E-voting remains insecure, despite paper trail
Microsoft Research has revealed a potential flaw in verifiable e-voting machines through which fraudsters could easily use discarded ballot receipts as a guide for altering votes. Fortunately, the researchers also offered a solution -- linking new receipts to previous ones with cryptographic hashes -- but that alone won't make e-voting entirely secure, they cautioned.
Unlike the first generation of controversial e-voting machines, which lacked printing capabilities and suffered other back-end insecurities, new models from such companies as Scantegrity, Prêt à Voter, VeriScan, Helios, and MarkPledge can print out receipts. Not only can voters check the printouts to confirm their votes were cast correctly, they can also later compare their receipts against published election data.
The problem with the new generation of verifiable voting machines, according to the report (PDF), is that most people are highly unlikely to retain their receipts for future vote verification. However, ill-intentioned individuals could get their hands on those receipts -- by rummaging through garbage cans at voting centers, for example, or through social engineering techniques -- then use insider connections to change votes to their preferred candidate.
Using the discarded receipts as a guide for changing votes would be ideal, as they would represent voters with no intention of verifying their votes later. "Suppose that it is known that 5 percent of voters are expected to verify their receipts in an election," the report says. "With a standard design, an insider that randomly alters 10 ballots would escape detection about 60 percent of the time."
<snip>
http://www.infoworld.com/t/security/e-voting-still-insecure-even-paper-trail-177623