Omniballot is an election software used in dozens of jurisdictions in the United States. In addition to delivering votes and helping voters mark them, it includes an option for online voting. At least three states, West Virginia, Delaware and New Jersey, have used or plan to use the technology in upcoming elections. Online voting is also used in four local jurisdictions in Oregon and Washington.But Michael specter of MIT and Alex Haldeman of the University of Michigan, a new study of computer scientists, have found that the software's inadequate security measures pose a serious risk to the integrity of the election.
Specter and Halderman get a copy of omniballot software, reverse engineer it, and then create a new server software that mimics the real server behavior. This allows them to experiment with the software without interfering with real elections. They found that omniballot offers a number of different functions that state election officials can choose to offer to voters. The most basic is the blank ballot delivery function, which can provide the voters with PDF ballot that can be printed out and sent back to the polling station. Local governments can also provide the function of marking ballot papers, marking voters before printing them. This allows blind voters to fill in their own ballots. It can also prevent multiple votes and warn voters that they are not voting.
But specter and Halderman think there are some additional risks. Malware can be programmed to switch votes in a very short time. In theory, voters should check whether the votes are correct before delivering them, but research shows that voters are not strict about it. A study by Haldeman and others found that in a real-world simulated election, only 6.6% of voters reported changes to the election supervisor.