In exercising their right to vote, the US citizens increasingly have to rely on the electronic voting technology. Since Help America Vote Act (HAVA) was signed into law in 2002, an overwhelming majority of voting districts has been deploying electronic voting equipment for use by their constituents. Coming from a number of different manufacturers, the electronic voting equipment in use today forms a quite diverse landscape of offerings. As in other cases of newly developed technology, the current industry practices fall short of providing adequate reliability and dependability, in turn leading to questionable or nonexistent guarantees regarding the integrity and security of electronic voting systems.
The security of electronic voting equipment is at the apex of concerns dealing with the integrity of elections conducted using such equipment. Computer systems in general have a notoriously bad record in being resistant to a variety of attacks as aptly demonstrated by the spread of viral threats and malicious intrusions. The reports from the banking industry indicate that up to 2% of the electronic banking commerce revenue is lost to fraud. Turning specifically to electronic voting systems, it has been demonstrated numerous times that the equipment can be subverted. Among others, the California top-to- bottom review, the Ohio EVEREST report, and the Connecticut VoTeR Center reports have pointed to a number of serious vulnerabilities that enable an attacker to take control of the voting equipment. Contrary to the previous technological offerings, the ballot-casting flexibility and tallying speed enjoyed by the new equipment is stemming from complex digital logic. In the hands of an attacker, the complexity of the logic enables methods of subversion and tampering entirely unheard of before, such as commandeering the equipment to bias the elections in a certain way without leaving a visible forensic trace.
Thankfully, in a growing number of districts using voter-verified paper ballots, voter intent is captured and stored independently of the electronic voting equipment used. This opens the unique opportunity of harnessing all the benefits of the electronic voting technology while mitigating the possible risks by instituting independent technological oversight and establishing audit procedures to ensure that no technological subversion or tampering occurs. While the banks may dismiss losing 2% of the revenue as a cost of doing business, losing or misplacing 2% of the votes due to electronic fraud is unacceptable. Given the relative immaturity and the lacking integrity guarantees of the extant electronic voting equipment, it is crucially important that comprehensive auditing is implemented for all significant elections. Audits can run the gamut from pre-election testing of voting equipment and media (e.g., memory cards), post-election forensics of the same media containing recorded election results and activity logs, to auditing the tabulator itself through independent recounts. Audits are effective in uncovering potential misconfiguration, foul play, subtle, yet significant equipment failures as well as deviations from prescribed electoral procedures. In essence, audits offer validation checkpoints throughout the electoral process that improve reliability and resilience and ultimately increase confidence in the entire process.
Since 2006, the VoTeR Center has invested very extensively in the development of comprehensive auditing of equipment used in the elections and in the design of safe election procedures. Starting in 2008 the Center has performed technological audits and assisted in the hand-counted audit procedures in all statewide elections in Connecticut, doing this in a cost-efficient and robust manner. Proper auditing not only dramatically increases the confidence of the voters that state elections are run in an exemplary fashion, but it also helps uncover procedural failings of the election process, enabling voting districts to fine tune their operation and better serve their constituents. Our goals are to ensure the integrity of the election outcomes conducted with electronic voting systems and to continuously assess the security and dependability of such systems.