The U.S. Government Accountability Office (GAO) today released a 101-page report on election security and reliability concerns.

In response to the release of that report, members of the House Committee on Government Reform issued a statement that highlighted the following problems:


Voting System Vulnerabilities Identified by GAO:
•Cast ballots, ballot definition files, memory cards, and audit logs could be modified.
•Supervisor functions were protected with weak or easily guessed passwords, and memory cards that allowed individuals access to voting machines were inadequately protected.
•Systems had easily picked locks and power switches that were exposed and unprotected.
•Voting machine vendors had weak security practices, including the failure to conduct background checks on programmers and system developers, and the failure to establish clear chain of custody procedures for handling software.

Voting System Failures Have Already Occurred During Elections
In addition to identifying potential vulnerabilities, GAO identified a number of cases of operational failures in real elections. These examples included:
•In California, a county presented voters with an incorrect electronic ballot, meaning they could not vote in certain races.
•In Pennsylvania, a county made a ballot error on an electronic voting system that resulted in the county’s undervote percentage reaching 80% in some precincts.
•In North Carolina, electronic voting machines continued to accept votes after their memories were full, causing over 4,000 votes to be lost.
•In Florida, a county reported that touch screens took up to an hour to activate and had to be activated sequentially, resulting in long delays.

Problems With Implementation of Voluntary Standards, Testing, and Federal Efforts to Improve Voting System Security
GAO reported that voluntary standards for electronic voting adopted in 2002 by the Federal Election Commission contain vague and incomplete security provisions, inadequate provisions for commercial products and networks, and inadequate documentation requirements. GAO also found that tests currently performed by independent testing authorities and state and local election officials do not adequately assess electronic voting system security and reliability.

The GAO report indicated that national initiatives to improve voting system security and reliability of electronic voting systems either lack specific plans for implementation or are not expected to be completed until after the 2006 election. According to GAO, “Until these efforts are completed, there is a risk that many state and local jurisdictions will rely on voting systems that were not developed, acquired, testing, operated, or managed in accordance with rigorous security and reliability standards — potentially affecting the reliability of future elections and voter confidence in the accuracy of the vote count.

The Election Assistance Commission, which was created as part of the “Help American Vote Act� began operations in January 2004. To improve the security and reliability of electronic voting systems, GAO recommends that EAC establish tasks, processes, and time frames for improving the federal voluntary voting system standards, testing capabilities, and management support available to state and local election officials. EAC commissioners agreed with GAO recommendations and stated that actions on each are either under way or intended. The National Institute of Standards’ (NIST) director also agreed with the report’s conclusions.


The Verified Voting Foundation contributed data to this report via the
Electronic Incident Reporting System.

The full report (approximately 1.3 MB) is available in PDF format.