DRE voting machine
From Wikipedia, the free encyclopedia
Terminology: |
---|
|
Testing: |
|
Voting Technology: |
Voting system manufacturers: |
A direct-recording electronic (DRE) voting machine records votes by means of a ballot display provided with mechanical or electro-optical components that can be activated by the voter (typically buttons or a touchscreen); that processes data by means of a computer program; and that records voting data and ballot images in memory components. After the election it produces a tabulation of the voting data stored in a removable memory component and as printed copy. The system may also provide a means for transmitting individual ballots or vote totals to a central location for consolidating and reporting results from precincts at the central location.
In 2004, 28.9% of the registered voters in the United States used some type of direct recording electronic voting system, up from 7.7% in 1996.
Contents |
[edit] Security and Concerns
Critics of DRE Machines claim that there is an increased risk of electoral fraud and if the security of the DRE software is compromised, election results could be tampered with in an undetectable fashion. Other critics charge that foreign hardware could be inserted into the machine, using a man in the middle attack technique, and call for DRE machines to be physically sealed.[1] These claims are countered by the position that review and testing procedures can detect fraudulent code or hardware, if such things are present, and that a thorough, verifiable chain of custody would prevent the insertion of such hardware or software. Concerns like these have prompted the use of Voter Verified Paper Audit Trail. Another method to detect fraudulent voting machines are parallel test elections which are conducted on the election day with randomly picked machines. (The ACM published a study showing that, to change the outcome of the 2000 U.S. Presidential election, only 2 votes in each precinct would have needed to been changed.[2])
A workgroup of the National Institute of Standards and Technology (NIST) stated in a discussion draft, "Simply put, the DRE architecture’s inability to provide for independent audits of its electronic records makes it a poor choice for an environment in which detecting errors and fraud is important."[3] The report does not represent the official position of NIST, and misinterpretations of the report has lead NIST to explain that "Some statements in the report have been misinterpreted. The draft report includes statements from election officials, voting system vendors, computer scientists and other experts in the field about what is potentially possible in terms of attacks on DREs. However, these statements are not report conclusions."[4]
[edit] Demonstrated Laboratory Attacks
- Diebold AccuVote-TS (Manipulation of the votes by the University of Princeton.)[5]
- Nedap ES3B (Manipulation of the votes by a citizen group)[6][7]
- SDU voting computers (Violating the secrecy of the ballot using Van Eck phreaking, tested by the Durch secret service AIVD)[8]
[edit] Auditing and VVAT
A fundamental challenge with any voting machine is assuring the votes were recorded as cast and tabulated as recorded. Because there is no tangible ballot and the voter cannot check the computers memory by themselves, Non-document ballot voting system can have a greater burden of proof, and are even referred to as Black Box Voting machines by critics. This is often solved with an independent audit-able system that can also be used in recounts. These systems can include the ability for voters to verify how their votes were cast, or further to verify how their votes were tabulated.
Systems that allows the voter to prove how they voted have not been used in U.S. public elections, and are prohibited by most state constitutions. Voter intimidation and vote selling are the chief concerns that have led to prohibition of receipts.
Various technologies can be used to assure voters that their vote was cast correctly, detect possible fraud or malfunction, and to provide a means to audit the original machine. Some systems include technologies such as cryptography (visual or mathematical), paper (kept by the voter or only verified), audio verification, and dual recording systems (other than with paper).
Dr. Rebecca Mercuri, the creator of the voter verified paper audit trail (VVPAT) concept (as described in her Ph.D. dissertation in October 2000 on the basic voter verifiable ballot system), proposes to answer the audit-ability question by having the voting machine print a paper ballot or other paper facsimile that can be visually verified by the voter before being entered into a secure location. Subsequently, this is sometimes referred to as the "Mercuri method").
An audit system can be used in measured random recounts to detect possible malfunction or fraud. With the VVPAT method, the paper ballot is often treated as the official ballot of record. In this scenario, the ballot is primary and the electronic records are used only for an initial count. In any subsequent recounts or challenges the paper not electronic ballot would be used for tabulation. Whenever a paper record serves as the legal ballot, that system will be subject the same benefits and concerns of any paper ballot system.
