Preparations are now under way for another busy midterm election. While much has been written since last year’s presidential election about the need for additional election reform, the Help America Vote Act of 2002, passed by Congress with overwhelming bipartisan support, is poised to deliver further improvements in the administration of elections in 2006.
Among the changes spurred by HAVA is the greater prevalence of electronic voting systems throughout the country. In 2004, approximately 30 percent of registered voters were able to record their candidate preference by using a computer-based voting system — a significant increase from only 12 percent in 2000. And yet the change to electronic voting machines has raised concern among some as to the accuracy and security of these systems.
The Election Assistance Commission, created by HAVA, will soon vote on a series of recommendations to improve the voluntary standards by which we assess the overall integrity of electronic voting systems, including the security capabilities of these systems.
One proposal the EAC will consider stands out as a significant step in the right direction toward ensuring greater security of electronic voting machines.
Since 2000, the National Institute on Standards and Technology, a well-respected government agency staffed by scientists, technicians and engineers, has operated the National Software Reference Library. Containing a collection of more than 7,000 software products in a secured room, the NSRL provides law enforcement personnel, including the FBI, with important data used to identify unknown and suspicious files on computer systems and to meet the need for court-admissible evidence in the identification of software files.
Realizing the potential use of this application to the election process, last year the EAC called on all voting systems vendors to voluntarily submit their proprietary voting system software to the NSRL to create a similar repository for state and local election administrators. The voting system vendors agreed.
Today, the NSRL contains proprietary code and software for most types of electronic voting systems used in this country. In the coming weeks, the EAC is expected to vote on a series of proposed final standards which, among other things, would require that all voting system software, including installation programs and third-party software, be deposited with the NSRL upon completion of a national voting system certification process, in which 41 states currently participate.
This means that a local election administrator will be able to verify that the operating software installed in the election management systems used in that local jurisdiction is exactly the same as the software for that particular system that was certified by an independent testing authority and deposited with the NSRL. Additionally, any irregular or suspicious files could be identified when a local election administrator utilizes the NSRL.
To be sure, more work remains to be done to fully utilize the capabilities of the NSRL. For example, critics note that while the NSRL does provide verification means to compare software installed in a voting system with the relevant software contained in the NSRL, such verification is not as effective if it is performed internally by the voting system, and it also can be difficult to manage when last-minute patches are added. The experts at NIST, along with election officials, are working to overcome these concerns.