Graham Titterington
Securing voting machines
Electronic voting machines are widely used in the US, despite some unease amongst IT security professionals. Fortify Software is seeking to build on its work in this area to raise the profile of its Source Code Analysis product, with an offer of free software for checking the machines in this year's presidential elections.
Comment: Electronic vote counting machines are widely used in the US. They scan paper votes or allow voters to use a keypad or a touch sensitive screen. Security experts are worried because the complexity of these machines leaves them wide open to software errors that could corrupt the vote either deliberately or accidentally. Many machines do not produce a paper tally against which results can be verified. Some machines are vulnerable to tampering. Software errors are more serious than either human errors or hardware errors because they consistently err in the same direction each time they occur, rather than randomly erring in favour of different candidates in an election. They are thus more likely to change the overall result of the election.
Fortify Software has made a headline grabbing offer of a free copy of its source code analysis software for every state in the US so that it can check the integrity of its vote counting machines and check the protection they offer for voter privacy, ahead of November's presidential elections. It might be easy to dismiss this offer as a cheap publicity gimmick if it weren't for Fortify's track record in this sector. It has already been used by the states of California, Florida and Ohio. The Californian experience is particularly newsworthy, as it led to the de-certification of voting machines from three vendors. Fortify also has been used extensively in less public domains in both the commercial and government sectors, mainly in the US.
Source code analysis has been gaining a higher profile over the last two years and this initiative will raise it further. Previous controversies, such as the Florida election result in 2000, have opened up interest in a turgid subject. States that refuse this offer could find themselves under pressure to justify their position. States that accept it will find it hard to reject source code analysis of future systems, both in voting and elsewhere.
http://www.ovum.com/news/euronews.asp?id=6621