A PDF of the original report finding fault with electronic voting machines. Abstract:
Recent election problems have sparked great interest in managing the election process through the
use of electronic voting systems. While computer scientists, for the most part, have been warning of
the perils of such action, vendors have forged ahead with their products, claiming increased security and
reliability. Many municipalities have adopted electronic systems, and the number of deployed systems is
rising. For these new computerized voting systems, neither source code nor the results of any third-party
certification analyses have been available for the general population to study, because vendors claim that
secrecy is a necessary requirement to keep their systems secure. Recently, however, the source code
purporting to be the software for a voting system from a major manufacturer appeared on the Internet.
This manufacturer’s systems were used in Georgia’s state-wide elections in 2002, and the company just
announced that the state of Maryland awarded them an order valued at up to $55.6 million to deliver
touch screen voting systems.1
This unique opportunity for independent scientific analysis of voting system source code demonstrates
the fallacy of the closed-source argument for such a critical system. Our analysis shows that
this voting system is far below even the most minimal security standards applicable in other contexts.
We highlight several issues including unauthorized privilege escalation, incorrect use of cryptography,
vulnerabilities to network threats, and poor software development processes. For example, common voters,
without any insider privileges, can cast unlimited votes without being detected by any mechanisms
within the voting terminal. Furthermore, we show that even the most serious of our outsider attacks
could have been discovered without the source code. In the face of such attacks, the usual worries about
insider threats are not the only concerns; outsiders can do the damage. That said, we demonstrate that
the insider threat is also quite considerable. We conclude that, as a society, we must carefully consider
the risks inherent in electronic voting, as it places our very democracy at risk.