Study recommends reporting e-voting machine defects to national database

NYU's Brennan Center says many problems can be traced to lack of vendor accountability

The Brennan Center for Justice at the New York University School of Law is calling on the federal government to create a national, searchable database for reporting and recording information on defects in electronic voting systems.

In a 70-page report on voting system failures, the non-partisan public policy and law institute also recommended the creation of a federal statute that would require manufactures of e-voting machines to publicly report any known defects in their products under penalty of law.

The Brennan center released the Voting System Failures: A Database Solution ( download PDF ) report this week, at the same time that problems with electronic voting machines were reported at several polling locations across New York state as voters attempted to cast ballots in the state's primary election. .

Lawrence Norden, senior counsel at the Brennan Center and author of the report, said a study by the center found a relative lack of vendor accountability today for problems caused by defective voting machines.

He noted that numerous instances of problems caused by defective e-voting systems in recent years haven't prompted state and federal governments to create rules for their use. Thus, voting system vendors have often failed to provide timely and full information on defects -- that are known or should be known.

Norden noted that vendors often blame errors by poll workers or on administrative issues rather than admit to product defects. "When we spoke to election officials, many times we found that vendors were aware of problems with their systems or should have known about them," he said.

The Brennan Center examines 14 separate incidents where e-voting machine defects caused considerable problems during an election.

For instance, election officials in Ohio discovered that some 1,000 votes in the 2008 Presidential primary election were not counted in nine counties that used touch screen or optical scan systems manufactured by Diebold Election Systems, which was later sold to Election Systems and Software.

According to the report, Diebold initially blamed the problems on human error and the state's installation of an anti-virus product on the voting systems. After being prompted by state officials to conduct a more thorough investigation, the company later acknowledged that the problem in fact resulted from a programming error in the proprietary operating system that ran the machine.

The same problem was found to have occurred in the same systems during a 2004 election in DuPage County, Ill., indicating that Diebold had been aware of the issue.

In another instance cited in the report, election officials in Humboldt County, Calif., discovered during a post-election audit that its Premier Election Solutions voting machines did not count some 200 votes. A subsequent investigation revealed that the e-voting machines failed to maintain required logs of important system events, causing the generation of inaccurate data and time stamps that led operators to delete crucial audit logs.

Following that investigation, California Secretary of State Debra Bowen notified the U.S. Election Assistance Commission (EAC) that Premier, formerly Diebold, had known about the problems for at least four years and failed to warn the county about it.

Officials at ES&S, which now owns the machines involved in both instances, were not available for comment.

Requiring vendors to publicly report such problems, and to compile them in a central database, is one way to address the issue, Norden said.

The EAC, created as part of the 2002 Help America Vote Act, is responsible for testing and certifying electronic voting systems. The EAC has established a system for alerting election officials of the results of the tests. However, the alerting system only applies to relatively new e-voting machines and not the vast majority of older technologies that are in use around the country, Norden said in his report.

Going forward, the EAC needs to be given the resources needed to implement a central database and the statutory authority to enforce compliance with reporting requirements, Norden said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan , or subscribe to Jaikumar's RSS feed . His e-mail address is .

Read more about security in Computerworld's Security Topic Center.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags governmentregulationhardwarehardware systemsNew York University

Show Comments