Network World

I am a software engineer and have also worked several elections as a poll worker in Silicon Valley using touchscreen voting machines.

It is my opinion that the configuration that is typical of regular elections - that of each voting machine acting as a standalone unit - is not hackable without concerted effort.

News reports of the test conducted on behalf of the State of California indicate the security code was given to the testers, as well as wireless access to the units, which are items far beyond the standard configuration witnessed in the typical polling place.

Unless and until the testing methodology is revealed and compared and contrasted to the standard polling place configuration, this report by the State of California should be viewed with skepticism.

With all due respect to the other commenters, the fundamental deficiencies in these electronic voting systems have been known and documented for years. Here's a link to a study published in 2004:

http://www.avirubin.com/vote.pdf

A detailed technical study was commissioned several years ago by the State of Maryland. I've read that study, and I think it's reasonable to conclude that the software engineers who designed these systems were working with insufficient security specifications and were inadequately trained in technical security fundamentals, such as the proper implementation of encryption in applications software.

Although the companies responsible for these deficient products would like us to believe that they are subject to some kind of political vendetta, here's a more likely scenario.... Following the debacle surrounding George W. Bush's election in 2000, money became available to upgrade voting equipment. Several companies rushed to take advantage of this transitory opportunity, in some cases through acquisition, repurposing, and rebranding of existing software. The politicians at that time, under a certain amount a pressure to address the situation, purchased what was available.

As is so common with IT purchases, the security analysis was done after the fact -- and it's no surprise that these systems came up deficient.

A few politicians have had the courage to stand up and admit that mistakes have been made. Companies such as Diebold should be equally courageous and invest some of their PR and lobbying budgets in improving their products. Here's one situation where Microsoft has set a good example.

As to the notion that poll workers can ensure the security of these complex systems... It is theoretically possible to ensure secure use by following a highly presecribed set of procedures at every stage of the voting, data transmission, aggregation, and reporting processes. However, the average election worker is not likely to be adequately trained and conversant in these procedures.

My personal experience at polling sites is lines backed out the door and temporary workers barely keeping up with looking up the names on the registration rosters.

Our democracy should not depend on data of doubtful integrity.