The Real Scoop on Security of E-voting

By Eric Lazarus, Brennan Center for Justice at NYU  


July 25, 2006


I am the principal investigator for a report called "The Machinery of Democracy: Protecting Elections in an Electronic World," published by the Brennan Center for Justice at New York University School of Law. In the otherwise excellent article "Concerns About Fraud Potential Continue to Plague Users of Electronic Voting Machines" [Computerworld, July 3], Marc L. Songini quotes professor Michael Shamos as stating that a "fundamental premise" of our study is that it is "easy to rig a machine to throw an election."


However, this was not the premise of our study. Rather, a result of our analysis was that it is, if not easy, very practical to use Trojan horse attack methods to manipulate the results of an election, given the current technology and security processes used in most jurisdictions around the country. Just as importantly, our study shows that there are straightforward and effective means to defend against such threats.


Our study was conducted by some of the most knowledgeable and respected individuals in the world of information security and voting technology, including the scientists who developed drafts of voting system standards for the U.S. government. Our conclusions were reached after a year of detailed analysis. They were then vetted by a wide variety of industry experts.


In our report, we covered in some detail how an attacker could develop a Trojan horse, insert it into the voting machine, elude detection during inspection and testing, and control it so that vote totals were changed on Election Day.


Shamos has previously implied that there is some step that requires omniscient abilities to accomplish this type of attack; after a year of study, it is clear that no such step exists.


Our research shows that it would be quite practical to hide an effective Trojan horse inside a modern voting machine. Merely switching a very small number of votes on a large percentage of voting machines would be enough to swing many close statewide elections.


The statisticians and social scientists we worked with concluded that it would not be possible to detect such a broad attack merely by reviewing precinct totals.


In other words, no omniscient abilities would be needed to make the results of such an attack plausible to those reviewing the numbers after Election Day.