting machines seemed insecure.

Earlier this year, in response to a lawsuit by Ohio's Secretary of State, PVS claimed that McAfee Antivirus was to blame for vote counting errors. They later claimed that the antivirus software was not on the voting machines, but rather on servers used to count the votes. PVS later admitted that its own software was to blame.

"First of all, a voting machine that requires antivirus software is an insecure voting machine," said Randy Abrams, director of technical education at IT security firm ESET. "This machine should be so locked down that nothing can run on it if it has not been rigorously tested and certified before being added to a white list. Yes, this is an application that white listing makes a ton of sense for."

Then there is physical security, which goes a long way in any IT protection program, Abrams added.

"That is to say, can I go in wearing a Diebold uniform, tell them that machine 203 in Booth 4 has reported a malfunction via its built-in wireless connection and gain access to the machine to tamper with it? This is something people should be asking vendors and technicians."

It may be too late to do a clean sweep of all voting machines for vulnerabilities nationwide before Tuesday November 4, but the media as well as the IT security community will be following the issue closely, waiting to pounce on any perceived irregularity.

ESET's Abrams said experience -- with the 2000 and 2004 elections, where both electronic and paper votes were lost or miscounted -- has taught that at least some of the companies producing electronic voting machines are not interested in spending the money required to produce secure equipment but "only in getting paid for a product."

The prospect of compromised elections, caused either by the negligence of voting-machine vendors or exploitation by hackers, won't be going away soon.

"It is clear that rigorous oversight is needed before the security of voting machines can be trusted. While [I'm] generally neither in the pro-open source camp, nor against it, in this case I believe that complete transparency is probably the best approach," Abrams said.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • IBM Giving Orgs a Governance Lifeline in Agentic AI Era

    Nearly overnight, organizations are facing brand-new challenges caused by self-directed AI systems (a.k.a. agentic AI). Big Blue is extending them some help.

  • Microsoft Launches Integrated E-mail Security Ecosystem for Defender for Office 365

    Microsoft is expanding its e-mail security capabilities with the launch of a new Integrated Cloud Email Security (ICES) ecosystem for Microsoft Defender for Office 365.

  • Microsoft Joins Workday's AI Agent Partner Network

    Microsoft has become a key partner in Workday's newly launched AI Agent Partner Network, aligning with other industry leaders to integrate AI agents into enterprise workforce systems.

  • LinkedIn CEO Ryan Roslansky To Lead Microsoft's Productivity Initiatives

    In a strategic leadership realignment, Microsoft has appointed LinkedIn CEO Ryan Roslansky to oversee its consumer and small business productivity software division, encompassing Microsoft 365, Teams and AI-driven tools like Copilot.