Thank you for following the work of the AEI-Brookings Election Reform Project. We’ll continue looking at the issues of election reform at AEI and Brookings. For new work on congressional redistricting, please visit www.redistrictingproject.org.

Viewpoint: Keeping Utah's DREs Secure
Jessica Leval and Jennifer Marsico, Research Assistants, AEI-Brookings Election Reform Project, and Clinton Reeder, Technology Support Analyst, American Enterprise Institute

December 3, 2008

The controversy surrounding the 2000 election highlighted the need for reliable methods of vote transmission. In 2002, Congress passed the Help America Vote Act (HAVA) requiring changes in voting technology. Many states responded by adopting direct recording electronic voting machines (DREs). Though DREs have eased the voting process in some ways, they have also created controversies of their own.

In New Jersey, for example, issues relating to the security of DREs have been examined by the courts. Gusciora et al. v. McGreevey et al. (2004), was brought before the Superior Court in Mercer County, New Jersey. This case focused on the training of election officials, specifically emphasizing the administrative challenges of using DREs. Though dealing with New Jersey's machines, the case highlighted an example from Florida, where, in the 2002 congressional elections, DREs lost numerous records of votes cast because poll workers failed to fix malfunctioning machines. Questions were also raised about aging election workers' ability to handle new high-tech DREs. Additionally, the case examined concerns about the security of the machines themselves. Andrew Appel, professor of computer science at Princeton University and an expert witness for the plaintiffs in Gusciora v. McGreevey, explained that records of votes were stored only in the DRE machines, which in New Jersey do not contain additional physical backups like paper printouts. The machines themselves contain memory backup systems, but do not create physical backups that are separate from the actual internal computer software.

New Jersey's DREs have clearly been plagued by a variety of security concerns. Utah, however, has managed to avoid many of these pitfalls by employing a variety of security protections and procedures to ensure votes are cast and recorded as the voters intended. Utah's DREs do, for example, produce voter verified paper trails. During the 2006 elections, Utah primarily used DieboltTS and the TSx touch screen electronic voting systems. These machines ran variants of Microsoft Windows CE and have customized hardware designed to, according to the AccuVote TSx brochure, "enable blind or visually impaired persons to vote unassisted in complete privacy," through either verbal responses that are typed into a keypad or through their high contrast screens. Additionally, once completed, ballots are printed directly from the DRE and voters can see printouts of their ballots through a clear window. Voters can then check their printouts to make sure they have indeed voted for their chosen candidates. Voters are also able to go back if necessary and correct any mistakes they may have made while using the DRE before actually casting their ballots.

In addition to these procedural steps, the machines in Utah employ a range of internal security protections. They use what is termed "triple redundant memory" to store election data; each machine uses a memory card, relies on an internal memory device, and produces a paper trail. Therefore, when people cast their votes, their votes are recorded in three separate locations - in a removable storage device, in the machine itself, and in the form of a tangible record which is kept with the DRE and cannot be changed once approved by the voter. DRE machines and memory cards can also be tracked by serial numbers, ensuring that potential hackers cannot simply remove a memory card from one of the DREs and replace it with one of their own. To successfully alter the information on a memory card, hackers would need to physically plug the card into a computer, reprogram the card and then reinsert the card into the original DRE. This entire process requires physical proximity to the DREs for prolonged periods of time.

It is relatively easy for an individual to physically tamper with a DRE in person. To protect against individuals who may attempt to alter Utah's DREs, the state requires an additional paper record each time a DRE itself, its memory card, or the voter paper trails the DREs produce change hands during transport. This chain of custody for each machine helps ensure the DREs' physical security. Memory cards and voter access cards are also protected by a security encryption key which encrypts the voter data on the memory cards and voter access cards. For hackers to succeed in altering DRE data, they would need to physically break open the DRE's door, de-encrypt the data on the memory card, change the data or insert malicious programs, re-encrypt the data on the memory card and finally re-insert the newly altered memory card. This combination of the broken seal on the DRE's door and the amount of time hackers would need to spend figuring out the encryption code would likely make such tampering apparent to poll workers.

