RYE, N.Y.--Computer experts are questioning the security of the all-electronic voting machines being used in this year's presidential election, but the problems posed by this new approach to recording the vote run much deeper than vote tampering or lost data.

The secret ballot and the partisan nature of elections place a huge burden on electronic security--a burden the field is probably not ready to shoulder, says Barbara Simmons, a computer-security expert at Stanford University.

"In my view, voting is a national-security issue, and I have to say that I fear that what we are going to see with this upcoming election is a huge amount of chaos and a lot of questioning of results," she said. Simmons was addressing computer-security and privacy issues at an American Institute of Physics forum on the future of information technology this week.

The popular criticism of electronic touch-screen voting has centered on inadequate protection against hacking. Many experts believe it would be relatively easy for someone to electronically break into the machines and tamper with vote counts. But even without malicious intent, electronic voting machines pose serious problems for electronic data security.

Simmons participated in a government study of voting-machine security issues before the current system was mandated. The project was eventually canceled because the conclusions by the panel of computer scientists were so negative. "What the government eventually adopted was even worse," Simmons added.

Election integrity involves two large areas of current research: privacy issues and data security. Although actual computer and communications technology may be highly advanced, the issues overlap with social and legal aspects of society over which technologists have little control. As computer technology is suddenly thrust into new areas of society, as in the current election, experts warn that the results may not be what were intended.

For example, voting-machine software being readied for the 2004 election is proprietary to the companies supplying the machines. That effectively takes control of the election results away from election officials, who must rely on computer experts at the company to verify that the correct software has been installed on voting machines.

In one chilling scenario, vote fraud could be perpetrated by an employee of a voting-machine company simply by inserting unauthorized code into the finished product. There would be no way for election officials to detect the attack.

Voting-machine makers recently agreed to submit portions of their code to the National Software Reference Library maintained by the National Institute of Standards and Technology. However, they've refused to submit source code or last-minute patches to the code. The gesture falls short of what's required for election security, computer scientists say.

Computer-security experts have tried for decades to quantify notions of privacy and security without reaching a consensus, and it may be that such notions represent a fundamental limitation similar to the uncertainty principle in physics or Alan Turing's proof--known as the halting problem--that some computer problems have a yes or no answer, but the result cannot be computed.

For those reasons, Simmons arrived at an unusual conclusion for a computer scientist--that paper ballots are the only foolproof method for recording votes. "Of course, the argument against paper ballots is that we can't count all that paper, but that's not true. Banks count paper every day. It's a well-established technology," she said.

There may be a solution to the problems posed by electronic voting, but computer science hasn't produced it in time for the hotly contested 2004 election.