Electronic voting is getting slammed this week. First, Dan Gillmor’s Sunday Column took election officials to task for not insisting on providing physical paper trails that can be followed should the results of an election be in doubt. Then on Wednesday several computer security experts at Johns Hopkins University and Rice University published a scathing analysis of the design of the Diebold AccuVote-TS, one of the more commonly used electronic voting systems, based on source code that the company accidentally leaked to the Internet back in January. Exploits include the ability to make home-grown smart-cards to allow multiple voting, the ability to tamper with ballot texts, denial of service attacks, the potential to connect an individual voter to how he voted, and potentially the ability to modify votes after they have been cast. The New York Times and Gillmor’s own blog have since picked up the report. Diebold has since responded to the analysis, but at least so far they haven’t addressed the most damning criticisms.

There are several lessons to be learned from all this:

Frank Moss, US deputy assistant secretary for Passport Services, announced at the recent Smart Card Alliance meeting that production of new smart-card enabled passports will begin by October 26, 2004. Current plans call for a contactless smart chip based on the ISO 14443 standard, which was originally designed for the payments industry. The 14443 standard supports a data exchange rate of about 106 kilobytes per second, much higher than that of the widely-deployed Speedpass system.

Nearly six years to the day after the process was started, it looks like the IEEE is honing in on a single standard for a fast (around 100 Mbit/s), short-range (< 10m), low-power, low-cost wireless communication. The standard, which will be IEEE 802.15.3a, comes out of the IEEE Wireless Personal Area Network (WPAN) working group. Unlike cellular or Wi-Fi networks, the point of a personal area network is to communicate with other devices that are there in the room with you. For example, a high-speed WPAN would allow your PDA to stream video directly to a large-screen TV. Alternatively, your core CPU could wirelessly communicate with medical sensors, control buttons, displays and ear-pieces, all distributed around the body. The standard fills much the same niche as Bluetooth (the first standard adopted by the working group, also known as 802.15.1), but the new technology is significantly faster than Bluetooth (up to 100 times faster, according to champions of the technology).

Trade news columnists who know more than I do about this are picking Texas Instruments’ proposal for OFDM UWB (that’s Orthogonal Frequency Division Multiplexing Ultra Wide Band, thank you for asking) as the likely technology to be picked. Assuming it does, TI’s UWB business development manager says we can expect to see the first UWB products hitting the marketplace in 2005.

Update: The standard did not receive enough votes to pass, and will be voted on again in mid-September.

References:

• IEEE 802.15 Website
• Wireless raises the final standard (ZDNet, 22nd July 2003)
• Basis of UWB Spec Could Be Decided This Week (Electronic News, 21st July 2003)
• Military’s ‘sneaky wave’ out of hiding (C|net, 11 March 2003)
• Texas Instruments’ UWB page