Are Your Votes Really Counted? Testing the Security of Real-world Voting Systems
Proceedings of the International Symposium on Software Testing and Analysis (ISSTA)
Electronic voting systems play a critical role in today’s democratic societies,
as they are responsible for recording and counting the citizens’ votes.
Unfortunately, there is an alarming number of reports describing the
malfunctioning of these systems, suggesting that their quality is not up to the
task. Recently, there has been a focus on the security testing of voting
systems to determine if they can be compromised in order to control the results
of an election. We have participated in two large-scale projects, sponsored by
the Secretaries of State of California and Ohio, whose respective goals were to
perform the security testing of the electronic voting systems used in those two
states. The testing process identified major flaws in all the systems analyzed,
and resulted in substantial changes in the voting procedures of both states.
In this paper, we describe the testing methodology that we used in testing two
real-world electronic voting systems, the findings of our analysis, and the
lessons we learned.