Feds urged to set electronic voting standards

While political scientists likely will find additional evidence of voting problems in last week's presidential election, it is unlikely to overturn the outcome. But that should not dissuade government officials and others from doing all they can to improve a system full of vulnerabilities before the next election, an e-voting expert said Tuesday.

"We have all kinds of evidence of machines misbehaving," Dan Wallach, an assistant professor of computer science at Rice University in Houston, said at a computer-security conference sponsored by the Computer Security Institute. "[But] what really keeps me awake at night is the notion of undetectable tampering."

Wallach said he favors optical-scanning machines, which he said are more accurate than electronic punch-card systems. But paper receipts are essential to ensure that votes are tallied the way they were cast, he said.

If software is buggy, there is no fallback for counting votes, as seen in some precincts last week. Right now, Americans must use a "faith-based system," trusting that their votes are properly recorded somewhere, he added.

Currently, only three independent testing authorities are given the voting machines' software code, which some critics argue is counterintuitive for an open election system. The authorities release only a decision that a system meets Federal Election Commission standards.

Those standards need to be raised, Wallach said, adding that a more complex method of certification is needed and that the code needs to be more secure.

He said a vendor "absolutely" could hack into a system and described various ways that fraud could be perpetrated and concealed. Voters and election officials also could tamper with systems, he said, and logic and accuracy tests of voting machines could be faked.

Voting methods are subject largely to state laws, and systems vary by state and even county. Federal or state legislation is needed to outline e-voting "best practices," Wallach said.

He proposed several improvements, including printing optically scanned paper ballots on special paper that is physically placed in ballot boxes by voters, or using a Brazilian system of letting voters see paper ballots beneath glass but not touch them.

Some ways of checking the veracity of last week's voting were employed. For instance, several states used forms of "parallel voting," in which voting machines were randomly pulled in some precincts and tested during the day.

Wallach also recommended using special voting computers less susceptible to hacking than the ordinary computers used for tabulations.

He said there is "a lot of political pressure" from disaffected Democrats to change the system. But he added that voting is "not a partisan issue" and that many election officials are "explicitly nonpartisan."

He said additional funding might be needed to make the changes because much of the money under a 2002 federal election law already has been spent on the existing, flawed machines. But he said there are ways to engineer cheaper -- and better -- machines.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.