While differing in implementation, these systems share a crucial feature: all information about the votes is stored exclusively in digital format. The crucial difference from more traditional voting systems (e.g., punch card and optical scan machines) is that those systems keep the original vote in a physical form (usually paper) that can be directly verified by the voter. This "paper trail" can later be used during a recount, if the need were to arise.

A recount is generally possible with Direct Recording Electronic (DRE) voting machines, but what is recounted is simply what the machine recorded in the first place and this can be quite different from the intended vote.

Discrepancies arise through a number of factors, ranging from machine malfunction to malicious tampering with its software. Without the hard-copy redundancy offered by traditional voting systems, performing an independent audit is virtually impossible.

The importance of having such audits has been demonstrated in real life cases where problems with voting and counting machines were suspected. In a primary election in Clay County Kansas (August 2002), Roy Jennings defeated the incumbent, Jerry Mayo, by 22 votes. However, a hand recount, which was possible because of the use of optical scan machines, revealed that Mayo was the winner by a landslide: 540 votes to 175. In one ward, which Mayo carried 242-78, the computer had reversed the totals.

Although this County used optical scan machines, the problem becomes even more serious and insidious when voting systems are less transparent and more complex. With DRE voting systems there is no possibility of a meaningful recount.

In the upcoming California recall election, on October 7, about 10% of the votes in the area are expected to be acquired by means of Touch screen (DRE) voting machines. They are manufactured by the 3 main companies in the election business: Sequoia Edge Touchscreen (4.8%), Diebold Accu-Vote-TS Touchscreen (4.4%), and ES&S iVotronic Touchscreen (.6%).

The percentage of DRE machines is likely to rise in the near future. With many elections being close calls and falling within the statistical margin of error (Florida is a painful reminder), a 10% deviation can make an enormous difference.

In the absence of independent verification, it is essential that all aspects of the inner workings of these machines be thoroughly tested, even more so than with more traditional machines. Unfortunately, there is strong reason to believe that such testing is not carried out in a thorough manner, as will be demonstrated below.

Since the software and hardware in these DRE machines is proprietary, only certification labs, Independent Test Authorities (ITAs) specified by the National Association of State Election Directors (NASED), can examine them to ensure that they satisfy the Federal Voting Systems Standards (FVSS) formulated by the Federal Election Commission (FEC).

Currently, the only ITA qualified to test hardware and firmware is the Wyle Laboratories, whereas ITAs qualified to test software are Ciber Inc. and SysTest Labs, LLC. Like the source code, the results of the tests by the ITAs are not available to the public. Essentially, the system is set up to be based on trust: the public is supposed to trust that a DRE system will record their vote faithfully. This is unacceptable and completely unverifiable.

Recent events gave an independent team the unique opportunity to actually examine and test the source code of one of these DRE machines, the AccuVote-TS voting system, made by Diebold Election Systems Inc. A system certified to comply with FEC/NASED voting system standards. Indeed, in January 2003 a copy of Diebold’s source code was found on a publicly available FTP site owned by Diebold, The discovery was announced, much to Diebold’s chagrin, on Bev Harris’ site: http://www.blackboxvoting.org. On July 24th, a team of computer scientists from Johns Hopkins and Rice Universities, led by Dr. Avi Rubin at Johns Hopkins, completed and released a report on their analysis of the source code (at least, the unencrypted parts). The results in this report were devastating as a myriad of serious programming flaws and security problems were discovered. Importantly, some of the most obvious flaws in the code had already been pointed out years before by Dr. Douglas Jones, Chair of the Iowa Board of Examiners for Voting Machines and Electronic Voting Systems, at a time when the code belonged to Global Election Systems (GES), later acquired by Diebold. Jones actually called for the de-certification of Diebold direct recording system, after reading the Rubin report.

Since there are currently 33,000 working AccuVote-TS voting machines manufactured by Diebold around the country (and the number is been steadily rising as a result of HAVA) the results of this analysis has fundamental and potentially devastating implications for future elections.

Maryland is a case in point. Currently at the center of a controversy, Maryland purchased 5000 such machines in March 2002 (at a cost of $17 million) and has signed an agreement to purchase another 11,000 at a cost of $55.6 million. The Rubin report, mentioned above, prompted Maryland Gov. Robert L. Erhlich Jr. to hire Science Applications International (SAIC) to perform an independent risk assessment on Diebold’s machines. The risk assessment was performed from August 5th through August 26th 2003 and the 200-page report was delivered to State officials on Sep 2.

After substantial redacting, the report was made public on September 24th. The SAIC found 328 security weaknesses, 26 of them being critical, and concluded “the system, as implemented in policy, procedure, and technology, is at high risk of compromise.” Thomas W. Swidarski, president of Diebold Election Systems claimed there were no problems: “We are pleased to be moving forward. The thorough system assessment conducted by SAIC verifies that the Diebold voting station provides an unprecedented level of election security. [...] Maryland has established a new standard of excellence for the electronic voting process. Diebold Election Systems looks forward to supporting the state as it strives to be a leader in election reform in this country." The report provided 17 recommendations to “mitigate” the risks. And despite the report Maryland decided to proceed with its $55.6 million contract to purchase the 11,000 machines. In doing so they completely disregarded the inherent flaws with these voting machines.

Given that only a small portion of the report was released “for security reasons” it is not surprising that many people have been left with the suspicion that there has been a major cover-up. Maryland Senate Judicial Proceedings Chairman Brian E. Frosh (D-Dist. 16) of Chevy Chase called for public hearings into the SAIC report and asked why the Ehrlich administration released only 69 of the 200-page report: "You don't inspire confidence by saying, 'We know we have a lousy system but we're going to fix and it, and by the way, we're not going to tell you all the problems we've found and how we are fixing them. It looks terrible. It looks like you are trying to hide something."

This suspicion is deepened by numerous “redactions” that appear to be random and unnecessary. For instance, what version of the software was tested? Since the version number was redacted, we don't know. Why was information about the function of the voting system redacted? Again, this remains a mystery.

Further suspicions have been fomented by apparent conflicts of interest that are currently being investigated. The credibility of Diebold has been badly shaken by the content of internal memos leaked by a Diebold insider. This is particularly disturbing, since the attitude of these companies is that people, including Election Board Examiners, should simply trust them, despite the droves of evidence that they have not merited such trust.

It is important to note that the SAIC report does not even consider the issue of adding a paper trail to the Diebold machines. This should be a necessary precondition for any electronic voting. Given all these problems, the existence of an independent paper trail seems like a minimum, low-tech, and reasonably affordable way of providing some insurance against high-tech mistakes and fraud, as argued by most computer scientists.

Defying rational explanation, the encryption and password upgrades will be made only for the machines destined for Maryland, per the Diebold Election Systems Director of Voting Industry. They will not be available for the 33,000 touch-screen machines already in use elsewhere. Despite over 300 flaws identified by the SAIC report, 26 of which are extremely critical, it looks like Georgia will use more than 20,000 flawed machines. Several counties for the recall vote in California will use a voting system that is, quoting the SAIC report: at high risk of compromise.

We, as voters, have gotten the Diebold machines basically by chance. There is no apparent reason to believe that ES&S or Sequoia are any better, especially in the absence of more stringent standards. None of the systems have a paper trail, and the FEC standards in place are from 1990, predating these issues of transparency. The standards are voluntary, although many states have adopted them. New FEC standards are due to be released by the end of this year -- too late for the 2004 election. Do you think your vote is safe?

This is the first in a series of articles.

Stella, Symblized, and Thea also contributed to this report.