RYE, N.Y. Computer experts are questioning the security of the all-electronic voting machines being used in this year's presidential election, but the problems posed by this new approach to recording the vote run much deeper than vote tampering or lost data.
The secret ballot and the partisan nature of elections place a huge burden on electronic security a burden the field is probably not ready to shoulder, according to Barbara Simons, a computer security expert at Stanford University.
"In my view, voting is a national security issue, and I have to say that I fear that what we are going to see with this upcoming election is a huge amount of chaos and a lot of questioning of results," she said. Simons was addressing computer security and privacy issues at an American Institute of Physics forum on the future or information technology this week (Oct. 25-26) at IBM Corp.'s T.J. Watson Research Center (Yorktown Heights, N.Y.).
The popular criticism of electronic touch-screen voting has centered on inadequate protection against hacking. Many experts believe that it would be relatively easy for someone to electronically break into the machines and tamper with vote counts. But even without malicious intent, electronic voting machines pose serious problems for electronic data security.
Simons participated in a government study of voting machine security issues before the current system was mandated. The project was eventually cancelled because the conclusions by the panel of computer scientists were so negative. "What the government eventually adopted was even worse," Simons added.
Election integrity involves two large areas of current research: privacy issues and data security. Although actual computer and communications technology may be highly advanced, the issues overlap with social and legal aspects of society over which technologists have little control. As computer technology is suddenly thrust into new areas of society, as in the current election, experts warn that the results may not be what was intended.
For example, voting machine software being readied for the 2004 elections is proprietary to the companies supplying the machines. That effectively takes control of the election results away from election officials, who would must rely on computer experts at the company to verify that the correct software has been installed on voting machines.
In one chilling scenario, vote fraud could be perpetrated by an employee of a voting machine company simply by inserting unauthorized code into the finished product. There would be no way for election officials to detect the attack.
Voting machine manufacturers recently agreed to submit portions of their code to the National Software Reference Library maintained by the National Institute of Standards and Technology (Gaithersburg, Md.). However, they have refused to submit source code or last-minute patches to the code. The gesture falls short of what is required for election security, according to computer scientists.
Computer security experts have tried for decades to quantify notions of privacy and security without reaching a consensus, and it may be that such notions represent a fundamental limitation similar to the uncertainty principle in physics or Alan Turing's proof known as the halting problem that some computer problems have a yes or no answer, but the result cannot be computed.
For those reasons, Simons arroved at an unusual conclusion for a computer scientist that paper ballots are the only foolproof method for recording votes. "Of course, the argument against paper ballots is that we can't count all that paper, but that's not true. Banks count paper every day. Its a well established technology," she said.
There may be a solution to the problems posed by electronic voting, but computer science has not produced it in time for the hotly-contested 2004 elections.