While security precautions are critical to any election, the
introduction of computers into the
electoral process raises additional security concerns that often require
technical expertise to
address. When all electoral procedures are handled by humans and
recorded on paper, security
precautions often focus on physical security (e.g., locks, seals,
guards) and on human
observation of critical procedures (e.g., vote counting). When
implemented well, computerised
systems may actually reduce (but not eliminate) physical security
concerns. But computerised
systems introduce new concerns for which human observation may no longer
be satisfactory as a
security precaution.
Computerised systems may reduce physical security concerns if they
reduce the quantity of
materials that must be transported or stored securely, or if they reduce
the need for physically
transporting election materials. If voted ballots, for example, are
sent electronically to a central
tallying facility rather than physically transported on trucks, physical
security concerns can be
reduced. But new security concerns emerge. Now safeguards are needed
to make sure
electronic ballot transmissions are not compromised. And physical
security is still needed for
the computer equipment itself.
It is important that election administrators seek expert advice on
securing computerised systems.
While equipment vendors will often provide such advice and make security
claims about their
products, independent experts should be brought in to verify these
claims and conduct
independent tests.
There are several kinds of potential security problems that may arise in
an automated electoral
system.
Errors accidently introduced into computer software may
compromise security. Such
errors may allow unauthorized users to gain access to the system or
allow files to be modified
inappropriately. These errors can be avoided through good programming
techniques and
thorough system testing.
Extra bits of computer code called 'Trojan horses' may be embedded in
software by
unscrupulous programmers to compromise security. Trojan horses may be
detected when
independent experts inspect or test the system. Systems designed for
use in many elections
without changes to the underlying software are less likely to contain
such security problems than
those designed for a specific election.
Unauthorised modifications may be made to software after it has
been installed and
tested. This can be prevented through physical security precautions as
well as software checks
designed to detect such modifications.
Election officials may use software improperly, abusing their
access privileges.
Systems that require passwords from multiple officials in order to do
critical functions can
reduce this problem. Furthermore, the combination of physical access
cards and passwords is
more secure than passwords alone. In addition, systems can be designed
so that certain critical
files cannot be modified at all on election day. Thorough logging of all
system accesses by
election officials is also important.
Physical security of equipment may be compromised, resulting in
stolen or damaged
equipment, or in unauthorised modifications. Traditional security
precautions can prevent this.
If election information is transferred electronically, confidential
transmissions may be
intercepted, transmissions may be modified, or transmissions may be
blocked. Encryption
can be used to prevent transmissions from being intercepted or modified.
Preventing
transmissions from being blocked is more difficult and depends on the
technology being used.
Furthermore, when computer systems are connected to a network, they may
be compromised by
attackers who access them over the network. There are a variety of
techniques, such as
'firewalls,' that can protect against this. Attempts were made to access the computers tallying the votes in 1994 South African Elections. In 1999, the South African Independent Election Commission once again experienced attempts to manipulate the results using electronic technology.
Computer failures may result in lost data. It is important that
all critical computer data
be backed up regularly, with backups stored in a separate location. If
computers are used to
record votes as they are cast, votes should be recorded on at least two
separate media.
