boston.com your connection to The Boston Globe

Via computer, a vote-counting headache

States are working to iron out wrinkles before New Year's

NEW YORK -- Even in this election off-year, the potential perils of electronic voting systems are bedeviling some state officials, as a Jan. 1 deadline approaches for complying with new standards for the machines' reliability.

Across the country, officials are trying multiple methods to ensure that touch-screen voting machines can record and count votes without falling prey to software bugs, hackers, malicious insiders, or other ills that beset computers.

This isn't just theoretical; problems in some states have led to lost or miscounted votes.

One of the biggest concerns surrounding computerized ballots -- their frequent inability to produce a written receipt of a vote -- has been addressed or is being worked on most states.

Still, a report issued in October by the Government Accountability Office predicted that overall steps to improve the reliability of varied electronic voting machines ''are unlikely to have a significant effect" in next year's elections.

This, the GAO said, is partly because efforts to establish and disseminate the certification procedures remain a work in progress.

''There's not a lot of precedents in dealing with these electronic systems so people are slowly figuring out the best way to do this," said Thad Hall of the University of Utah and coauthor of ''Point, Click, and Vote: The Future of Internet Voting."

In North Carolina, officials Thursday certified Diebold Inc. and Election Systems & Software Inc. and conditionally certified Sequoia Voting Systems Inc. as voting machine vendors. The state adopted new requirements, which include placing the machines' software code in escrow in case of a problem.

Other states have similar rules, but Diebold had argued in court last week that North Carolina's law was too broad. The company said to comply, it would have to disclose proprietary code behind Microsoft Corp.'s Windows CE operating system, which is used in its machines.

While rival machine vendors say they can meet those standards, Diebold sought an exemption, asking a judge to protect it from criminal prosecution if it did not disclose the code. The judge declined to issue such a blanket protection.

A different kind of showdown is brewing in California, where the secretary of state, Bruce McPherson, said he might force e-voting machine makers to prove their systems can withstand attacks from a hacker.

One such test on a Diebold system -- Diebold machines were blamed for voting disruptions in a 2004 California primary -- is expected to happen in the next few weeks.

The state has been negotiating details with Finnish security specialist Harri Hursti, who uncovered severe flaws in a Diebold system used in Leon County, Fla. (He demonstrated how vote results could be changed, then made screens flash ''Are we having fun yet?")

Similarly, elections officials in Franklin County, Ohio -- where older voting machines gave President Bush 3,893 extra votes in a preliminary count in 2004 -- recently asked a group of computer specialists to test newly purchased touch-screen voting machines from Election Systems & Software Inc.

Such designated hack attempts might be a flawed approach, because a failure proves only that a particular hacker couldn't break into a machine under certain conditions in a fixed period. That's not the same as opening things up to a broader group of researchers, as software developers sometimes do. Many critics of touch-screen election computers said the software should be publicly examined to make sure vote tampering couldn't occur.

But McPherson spokeswoman Nghia Nguyen Demovic said the hacking test would be just one of many factors in deciding whether to approve the voting machines.

McPherson has released a 10-point plan for certification efforts; these would include a software code escrow system.

All the scrutiny may make California miss a Jan. 1 deadline set under the Help America Vote Act of 2002.

That law was aimed at phasing out the punch-card ballots and other old-fashioned systems that were problematic in 2000. It requires states to improve disability access at polling places in addition to standardizing electronic voting systems.

A report by Election Data Services, a consulting firm, for the US Election Assistance Commission determined that 23 percent of American voters used electronic ballots in 2004, up from 12 percent in 2000.

Since then, largely because of warnings from computer security specialists and grass-roots activism, many states have begun requiring the machines to produce paper receipts that voters can examine. At least 25 states have such rules in place and 14 more have requirements pending, the Verified Voting Foundation said.

''There's a long way to go -- making our elections truly trustworthy in this country is a multifaceted problem," said David Dill, a Stanford University computer scientist and one of the founders of the Verified Voting Foundation.

Voting machine makers insist that their systems are reliable, and that critics have made too much out of isolated problems.

''Any time there's an issue that happens with a particular voting system, all vendors are painted with the same broad brush," said Michelle Shafer, a spokeswoman for Sequoia Voting Systems Inc. ''There are differences from product to product. You need to look at the track record of particular companies."

SEARCH THE ARCHIVES
 
Today (free)
Yesterday (free)
Past 30 days
Last 12 months
 Advanced search / Historic Archives