Government, banking officials claim it's not necessary
December 04, 2006 (IDG News Service) -- A U.S. government board looking at ways to improve the security of electronic voting has rejected one proposal that would have required election officials to use paper-trail ballots or other audit technologies with the machines.
The Technical Guidelines Development Committee (TGDC), an advisory board to the U.S. Elections Assistance Commission (EAC), on Monday failed to pass a proposal to certify only those direct record electronic (DRE) machines that use independent audit technology. Before the 6-6 vote, TGDC members expressed concerns that a requirement would create a costly mandate to local governments.
TGDC members said they will continue debate on ways to improve e-voting security. The TGDC could bring the proposal or an amended one back up at any time, said Michael Newman, a spokesman at the National Institute of Standards and Technology (NIST), the agency that helps the TGDC develop voting standards.
The proposal, advanced by NIST staff and TGDC member Ronald Rivest, a computer science professor at the Massachusetts Institute of Technology, would have required "software independent" DREs with some kind of independent audit mechanism, such as the voter-verified paper trail printouts advocated by some e-voting critics.
One advocate of paper-trail audits for DRE said he was disappointed with the TGDC's vote. The recommendation was a "much-needed step toward making certain that voting systems are secure, useable, and reliable," said Eugene Spafford, chairman of the U.S. policy committee at the Association for Computing Machinery (ACM).
"Software independence avoids reliance on the accuracy and security of the voting machine software in order to verify an election outcome," Spafford said by e-mail. "The ... initial recommendation was well-grounded, carefully balanced, and addressed an issue that is critical to the integrity of our election process."
Rivest and NIST staff members argued that there's no way to recount elections in which DREs were used without an independent audit mechanism, repeating e-voting critiques in a draft e-voting security white paper circulated last month.
"Simply put, the DRE architecture's inability to provide for independent audits of its electronic records makes it a poor choice for an environment in which detecting errors and fraud is important," the NIST paper said.
But advocates of the software independence approach aren't accusing DREs of being insecure, Rivest said. "What we're saying is we can't tell if they're secure or not," he added. "We don't know how to create requirements to tell if they're secure."
More:
http://computerworld.com/action/article.do?command=viewArticleBasic&articleId=9005632