Towards a reliable, verifiable voting machine

In the midst of a flurry of stories about what's wrong with e-voting machines - and there's plenty - Wired News sat down with professors Ed Felten of Princeton and David Wagner of UC Berkeley and asked them to describe what getting it right would like.

Combine touchscreen and optical scan technology.

We recommend a third alternative that combines the best attributes of both -- a ballot marking machine, such as one made by Election Systems and Software.

These devices let voters make their choices on a touch-screen. But instead of directly recording the votes digitally onto a memory card, the machine prints the votes onto a full-size paper ballot. Voters or election officials then place the completed ballots onto an optical-scan reader, where the votes are recorded digitally.

Eliminate removable memory cards.

urrent systems require election staff or poll workers to install memory cards into a slot in the voting machine to record the votes. To prevent someone from tampering with the cards, workers are supposed to place tamper-evident tape over the memory-card compartment. But workers often forget to install the tape or take proper action when they discover that the tape over a compartment has been broken.

Simplify operating systems.

Wagner says current electronic voting systems are more complex than they need to be and contain much more code than is needed to conduct elections. This makes it difficult for certification labs to thoroughly review the code for defects and security vulnerabilities.

"If you've got 50,000 lines of code, that's approaching the complexity of the U.S. tax code," Wagner says.

Make self-policing software

Felten recently made headlines when he and his students hacked a Diebold voting system in a few minutes and installed malicious code on it. He says a machine that would recognize the hash of a software program could prevent a program from running on the machine if its hash doesn't match the approved one. "That is one thing you would want to attend to in the design of the machine -- something in the architecture of the machine," Felten says. Or he would design a machine that could tell officials reliably what program was running on the system so they would know if unauthorized software patches or a different software program altogether had been introduced.

Code should be open and transparent

make the code transparent and available to the public so anyone who wanted to read it could see what was in the system. In addition, code used in any specific machine would, by law, be made available for inspection on request if the integrity of an election were questioned after the fact. In current circumstances, courts have refused to force voting-machine makers to let parties disputing an election examine their software code.

"To me this is a basic principle," Felten says, "that the process by which elections are conducted and votes are counted should be transparent to voters."