While We're Grateful for the WaPo Coverage of the New NIST Recommendations for Voting Systems, They Overlook --- as Have Others --- the Call to Also Scrap DRE/Touch-Screen Systems Even With So-Called 'Voter Verified Paper Audit Trails'...
By Brad Friedman on 12/1/2006, 12:49pm PT  

Concerning the NIST reports we highlighted Wednesday night...the Washington Post catches up today with a front page article on them which begins this way...

Paperless electronic voting machines used throughout the Washington region and much of the country "cannot be made secure," according to draft recommendations issued this week by a federal agency that advises the U.S. Election Assistance Commission.

The assessment by the National Institute of Standards and Technology, one of the government's premier research centers, is the most sweeping condemnation of such voting systems by a federal agency.

Decent coverage, though they --- like some of the other folks who've looked into the draft NIST whitepaper recommendations (two of them: here and here, both PDF) --- seem to be overlooking NIST's other recommendation that even DRE/touch-screen systems with so-called paper trails should not be used either.

For those who wonder why, Wall Street Journal (yes, Wall Street Journal!) explained just one of the reasons why in an article yesterday covering the mess in Florida's 13th district U.S. House race where some 18,000 votes disappeared on Sarasota County's paperless ES&S touch-screen voting machines:

A paper-trail law probably wouldn't have prevented the Sarasota mishap, where about 18,000 voters apparently didn't notice that they hadn't voted in the House race, even though a summary page at the end of the ballot flagged their oversight. A paper record would have carried the same information and could also have been ignored.

I hope to have more analysis and clarification for you, hopefully, later on NIST's overlooked recommendation to not use DRE/touch-screens even with the so-called Voter Verified Paper Audit Trail (VVPAT) paper rolls.

In the meantime though, there's this little item from the WaPo article for those who don't click through to the full story...but need to be reminded anyway:

The report repeats the contention of the computer security community that "a single programmer could 'rig' a major election."

Are we all finally clear on at least that much by now?