By Afe Babalola
“However, as with virtually every innovation of man, electronic voting is not without its disadvantages. Analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts. We identify several problems including unathorized privilege escalation, incorrect use of cryptography, vulnerabilities to network threats, and poor software development processes. We show that voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal software”.
Continued from last week EARLY e-voting systems History records that electronic voting started sometimes in the 1960s when the punched cards systems were developed. By this method, the electorate simply punched holes with the aid of a machine against the name of the candidate of their choice. The advantage of this was that machines which were specially developed for this purpose could easily recognise the choice of the voter as indicated on the ballot paper and proceed to count and collate same.
This punched card system was used in the American State of Florida during the 2000 Presidential elections.The punched card system has been replaced in most jurisdictions with the newer optical scan voting system which allows the computer to recognise and count a voter’s mark on a ballot simply by scanning same. There is however a system known as the Direct Recording Electronic Voting System which is a system complete in itself in relation to actual voting and collation of results. A typical DRE machine has buttons or touch screen by which the voter imputes his vote. The vote is then stored on the memory hardware of the computer. At the end of the election, the computer prints out the collated results from the individual votes cast by the electorate. The DRE also provides a means of transmitting individual ballots or votes to a central collation for consolidating and reporting results. This system at least in operation is similar in some respects to your every day Automated Teller Machine in which you impute your account details and immediately receive your funds. The DRE system is presently adopted in Brazil, India and on a very large scale in Venezuela and the United States of America. The system for reasons which will be stated shortly was decommissioned in the Netherlands. It is pertinent to note that in most developed countries, large corporations and organizations use e-voting through the internet to elect officers and board members and for other proxy elections. In Switzerland, the use of e-voting has become the order of the day for local referendums. Advantages: Electronic voting offers a wide variety of advantages compared to other traditional voting methods. E-voting can speed up the process of distribution, voting, sorting, counting and collation of votes. Electronic voting machines It is estimated that in the 2004 elections in the United State, 1 million more ballots were counted than in 2000 because the improved electronic voting machines were able to detect votes that paper based machines utilized in the punching method would have missed. Disadvantages: However, as with virtually every innovation of man, electronic voting is not without its disadvantages. In 2004, 3 experts drawn respectively from the Department of Computer Science and Engineering of the University of California, Information Security Institute, John Hopkins University and the Department of Computer Science Rise University published a paper entitled “Analysis of an Electronic Voting System.” The abstract of the paper reads as follows: “With significant U.S federal funds now available to replace outdated punch-card and mechanical voting systems, municipalities and states throughout the U.S are adopting paperless electronic voting systems from a number of different vendors. We present a security analysis of the source code to one such machine used in a significant share of the market. Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts. We identify several problems including unathorized privilege escalation, incorrect use of cryptography, vulnerabilities to network threats, and poor software development processes. We show that voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal software. Furthermore, we show that even the most serious of our outsider attacks could have been discovered and executed without access to the source code. In the face of such attacks, the usual worries about insider threats are not the only concerns; outsiders can do the damage. That said, we demonstrate that the insider threat is also quite considerable, showing that not only can an insider, such as a poll worker, modify the votes, but that insiders can also violate voter privacy and match votes with the voters who cast them. We conclude that this voting system is unsuitable for use in a general election. Any paperless electronic voting system might suffer similar flaws, despite any “certification” it could have otherwise received. We suggest that the best solutions are voting systems having a “voter-verifiable audit trial”, where a computerised voting system might print a paper ballot that can be read and verified by the voter. The above extract I believe is self explanatory. For one, the e-voting system places much trust and emphasis on the reliability of the computers or machines to be employed in the recording, storing and collation of votes. However, computers and machines by their very nature are prone to malfunction. They can and do malfunction. Furthermore, the DRE system in particular leaves little or no room for verification in the voting exercise. The whole process is left to the computer or machine which as stated above is not infallible.Indeed, on October 3, 2006 the Dutch Minister of Interior withdrew the license of 1,187 voting machines over concerns that the integrity of the voting system could not be guaranteed if those machines were used. Republican candidate In the United States of America, the following problems were recorded in the 2006 general elections. During early voting in Miami, Hollywood and Fort Lauderdale, Florida in October 2006, 3 voters who cast their votes for Democratic candidates found that their votes were displayed as having been cast for Republican candidate. In Pennsylvania, a programming error forced electoral officers to resort to the use of paper ballot. The same event occurred in Indiana in which 175 precincts resorted to paper ballot. In Sarasota, Florida 18,000 votes were not recorded in the congressional election due to errors. In Arkansas, the DRE system returned zero votes for a particular Mayoral candidate who contended that he certainly voted for himself and that there should have been a minimum of 1 vote recorded in his favour. This was the case I referred to last week. It did not occur in Nigeria but in the United States of America. All these problems occurred in the United States of America and other technologically developed countries in which the use of computers and computer based software have for decades become the order of the day. To be continued