To successfully audit any voting machine a strict chain of custody is required.
- See also: Voter Verified Paper Audit Trail
[edit] Public Source Code
Security experts, such as Bruce Schneier, have demanded that voting machine source code should be publicly available for inspection.[9] Others have also suggested publishing voting machine software under an free software license like it is done in Australia.[10] Publicly reviewable source code would not in itself be enough to determine if the code running on the machine differs from the original inspected code. The operating system, BIOS, firmware and other hardware can also be used to hide malicious code and need to be inspected. In Australia the software used is open source, but the other sources of error have caused the government to insist on a voter verifiable paper ballot.
[edit] Benefits of DRE voting machines
Like all voting machines DRE systems increase the speed of vote counting. They can also incorporate the most broad assistive technologies for the largest classes of handicapped people, allowing them to vote without forfeiting the anonymity of their vote. These machines can use headphones and other adaptive technology to provide the necessary accessibility. DRE's can also provide the most robust form of immediate feedback to the voter detecting such possible problems as undervoting and overvoting which may result in a spoiled ballot. This immediate feedback can be helpful in successfully determining voter intent.
Additionally, with DRE voting systems there is no risk of exhausting the supply of paper ballots, and remove the need for printing of paper ballots, a significant cost.[11] When administering elections in which ballots are offered in multiple languages (in some areas of the United States, public elections are required to by the National Voting Rights Act of 1965), DRE voting systems can be programmed to provide ballots in multiple languages on a single machine. For example, King County, Washington's demographics require them under U.S. federal election law to provide ballot access in Chinese. With any type of paper ballot, the county has to decide how many Chinese-language ballots to print, how many to make available at each polling place, etc. Any strategy that can assure that Chinese-language ballots will be available at all polling places is certain, at the very least, to result in a lot of wasted ballots.
[edit] Machine manufacturers
- Diebold Election Systems (USA)
- ES&S (USA)
- Sequoia Voting Systems (USA)
- Hart Intercivic (USA)
- Avante
- AccuPoll
- Advanced Voting Solutions, formerly Shoup Voting Machine Co.
- MicroVote
- Nedap (Netherlands)
- UniLect
[edit] See also
[edit] References
- ^ Nedap/Groenendaal ES3B voting computer a security analysis (chapter 7.1)
- ^ Di Franco, A., Petro, A., Shear, E., and Vladimirov, V. 2004. Small vote manipulations can swing elections. Commun. ACM 47, 10 (Oct. 2004), 43-45. DOI= http://doi.acm.org/10.1145/1022594.1022621
- ^ Requiring Software Independence in VVSG 2007: STS Recommendations for the TGDC
- ^ R Questions and Answers on the Draft Report: "Requiring Software Independence in VVSG 2007: STS Recommendations for the TGDC"
- ^ Security Analysis of the Diebold AccuVote-TS Voting Machine
- ^ Nedap/Groenendaal ES3B voting computer, a security analysis
- ^ Dutch citizens group cracks Nedap's voting computer
- ^ Use of SDU voting computers banned during Dutch general elections (Heise.de, 31. October 2006)
- ^ The Problem with Electronic Voting Machines
- ^ The electronic voting and counting system
- ^ "http://post-journal.com/articles.asp?articleID=6218". The Post-Journal
[edit] External links
- ProCon's "Do DRE's improve the voting process?" review
- Aussies Do It Right: E-Voting by Kim Zetter at Wired
- David Allen's Black Box Voting website
- Bev Harris's Black Box Voting website
- AEI-Brookings Election Reform Project
- Electronic voting website by Rebecca Mercuri
- European Association Electronic Libre
- National Committee for Voting Integrity
- Open Voting Consortium — group raising money to create open source voting systems with paper ballots.
- The Problem with Electronic Voting Machines by Bruce Schneier (security expert)
- Verified Voting
- Election Glitches: The Secret Dangers of Electronic Voting Machines at California Connected Newsroom
- The Machinery of Democracy: Protecting Elections in an Electronic World from the Brennan Center for Justice Voting System Security Task Force