NIST Report Condemns DRE Voting Machines


In what may be the biggest blow for electronic voting machines yet, NIST, the National Institute of Standards and Technology issued a draft report this week that concluded that paperless direct-record equipment (DRE) voting machines cannot be made secure and recommends optical scan systems (Washington Post story).

The report will be debated next week in a meeting of the Technical Guidelines Development Committee (TGDC). This is the committee that makes recommendations to the Federal Election Assistance Commission. Next week's meeting will be webcast.

The report (PDF) stresses the need for "software independence." From the report

A voting system is software-independent if a previously undetected change or error in its software cannot cause an undetectable change or error in an election outcome. In other words, it can be positively determined whether the voting system's (typically, electronic) CVRs [Cast Vote Records] are accurate as cast by the voter or in error. In SI voting systems that are readily available today, the determination can be made via the use of independent audits of the electronic counts or CVRs, and independent voter-verified paper records used as the audit trail.

The report recommends only using SI voting system and states:

The most obvious ramification of requiring SI in VVSG [Voluntary Voting Systems Guidelines] 2007 is that paperless DREs could not be certified to VVSG 2007. Purchase of paperless DREs would still be permitted, but certification of new paperless DREs would be prohibited after, likely, 2009/2010 when compliance with VVSG 2007 may be required15. This effectively leaves only voter-verified paper approaches for certification in the near/foreseeable future, including op scan, EBM devices [Electronic Ballot Marking device, e.g., the ES∓S AutoMARK], DRE-VVPAT [A DRE with Voter Verified Paper Audit Trail voting system], and, possibly, some E2E [End-to-end auditable voting systems, usually based on cryptography] approaches.

Of course, whether an audit can be done in a cost effective manner depends on how the system is built and the report talks about that as well, but the conclusions are softer:

Focus attention towards improving the usability and accessibility of paper- based SI voting systems: HFP and STS should continue to work together to incorporate requirements to make op scan, EBM, and DRE-VVPAT more usable, accessible, and convenient to audit. If this work requires more time than allocated for VVSG 2007 development, some method for continuing this work should be investigated.

and

Foster development of new SI approaches: STS recommends that research and development of new SI and possibly non-SI approaches be fostered and that an expert panel be created to review approaches. Usability of these approaches should be a primary factor in their design, as well as whether they lend themselves to accessibility.

One of the things that worries me is that once we've got a VVPAT we'll stop because elections officials will feel like they've "done all they can." In fact, to detect fraud, you may have to audit 50-60% of the paper audit trail. That's just not practical from a cost standpoint with current systems. Thus the need to continued evolution.

I'm not big on conspiracy theories and consequently believe that the best way to influence this process is to work with elections officials rather than rail against them. I believe that most elections officials sincerely want to run accurate elections and they need help to understand the pitfalls of DRE machines and how to mitigate the problems of voting machines.