By using this website you allow us to place cookies on your computer. Please read our Privacy Policy for more details.

Election Reform and Electronic Voting Systems (DREs): Analysis of Security Issues

View Publication


 

Publication Date: November 2003

Publisher: Library of Congress. Congressional Research Service

Author(s):

Research Area: Politics

Type:

Abstract:

In July 2003, computer scientists from Johns Hopkins and Rice Universities released a security analysis of software purportedly from a direct recording electronic (DRE) touchscreen voting machine of a major voting-system vendor. The study drew public attention to a long-simmering controversy about whether current DREs are vulnerable to tampering that could influence the outcome of an election.

Many innovations that have become familiar features of modern elections, such as the secret ballot and mechanical lever voting machines, originated at least in part as a way to reduce election fraud and abuse. Computer-assisted counting of ballots, first used in the 1960s, can be done very rapidly and makes some kinds of tampering more difficult. However, it does not eliminate the potential for fraud, and it has created new possibilities for tampering through manipulation of the counting software and hardware. DREs, introduced in the 1970s, are the first voting systems to be completely computerized. Touchscreen DREs are arguably the most versatile and user-friendly of any current voting system. Their use is expected to increase substantially under provisions of The Help America Vote Act of 2002 (HAVA, P.L. 107-252), especially the requirement that, beginning in 2006, each polling place used in a federal election have at least one voting machine that is fully accessible for persons with disabilities.

With DREs, unlike document-ballot systems, the voter sees only a representation of the ballot; votes are registered electronically. Some computer security experts believe that this and other features of DREs make them more vulnerable to tampering than other kinds of voting systems, especially through the use of malicious computer code. While there are some differences of opinion among experts about the extent and seriousness of those security concerns, there appears to be an emerging consensus that in general, current DREs do not adhere sufficiently to currently accepted security principles for computer systems, especially given the central importance of voting systems to the functioning of democratic government. Others caution, however, that there are no demonstrated cases of computer tampering in public elections, and any major changes that might be made to improve security could have unanticipated negative effects of their own. Several proposals have been made to improve the security of DREs and other computer-assisted voting systems. They include (1) ensuring that accepted security protocols are followed appropriately, (2) improving security standards and certification of voting systems, (3) use of opensource computer code, and (4) improvements in verifiability and transparency.

Much of the current debate has focused on which such proposals should be implemented and through what means - in particular, whether federal involvement is necessary. Some states are already addressing these issues. The Election Assistance Commission established by HAVA will have some responsibilities relating to voting system security and could address this controversy directly. Some observers have also proposed federal funding for research and development in this area, while others have proposed legislative solutions including enhancement of the audit requirements under HAVA.