UGN Security
In an effort to keep pace with changing technology and address widespread security concerns about electronic voting machines, the federal government has released new guidelines for voting systems.

The guidelines, published in late June, call for vendors to follow better programming practices and make some suggestions for addressing problems with vote integrity.

Computer security experts say the guidelines are a step in the right direction, but fall short of making voting systems secure. They also don't require systems to produce a voter-verified paper audit trail, which would allow voters to confirm their vote.

The government is accepting public comment on the guidelines for 90 days, after which it will revise them, if needed, and release them for states to adopt. But there has been some confusion on whether these should be considered final guidelines, or simply a first step toward more permanent guidelines.

Avi Rubin, a Johns Hopkins University computer science professor and technical director of the university's Information Security Institute, said the new guidelines are an improvement but contain some serious security red flags.

He also said they have some requirements that, had they been included in previous versions of voting system guidelines, would have prevented voting systems made by Diebold Election Systems from being certified.

"One problem with the Diebold code was that it had large, complex multi-logic statements with no comments (from the designers)," Rubin said. "That wouldn't pass this standard."

...

Source
© UGN Security Forum