In the wake of the 2000 Florida recount debacle, many states turned to computer voting machines to increase election accuracy and security. Many computer scientists have long been skeptical of such machines, but only recently have researchers had access to them for study. At the October 24 Lunch’n Learn seminar, J. Alex Halderman, a PhD candidate in the department of computer science, described how he and his colleagues (Joe Calandrino, Ari Feldman, and Halderman’s adviser Ed Felten) examined several widely used electronic voting systems and discovered that they were susceptible to attacks that could alter election results and compromise the secrecy of the ballot.

In spite of these problems, Halderman contended that computers have the potential to make elections more secure. He concluded that new computer-assisted auditing techniques developed at Princeton can significantly reduce the costs of election security.

In response to the 2000 election debacle, Congress passed the Help America Vote Act, a $3.9B legislative package designed to help states upgrade voting machines by November 2006. As a result, many states embraced direct recording electronic (DRE) voting machines that store voting results in the machine’s memory. But these machines are inherently computers are just as susceptible to bugs, viruses, and attacks.

In 2006, Halderman and his team legally obtained a Diebold voting machine and carried out the first complete, public, independent audit of a DRE. After reverse engineering the machine, they successfully built demonstration attacks that confirmed that it was possible to hijack election results. Specifically, malicious software running on the machines can steal votes undetectably and alter all backups and logs. They demonstrated that anyone with physical access to a DRE (and machines are often not securely stored) could install malicious software code in as little as one minute. Halderman noted that the physical key used to open and lock the machines is a common key often used for devices such as hotel refrigerators.

Finally, they showed that such malicious code could spread automatically and silently from machine to machine in the form of a voting machine virus. Unsuspecting election workers, upon initializing the machine, would unknowingly carry the code from infected machines to other machines.

The Princeton team has assembled auditing techniques that hold the promise of making elections secure. They recommend that vote be recorded on an electronic voting machine that then prints a paper record of the vote. Voters can confirm that the paper record matches their intended vote. The paper record falls randomly into a secure bin. Paper receipts from randomly selected polling places would be subsequently scanned by a computer recount machine. Using the output of this machine, election workers would manually verify enough randomly selected ballots to achieve statistical confidence that the election’s winner actually succeeded in winning the election

The Princeton Packet published an additional story about the event: PU team advises paper backup for electronic voting.

Due to a technical failure, we are only able to provide a podcast of the first half hour of the talk. The complete presentation is available.

Posted by Lorene Lavora