Computer scientist defends security community stance on e-voting
Aviel Rubin is the professor at the center of the controversy over e-voting security

 News Story by Dan Verton

JULY 21, 2004 (COMPUTERWORLD) - WASHINGTON The computer science professor at the center of the controversy over electronic voting system security told members of Congress yesterday that policymakers made "a mistake" by not conferring with security experts about voting system technologies. And he said that using the systems in November without first fixing the security flaws would be "irresponsible."

Aviel Rubin, a computer science professor at Johns Hopkins University in Baltimore, defended a series of recent studies that outlined significant security vulnerabilities in the current generation of e-voting systems and he criticized policymakers for not requiring security audits sooner. Rubin testified before the House Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census.

"I have been disappointed that the policy community did not reach out to the computer security community when making decisions about voting technology, and when my community came to the table, they said it was too late," said Rubin.

In February, Rubin co-authored a controversial paper that outlined major security vulnerabilities in the software powering e-voting systems developed by Diebold Inc. In addition to Rubin's research, three other independent studies have uncovered similar problems and a host of other issues related to the reliability of most electronic voting systems now in use.

"At this point, the failures of current [direct recording equipment voting systems] have been documented in four major studies by leading computer security experts," said Rubin. "Yet computer security experts, myself included, find ourselves routinely referred to as Luddites and conspiracy theorists."

In May, Harris Miller, president of the Information Technology Association of America, an Arlington, Va.-based association of IT vendor companies, labeled Rubin's research "misleading, at best," and compared his testimony at a hearing of the Election Assistance Commission to yelling "fire" in a crowded theater without cause (see story).

But Rubin has refused to back down, telling members of Congress that in a range of terrible to very good security, today's electronic voting systems "are sitting at terrible.

"Not only have the vendors not implemented security safeguards that are possible, they have not even correctly implemented the ones that are easy," said Rubin.

Terry Jarrett, general counsel to Missouri Secretary of State Matt Blunt, said the public's concern about the security and integrity of the election process is what prompted his state to certify only those e-voting systems that offered a voter-verifiable paper audit trail.

"At this point in time, Secretary Blunt is convinced that a voter-verified paper ballot is the only paper audit trail that can provide voters with a reasonable assurance that their vote will not be lost, destroyed or otherwise not counted," said Jarrett. "In our urgency to improve and upgrade voting systems, we must not certify equipment and systems that have the potential to cast doubt on the integrity of an election. Effective security standards and procedures must be considered and implemented."

However, Randolph C. Hite, director of information technology architecture and systems at the Government Accountability Office, the investigative arm of Congress, cautioned that while there is genuine concern about system security, the technology used to conduct elections is only one part of a much larger process. 

"Given the amount of time that remains between now and the November 2004 elections, jurisdictions' voting system performance is more likely to be influenced by improvements in poll worker ... training, voter education about system use and vote-casting procedures than by changes to the systems themselves," he said.

According to Hite, a lack of industry standards for systems design has long been a problem for e-voting system performance, reliability and security. But Hratch G. Semerjian, acting director of the National Institute of Standards and Technology, said his agency has been making progress in developing standards and best practices for security. The only problem is that NIST is currently scheduled to deliver detailed recommendations to the Election Assistance Commission sometime during the next nine months too late for this fall's national election.

In the near term, NIST has compiled a list of best security practices for elections based on the Federal Information Processing Standards. The list is intended to help state and local election officials better secure voting equipment before the election, Semerjian said.

Earlier this month, the NIST-led Technical Guidelines Development Committee held its first meeting to outline a road map for the development of standards that can be used by 2006. In addition, the committee adopted a resolution that established three working subcommittees to address security and transparency, human factors and privacy, and testing.

The committee plans to hold its next public meeting in January 2005, according to Semerjian.