Government Technology

At Issue: Has Voting Machine Integrity Improved?

October 24, 2011 By

Editor’s Note: Digital Communities is starting a new weekly feature called “At Issue” that will explore in depth a hot topic in the news concerning technology that’s important to cities and counties. If you would like to suggest a future topic or share your opinion, e-mail Wayne Hanson, editorial director of Digital Communities, at

Last month, Argonne National Laboratory's Vulnerability Assessment Team hacked a common type of electronic voting machine using a few dollars’ worth of parts. The “man in the middle” attack hijacked communications between the voting machine's computer and the user interface, enabling a person to remotely control voting results. (Watch these videos and see how it’s done.) As a result, say the researchers, voting machines must be physically inspected for the presence of "alien electronics" to guard against such an attack.

This news resurrected old worries about electronic voting machine integrity that many believed were put to rest a few years ago For example, in a September 2008 video interview with Government Technology magazine, California Secretary of State Debra Bowen discussed her top-to-bottom review of the state's voting systems: "There was no way we could guarantee that existing equipment in the field had not already been compromised, and we could not prevent compromises from affecting future elections, Bowen said." In addition, she said, there was no way to audit electronically stored votes of some electronic systems.

So Digital Communities recently asked Bowen and other officials involved in the voting process about the progress made the past few years to secure elections technology, and how confident they are that the country’s voters will have their intent carried securely to election-night results.

Bowen said that today's systems are much more trustworthy, with stricter security and reliability standards. "In California, we have the best of both worlds — a blend of electronic efficiency with the original back-up for reliable auditing,” Bowen wrote in an e-mail. “Most Californians vote on paper ballots that are optically scanned by high-speed machines. But for those who prefer a direct-recording electronic device for marking ballots — either because of a disability or a personal preference over paper — each California polling place offers that option too."

Kim Alexander, founder of the California Voter Foundation and a longtime observer of the state’s elections, agreed that the best systems use optical scanning. “It combines … the durability and auditability of a paper ballot with the speed and accuracy of computer counting.”

Alexander said the biggest problem with voting systems is their short shelf life. Two of the state’s biggest counties — Los Angeles and San Francisco -- are struggling to meet election requirements with existing equipment, Alexander said.

“It is not good enough to simply wait for the private sector to create the next generation of voting equipment that isn’t going to happen,” Alexander said. “It will take a major public investment to create the next generation of voting systems. And not the way HAVA [Help America Vote Act] did, putting the cart before the horse, doling out money on questionable equipment before there was any federal oversight in place."

Pamela Smith, president of the Verified Voting Foundation (VVF), works on the issue from a national perspective. Smith and VVF are on a mission — as she said — to safeguard elections in the digital age. Smith keeps tabs on each state’s voting systems and is an advocate of auditable backups on whatever type of system used. She is not an advocate of vote-by-mail, the way in which some states allow absentee voting. Oregon has moved completely to vote-by-mail, she said.

These “remote voting” ballots travel in the mail with no tracking or monitoring. And while Oregonians may trust the Postal Service, at least one bill in Congress aimed to put FedEx-style tracking on vote-by-mail ballots.

Coercion and privacy are also considerations. Voting at a polling station has the advantage of eliminating the possibility of someone looking over a person’s shoulder “and telling them how to vote ‘or else,’" in Smith’s words. And voting from home could be susceptible to payment for votes. But the big advantage of vote-by-mail is that it costs less, said Smith.

Finally, a Digital Communities reader from Nevada who works in law enforcement — requesting anonymity — weighed in on the issue. He said voting machines “must have some type of security software to make sure they can’t be readily hacked by outside means.” He suggested that non-networked machines that download voting information onto SIM-type chips appear to be more secure than networked ones. He agreed with Smith that vote-by-mail ballots needed some type of security tracking. He cited the “hanging chad” problem in Florida’s 2000 election mess, and said that “anything that can go wrong will go wrong.”  Any perceived problem in voting accuracy, he said, would “set off a feeding frenzy by both political parties which could have dire consequences.”

Next week’s topic: SCADA (supervisory control and data acquisition) systems are becoming an important consideration for city and county officials who manage technology. To share your insight and opinion on this topic, please e-mail

| More


Daniel Servatius    |    Commented October 25, 2011

I read the article, Has Voting Machine Integrity Improved? I’m in the government IT field and long ago I realized there’s no perfectly secure electronic voting process but one. I’ve shared this with a few people but unfortunately none of them is in a position to take up the concern. Perhaps you are, so I’ll share it with you. It’s pretty simple. Whatever the underlying process is, the end result should be a receipt that contains a unique identifier to the transaction so the voter who holds the receipt can audit their vote in the future. Think of a sales receipt from the store but instead of item descriptions and prices you have a record of the votes cast. This puts auditing in the hands of the voting public rather than a Secretary of State, Election judges and Computer programmers. Anyone who wanted to could go online and quite anonymously (since a person’s ID is not connected with voting data) check to see if the data used for election results exactly matches their votes. Public officials would be hard pressed to manipulate or tamper with such a system. Because if even one in a hundred people performed an audit (and I think people should be encouraged to do so) discrepancies would be noticed and as the famous Ricardo used to say to our friend Lucy, it would be , “You got some splainin’ to do.” Let me know what you think of this. If you’d like more information I’d be happy to share it with you.

Lloyd Livingstone    |    Commented November 25, 2011

There are 25 countries in the world that have Compulsory Voting. Possibly we should consider that solution.

Carol Davidek-Waller    |    Commented November 27, 2011

This article does little to address the issues around secure, transparent voting. It doesn't even adequately state the problems. "concerns"? Really. Theses systems are manufactured by corporations with a political agenda. Their source code is secret and they have deliberately left back doors in the system and some even employ felons. Nothing has been done to prevent yet another election being stolen by manipulating the vote. Verified voting who linked to this article won't get my support. They aren't doing anything.

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
McAfee Enterprise Security Manager and Threat Intelligence Exchange
As a part of the Intel® Security product offering, McAfee® Enterprise Security Manager and McAfee Threat Intelligence Exchange work together to provide organizations with exactly what they need to fight advanced threats. You get the situational awareness, actionable intelligence, and instantaneous speed to immediately identify, respond to, and proactively neutralize threats in just milliseconds.
Better security. Better government.
Powering security at all levels of government with simpler, more connected IT.
Cybersecurity in an "All-IP World" Are You Prepared?
In a recent survey conducted by Public CIO, over 125 respondents shared how they protect their environments from cyber threats and the challenges they see in an all-IP world. Read how your cybersecurity strategies and attitudes compare with your peers.
View All

Featured Papers