New York - The most widely used electronic-voting systems all have flaws that can be addressed relatively easily, but few states or counties have actually implemented security measures, researchers concluded Tuesday.

Even the printing of paper records - widely seen as a countermeasure to hacking and other attacks on ATM-like touch-screen machines - does little good if audits aren't routinely and automatically performed, researchers said. Their report said that fewer than half of the 26 states requiring paper records also require regular audits.

The report, based on interviews with elections officials and analyses of voting systems, came from the Task Force on Voting System Security convened by New York University's Brennan Center for Justice. Task force members were from government, universities, security companies and nonprofit advocacy groups.

For systems that spit out paper records for voters to check before leaving, the task force said audits should be routinely performed to randomly check a machine's tally against that machine's paper trail.

Otherwise, paper records do little to improve security, said Larry Norden, the task force's chairman and Brennan's associate counsel.

Researchers acknowledged that audits won't uncover attacks that change both the electronic and paper records, something that is possible because many voters don't bother to check the printout before leaving the voting booth.

Voters, researchers say, should be encouraged to check the paper.

Recommendations for all types of e-voting machines include banning wireless components, which can create openings for attack, and testing randomly selected machines on Election Day as close to actual conditions as possible to uncover malicious software and other problems triggered only that day.

"We're not talking about dramatic restructuring of the architecture," Norden said. "We're talking about straightforward things, most of which could be in place for the 2006 elections."

Ken Fields, a spokesman for e-voting manufacturer Election Systems & Software Inc., said company officials were still reviewing the report. "We certainly take all factual explanations of security issues seriously," he said.

The Information Technology Association of America, whose members include voting-machine vendors, denounced the study as one "based on speculation rather than an examination of the record," adding that voting systems have yet to be successfully attacked in a live election.

According to the report, the 14 states requiring paper trails but not audits are Idaho, Maine, Michigan, Missouri, Montana, New Hampshire, New Jersey, Nevada, Ohio, Oregon, South Dakota, Utah, Vermont and Wisconsin. The 12 that require audits are Alaska, California, Colorado, Connecticut, Hawaii, Illinois, Minnesota, New Mexico, New York, North Carolina, Washington and West Virginia.

---------------------------------------------------------

This information is posted for nonprofit educational purposes, in accordance with U.S. Code Title 17, Chapter 1,Sec. 107 copyright laws. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml [3]. If you wish to use copyrighted material from this site for
purposes of your own that go beyond "fair use," you must obtain permission from the copyright owner.