The electronic voting machines that will be used to pick a new US president this year can be hacked. So say security experts, speaking at the RSA Conference in San Francisco.
As the November election approaches, the question before officials is not how to fix known bugs in their e-voting systems, but rather, how best to check them for fraud, said David Wagner, an associate professor with the University of California, Berkeley's computer science department.
Wagner was part of the team that audited California's voting systems during the state's review of electronic voting, and the problems his team found affect counties across the US.
"The three systems we looked at are three of the most widely used around the nation," he said during an e-voting panel discussion at the show. "They're going to be using them in the 2008 elections; they're still going to have the same vulnerabilities we found."
With images of Florida's laborious 2000 presidential recount in their minds, county officials have spent billions over the past eight years on electronic voting systems. These systems are supposed to take the guesswork out of vote-counting. The problem is that they are insecure, and now states are being forced to make do with buggy equipment, panel members agreed.
"We have spent billions of dollars on equipment," Wagner said. "We don't have another several billion dollars."
The California audit examined systems from Diebold Elections Systems, Hart InterCivic and Sequoia Voting Systems, ultimately permitting their use in 2008, but only under certain conditions. In testing, Wagner and his team found that they could introduce a computer virus to any of the three systems, which would then spread throughout the county and ultimately skew the vote count.
This year most California voters will use paper ballots, which give officials a way to audit their machine-counted tallies for irregularities, but not all states have that option. About a quarter of the votes cast in the upcoming election will be on electronic voting equipment with no paper trail, Wagner said. And even the states that keep paper records are not necessarily checking their results. Only about a third of all states have records that are regularly audited.
That's too bad, he said, because the ability to check whether your voting system has been hacked is of paramount importance. "Security is not the most important thing," he said. "What's more important for elections is auditability."