|
FYI,
DW
=====================================================
- Precinct-based optical scan systems are the most
"accurate" voting systems available today. They are also reasonably
priced and can satisfy HAVA requirements in a cost-effective manner with
devices such as the ES&S AutoMark (See Figure 3).
- Current DRE systems are not engineered to meet the
needs of elections. They are extremely expensive to procure and
maintain. They are not sufficiently robust
against fraud. They are less usable to the broad population of voters than
earlier, simpler technologies.
- Existing standards and practices for the certification of
voting systems are insufficient to the security requirements of DRE
systems. Significant effort will be needed to created the
next generation of standards.
- Few quantitative studies have been performed on the
usability of different voting technologies. Vendor claims of improved
usability should not be considered meaningful until they perform significant
user studies under controlled conditions. Existing
anecdotal evidence, including event reports, are at best mixed in their
opinions of different voting systems’ usability. Election
official should perform controlled, scientific studies of their own
populations using their own voting machines to truly understand where they
might be experiencing usability problems.
- Most voting system vendors consider their software to be
proprietary trade secrets and generally resist any attempts to disclose and
discuss their designs in public. Private, vendor trade
secrets have no place in public elections. Vendors are welcome to protect
their intellectual property with copyrights and patents, but their full
designs must be subject to public scrutiny. As elections
become increasingly electronic, such scrutiny is critical to maintaining
transparency and public confidence in elections.
- Computer software, at every stage in the process, might be
buggy and could well be malicious. Different strategies are
necessary to mitigate against this threat, depending on what voting system is
used.
- Paperless DRE voting systems generally print
precinct-level tallies at the end of the election. These
printouts are generally signed by the election officials working in the
precinct. Those signed printouts should be treated as
important evidence as to the result of the election and should be preserved
for recounts and post-election auditing.
- Precinct-level optical scanners might incorrectly tally
votes as well. The original marked ballots should be
independently counted, or at least randomly sampled and compared to the
electronic results, before an election result is certified.
- Paperless DRE systems should be upgraded to
voter-verified paper trail systems. The printouts should be treated in
exactly the same fashion as optical scan ballots: they should be carefully
preserved as evidence of voter intent and should be randomly sampled and
compared to the electronic results.
- “Parallel testing,” where some DRE voting systems are
pulled out of general use and are tested, on election day but under
controlled conditions, is an pragmatic and valuable test that should be
performed whenever such voting machines are being used.
- The computers used to tabulate election results are a
tempting target for election fraud, and as such, require more significant
controls, including well-chosen passwords and physical access restrictions.
They should never, in their entire lifetime, be connected to the Internet or
to any modem or communication device. Instead, an “air gap” style of
security should be used. Data can be released to the public through simple
measures such as burning a CD with election results and hand-carrying such a
CD to a separate, network-enabled computer.
<!--[if
!supportEmptyParas]--> <!--[endif]-->
- Election officials need to hire “penetration testing”
(also called “tiger team”) consultants to examine the security of their
election systems. Where such teams have been hired in the
past, significant vulnerabilities have been discovered.
Such teams should be hired on a recurring basis to audit voting
machines as well as the entire voting process, from registration through
tabulation.
- The timely publication of detailed precinct-level election
statistics is critical to the public confidence in an election result, and
such data is often not available in its entirety for every county.
Such statistics can be easily derived from local voting tabulation
systems and should be quickly and electronically reported in a standardized
fashion.
|