The government’s plan for e-voting security? Trust!

We here in the U.S. luuuv Norman Rockwell illustrations, don’t we? The one of that little kid sitting next to the cop at the diner? Or how about the illustration celebrating the Freedom of Speech, where a plain looking joe stands up to speak at town meeting. They’re so all-American in their grittiness and optimism. Why, that guy standing up in front of his fellow citizens would never get caught speeding down the highway with his wife’s severed head next to him on the front seat, just as the elected official he’s speaking his mind to wouldn’t even contemplate using a bootable CD or USB drive to introduce viral code onto a vulnerable electronic voting kiosk, changing the vote tally and, maybe, swaying a hotly contested election.

Unfortunately, we don’t live in a Norman Rockwell illustration — this is the real world. And that’s why the U.S. Election Assistance Committee’s latest “quick start” guide to election workers on managing electronic voting systems is so disappointing. The guide, which was just released, is well-meaning: get poll workers comfortable working with e-voting kiosks and make sure they handle and manage the systems properly.

However, with little federal guidance or oversight of elections and, thus, election security, the guide kind of sounds like something out of one of those Saturday Evening Post illustrations, despite ample evidence that voting machine irregularities have disrupted ballot counts on numerous occasions.

Workers are given good advice like “never connect your voting system computer to the Internet or to any internal network,” and “never allow any software on the voting system computer except the voting system software.”

Fair enough — but how, exactly, are polling workers supposed to be able to assess or monitor this kind of thing? These are volunteers, after all, and not exactly the kind of folks who are recruited for their IT skills. How about some kinds of auditable controls that would lock down the kiosks and physically and logically prevent network access once the kiosks were ready for use in the actual election?

If nothing else, the new “Quick Start” guide is just more proof point in a long string of evidence that the U.S. government needs to step in to assure the security of electronic voting kiosks and the voting process.

For example, the quick start guide says that poll workers should “control and monitor access to the voting system computer at all times. Consider securing this computer in a controlled access room and keep a log of everyone who accesses the system, along with the date and reason.”

Consider? We’re talking about the central vote tabulator here — shouldn’t there be some specific guidance here? Some kind of security mandated for this vital link in the voting integrity chain?

But again, these are just suggestions, without the force of law or regulation. With no official framework to refer to, and no consistency in voting technology or procedure from county to county, let alone state to state, how can a “Quick Start” guide be anything more than a vague list of suggestions addressing a hypothetical situation. (“Before flying your supersonic jet fighter, don’t forget to put on your pressurized flight suit!”)

As the GAO has noted, the Federal governments security standards for voting systems are entirely voluntary, and have “vague and incomplete security provisions,” to boot. Since that report, EAC issued new guidelines, due to take affect in December, that replace the maligned 2002 Voting System Standards (VSS) and institute stricter testing of voting machines, but again, are “voluntary. States may decide to adopt them entirely or in part prior to the effective date.”

Rockwell like “Trust” seems to be the magic glue in the U.S.’s electronic voting plans, as well as those of electronic voting vendors. Most recently, a Diebold Election Systems spokesman,David Bear, scoffed at reports from security experts of critical holes in touch screen systems made by his company saying, telling the New York Times “For there to be a problem here, you’re basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software,” he said. “I don’t believe these evil elections people exist.”

But hey, maybe I’m too cynical. Maybe e-voting is just the latest crusade for the Black Helicopter set, who see conspiracies everywhere, no matter what evidence to the contrary. And maybe we here in the U.S. are really as gritty and plainspoken and morally upright as Rockwell portrayed us. In that case, we can get by with voluntary standards, lax oversight and absent enforcement. Politicians and appointed elections officials of all stripes will put aside their partisan leanings and do what’s right for the greater good, rather than their team. Maybe.