Reports on eVoting continue to give it poor marks for security

I ran across three different articles on eVoting over the last little while that interested me:

E-voting systems vulnerable to viruses and other security attacks, new report finds - This report documents the efforts of two teams of security researchers from UC Berkeley and UC Davis (my alma mater). The teams evaluated eVoting machines from Diebold Elections Systems, Sequoia Voting Systems and Hart InterCivic. The most serious problem found by the researchers was the potential for viruses to be introduced to the voting machines and compromise the vote. The conclusion was that the vulnerabilities were not simple implementation bugs that could be patched easily, but significant design defects. You can see the published portions of the report as well as team members online.

A second report, called Post Elections Audits: Restoring Trust in Elections (PDF) details how very few states are equipped to find sophisticated and targeted attacks, not to mention non-systematic programming errors and bus that could change the outcome of an election. Common Cause has documented 30 instances where machine malfunctions changed vote tallies. Yet few states are doing the audits required to catch these problems.

Finally a watchdog group in Britain has called for halts to trials of Internet voting there. The report said that e-voting pilot schemes at the local elections in May were expensive, rushed and lacked adequate security testing. The interesting thing is, the the whole purpose of doing a pilot is to learn something, but when you're not properly set up, you're exposing people to risk for very little effect. For more detail see the full report.