The maker of electronic voting systems already has strengthened security by improving how the system handles passwords and by enhancing the encryption the system uses, the spokesman says.
The analysis of the voting system was conducted by RABA Technologies and made available on the Internet on Friday. The report concludes that while vulnerabilities exist, they can be fixed in time for Maryland's primary election in March. The report was prepared after RABA Technologies had security experts attempt to hack the system under actual election conditions.
Among the security concerns: Servers used in the test didn't have the most current Microsoft patches in place, leaving the systems up to potential attack. Also, easily guessed passwords made it possible to reveal the contents of smart cards used in the election process. Plus, the security team was able to use lock-picks to crack open a voting machine in about 10 seconds. The report also warned that someone using a standard handheld computer could alter the software to destroy or scramble results.
The report made it clear that all the vulnerabilities it cited could be fixed, but that an auditable paper trail of votes cast electronically should become a requirement.
"With all these near-term recommendations in place, we feel for this primary that the system will accurately render the election and is worthy of voter trust," the report stated. "However, between the March and November elections, we strongly feel that additional actions must be taken to mitigate increasing risks incumbent on a system that will receive broad scrutiny. Ultimately, we feel there will be a need for paper receipts, at least in a limited fashion."
Concerns raised about the security of electronic voting systems has sparked legislators at the state and federal levels to draft laws that would require auditable paper trails for all votes cast electronically. "It just makes sense to have something you can verify," says one state election official in California.