Are Your Votes Really Counted? Testing the Security of Real-world Voting Systems

Davide Balzarotti, Greg Banks, Marco Cova, Viktoria Felmetsger, William Robertson, Fredrik Valeur, Giovanni Vigna, Richard Kemmerer
In Proceedings of the International Symposium on Software Testing and Analysis (ISSTA)

testing voting

Electronic voting systems play a critical role in today’s democratic societies, as they are responsible for recording and counting the citizens’ votes. Unfortunately, there is an alarming number of reports describing the malfunctioning of these systems, suggesting that their quality is not up to the task. Recently, there has been a focus on the security testing of voting systems to determine if they can be compromised in order to control the results of an election. We have participated in two large-scale projects, sponsored by the Secretaries of State of California and Ohio, whose respective goals were to perform the security testing of the electronic voting systems used in those two states. The testing process identified major flaws in all the systems analyzed, and resulted in substantial changes in the voting procedures of both states. In this paper, we describe the testing methodology that we used in testing two real-world electronic voting systems, the findings of our analysis, and the lessons we learned.