[summary]
While electronic voting systems hold promise for a more accurate and efficient election process, numerous entities have raised concerns about their security and reliability, citing instances of weak security controls, system design flaws, inadequate system version control, inadequate security testing, incorrect system configuration, poor security management, and vague or incomplete voting system standards, among other issues. For example, studies found (1) some electronic voting systems did not encrypt cast ballots or system audit logs, and it was possible to alter both without being detected; (2) it was possible to alter the files that define how a ballot looks and works so that the votes for one candidate could be recorded for a different candidate; and (3) vendors installed uncertified versions of voting system software at the local level. It is important to note that many of the reported concerns were drawn from specific system makes and models or from a specific jurisdiction's election, and that there is a lack of consensus among election officials and other experts on the pervasiveness of the concerns. Nevertheless, some of these concerns were reported to have caused local problems in federal elections-resulting in the loss or miscount of votes-and therefore merit attention.
[a bullet point]
Regarding key software components, several evaluations demonstrated that election management systems did not encrypt the data files containing cast votes (to protect them from being viewed or modified).19 Evaluations also showed that, in some cases, other computer programs could access these cast vote files and alter them without the system recording this action in its audit logs.20 Two reports documented how it might be possible to alter the ballot definition files on one model of DRE so that the votes shown on the touch screen for one candidate would actually be recorded and counted for a different candidate.21 In addition, one of these reports found that it was possible to gain full control of a regional vote tabulation computer-including the ability to modify the voting software-via a modem connection.22 More recently, computer security experts working with a local elections supervisor in Florida demonstrated that someone with physical access to an optical scan voting system could falsify election results without leaving any record of this action in the system's audit logs by using altered memory cards.23 If exploited, these weaknesses could damage the integrity of ballots, votes, and voting system software by allowing unauthorized modifications.