Security threats may not pose significant problems for Utah's DREs, but they still create certain issues for disabled individuals-the very voters these machines were intended to help. According to Paula Lowry, a precinct chair and touch screen technician in Precinct 4001 in Salt Lake County, it is often difficult for poll workers to reposition the DREs to comfortable levels for individuals in wheelchairs. Poll workers are not trained to perform these adjustments. Before DREs, Utah used punch card booths with removable stands, and poll workers did receive training to adjust the height of these booths.

During the 2008 presidential election, there were few reports of major malfunctions of DREs in Utah. According to Pew's Center on the States Stateline.org staff writer, Pauline Vu, nationwide, "not everything went perfectly. There were scattered reports of voting machine malfunctions in states such as in California, Florida, Michigan, New Jersey, Pennsylvania and Virginia." But, overall, the process seemed to run relatively smoothly on Election Day 2008, thanks in part to the procedures and systems used in places like Utah.

Jessica Leval can be reached at jessica.leval@aei.org. Jennifer Marsico can be reached at jennifer.marsico@aei.org.

Viewpoint is an occasional feature analyzing various election reform issues.
Featured Resources
Electronic Elections in a Politicized Polity (PDF) | JUNE 2009
Thad E. Hall (University of Utah), Caltech/MIT Voting Technology Project
This paper examines how overall voter confidence has changed since the 2000 presidential elections. The decisions at the state level regarding voting systems have been very intensely politicized, which have affected the attitude of voters towards individual technologies.
Sarasota Alliance for Fair Elections v. Browning | FEBRUARY 2010
Supreme Court of Florida
The Florida Supreme Court ruled on the constitutionality of Sarasota County’s charter election law amendments, finding that state law does not bar individual counties from creating their own election laws.
Internet Voting: Formulating Structural Governance Principles for Elections Cybersecurity | SEPTEMBER 2009
Candice Hoke, Cleveland State University, Cleveland-Marshall College of Law
The security risks inherent in internet-based voting today pose significant barriers to the adoption of this method in nationwide elections. The author suggests changes to both internet security and the allocation of election tasks to improve the applicability of the internet in elections.
Final Report, 2008-2009 Ohio Election Summit and Conference (PDF) | APRIL 2009
Lawrence Norden with Jessie Allen, Brennan Center for Justice at NYU School of Law
This report provides an overview of reform proposals growing out of a summit convened by Ohio's Secretary of State to examine comprehensively the state's entire election system.
The Research Database on the U.S. Voting System and Voting Technology | AUGUST 2009
American Association for the Advancement of Science
The Research Database on the U.S. Voting System and Voting Technology provides access to empirical and analytical research about voting and elections to inform evidence-based reforms.
More Resources  »
  Back To Top
Research Projects
Brennan Center for Justice
NYU School of Law
The Brennan Center for Justice at New York University School of Law is a non-partisan public policy and law institute that focuses on fundamental issues of democracy and justice.
Dēmos
Dēmos is a non-partisan public policy research and advocacy organization founded in 2000. A multi-issue national organization, Dēmoscombines research, policy development, and advocacy to influence public debates and catalyze change.
FairVote
FairVote develops and promotes practical strategies to improve elections at the local, state and national levels.
Caltech/MIT Voting Technology Project
This project aims to evaluate the current state of reliability and uniformity of U.S. voting systems; to establish uniform attributes and quantitative guidelines for performance and reliability of voting systems; and to propose specific uniform guidelines and requirements for reliable voting systems
electionline.org
The Pew Center on the States
electionline.org provides daily news updates on election reform issues, as well as deeper analysis of selected topics, including recent reports on voter registration, recount procedures, and the progress in implementing the Help America Vote Act since 2002.
More Research Projects  »
  Back To Top
Related Topics
Project made possible by:
Voter Registration |  Voter Access |  Early & Absentee Voting |  Provisional Balloting |  Technology Issues |  Election Administration |  Voting Integrity |  Newsletters |  About Us | Projects and Experts | Resources | Home
The American Enterprise Institute for Public Policy Research
www.aei.org
The Brookings Institution
www.brookings.edu
© Copyright 2012, AEI
and The Brookings Institution