Home
Site Map
Reports
Voting News
Info
Donate
Contact Us
About Us

VotersUnite.Org
is NOT!
associated with
votersunite.com

E-Vote Vendors Hand Over Software 

By Kim Zetter  WiredNews

03:00 PM Oct. 26, 2004 PT

In an effort to increase the integrity of next week's presidential election, five voting machine makers agreed for the first time to submit their software programs to the National Software Reference Library for safekeeping, federal officials said on Tuesday.

The stored software will serve as a comparison tool for election officials should they need to determine whether anyone tampered with programs installed on voting equipment.
The National Software Reference Library is part of an election security initiative launched by the U.S. Election Assistance Commission, a new federal entity that Congress created after the Florida 2000 election problems. The EAC is the first federal entity established to improve the integrity and efficiency of elections.

DeForest Soaries, chairman of the EAC, in June requested software from the largest voting companies, which provide 90 percent of the software to be used in computerized voting machines on Tuesday. The companies include Election Systems and Software, Diebold Election Systems, Sequoia Voting Systems and Hart InterCivic. Two other companies, Avante Technologies and VoteHere, have also handed over their software, although no counties will be using their software in the presidential election. The EAC will eventually ask all voting companies, even those that produce counting software for punch card machines, to submit their software.

Soaries called the library a major step and praised the vendors for their willingness to increase the transparency of elections.

"Their acceptance of our request to submit their software begins the process that assures the country that we will have (a) higher level of security and therefore confidence in e-voting than we have ever had before," Soaries said in a press conference.

The National Institute of Standards and Technology the agency that sets official measurements and defines standards for all kinds of commercial products will maintain the voting software library. NIST already manages a library of other types of software, like the Windows 2000 operating system, to help law enforcement investigate crimes involving computers. Doug White, the library's project leader, said NIST stores applications on CDs in a room that is similar to a criminal investigator's evidence locker, which means the software can be used as evidence in a court. The stored software is object code, not source code. Source code is text written in a programming language. Object code is the same code after it is translated into the machine language of ones and zeroes that a computer can read.

Counties and states will eventually be able to use the library to verify that they are using a certified version of software. This is good news to Scott Konopasek, the registrar of voters for San Bernardino County in California. In September, after California certified a new version of software for his county's voting system, the vendor, Sequoia Voting Systems, sent Konopasek the software to load on his machines. But when Konopasek asked the state to verify that the software the vendor gave him was unchanged from the version the state certified, state officials told him they had no means to verify it and that Konopasek would have to trust the vendor.

Vendor trust was precisely the measure of verification the state was using last November when it discovered that Diebold Election Systems had installed uncertified software on machines in 17 California counties without telling the state.

NIST's voting software library was established too late this year to examine software that has already been loaded onto locked voting machines, so election officials won't be able to verify that they have unchanged, certified software before Tuesday's election.

But if questions about the veracity of a voting system arise after the election, computer forensic experts will be able to compare the software used on machines with the software in the NIST library to see if the software was altered. They can do this by comparing cryptographic hash files, which are digital fingerprints that identify the integrity of software. Like human fingerprints, no two digital fingerprints taken from software are identical.

"This gives us one more mechanism for assuring voters that their votes have been recorded and reported correctly and haven't been tampered with," Konopasek said. "There's no one single thing that election officials will ever be able to do to convince everyone. But the more we can add to our inventory of audits and controls, the more we can establish confidence of voters not just the technically savvy voters, but all voters."

Soaries acknowledged that the library alone can't secure elections and voting systems but can only work in concert with other procedures. And the EAC still has to work out several issues related to the library, such as who will be responsible for checking hashes before an election if county election officials don't have someone knowledgeable on staff to do so. EAC has to determine how best to handle patches, or last-minute fixes and upgrades to machines. Currently, it will be up to the county and vendor to decide whether to resubmit that software to the library before an election. And the EAC has to establish a policy for dealing with false readings if patches and upgrades to a software program result in multiple versions of hashes being stored for safekeeping and the wrong one is used for verification.

In addition to the library, the Commission has instigated several measures to increase the integrity of elections. These include developing new voting machine standards that would require voting machine companies to make machines that are more secure.

The commission is also looking at developing national standards for election procedures to establish uniform methods for physically securing voting machines and providing checks and balances to prevent and catch voter fraud. Additionally, the commission has been speaking about creating a clearinghouse to gather reports from states and counties about problems they encounter with voting equipment.



Previous Page
 
Favorites

Election Problem Log image
2004 to 2009



Previous
Features


Accessibility Issues
Accessibility Issues


Cost Comparisons
Cost Comparisons


Flyers & Handouts
Handouts


VotersUnite News Exclusives


Search by

Copyright © 2004-2010 VotersUnite!