Secure Votes, Secure Systems?
What does it mean for a voting machine, or an overall voting system, to be secure?
For years, there has been almost no agreement on an answer to that question. And the long running debate about the potential for elections to be rigged will take a new turn in California by this Friday. That's the date by which Secretary of State Debra Bowen will decide whether to perhaps ban some of the voting systems used in California's 58 counties as recently as last November.
Bowen is holding a lengthy public hearing today here in Sacramento to examine the findings of UC researchers who over the past few weeks poked and prodded several currently approved voting systems. Among their many tasks, the researchers looked for ways that hackers could game an election.
But back to the main question: what's the definition of security?
Local elections officials and representatives from voting machine manufacturers say the recent tests were of limited value, because the existing security practices used in each county weren't considered. At today's hearing, they told state elections officials that the newly released reports should be taken with a grain of salt.
"By ignoring the operational (real world) environment, the...team tested the system out of context," said Neil McClure of Hart Intercivic Voting Systems in his testimony this morning.
The researchers don't seem to dispute that accusation, but they do dispute that such an omission invalidates their testing. Instead, they argue that the makers of voting machines shouldn't assume that the machines will always be monitored or protected by poll workers and elections officials.
"The vendors should assume that components are used in completely untrusted environments," said Matt Bishop, a UC Davis computer scientist and one of the study's lead researchers.
It should be noted that the researchers tested more than just the "hackability" of voting systems. They also tested whether the existing systems comply with laws mandating accessibility for disabled voters. And researcher Bishop today flatly said that no system had full accessibility for the disabled... a major issue that has led to lawsuits in recent years.
The big question now is what will Secretary of State Bowen do? She seems to have three options: let the voting systems be used in February as they are (which seems unlikely)... ban some of the machines (the most extreme measure, and one which could lead to legal challenges)... or impose new rules designed to mitigate the security and usability flaws.
This final option may be the most likely scenario, but it's also unlikely to appease either those who oppose high tech voting machines, or local elections officials who say time is tight.
