US computer security experts have renewed their warnings about electronic voting systems.
They said that without an independent assessment of how the equipment fared in the US presidential elections, it is difficult to determine their accuracy.
"We need some way of assessing what has happened after the fact," said Peter Neumann, the principal scientist at SRI International Computer Science Laboratory and chair of the National Committee of Voting Integrity (NCVI). "It is extremely difficult to determine what happened because there is an absence of accountability and auditing in those machines."
NCVI members did not allege widespread problems with e-voting systems, but they warned that the machines could still leave voters with doubts about the final results.
"The vote went remarkably smoothly, considering that we had record turn-out and considering that it was scrutinised with more intensity then I can remember," said Doug Jones, an associate professor of computer science at the Iowa State University and a voting technology expert.
"Electronic voting machines took an important test on 2 November and passed with flying colours," said Harris Miller, president of the Information Technology Association of America, an IT industry lobbying group.
The e-vote, using about 175,000 different systems across the country, "took place efficiently and effectively across a wide range of people, places and local election processes and practices, [and] with a minimum of disruptions."
Britt Kauffman, president and CEO of Hart InterCivic, whose e-Slate e-voting systems were used throughout Texas, Colorado, California, North Carolina, Washington, Hawaii, Virginia, Pennsylvania and Kentucky, said all reports indicate a "relatively smooth election day" for the millions of voters who voted electronically.
But critics remain concerned that the apparent success of the vote could be overshadowed by what they called significant problems with the process by which e-voting is done.
During the long tabulation process, some grass-roots voter monitoring organisations began posting firsthand accounts of incidents they say clearly indicate a nationwide lack of technical and process standards. That, combined with an inability to verify how individual systems tabulate votes, has created a deeply flawed election process, they said.
Jones said research into how voters interact with the machines is difficult to conduct. "All we can do is things like compare the number of ballots with the number of votes recorded and wonder, 'Why did people come to the polling place to cast a blank ballot?'" he said.
While voting experts know a lot about how people make errors on paper ballots, they still know little about what goes wrong with electronic voting systems.
The NCVI is most concerned about touch-screen systems that don't produce a paper record of a vote, a write-once CD-Rom record, or some other permanent, separate record that is available for audit and review, said Lillie Coney, the coordinator of the NCVI.
Coney said she does not understand why election officials use paperless voting machines. "It is the most perplexing thing I've ever seen."
Part of the problem, she said, is with state and local election officials who are not skilled IT buyers. "They are relying strictly on what their vendors tell them - if their vendors tell them it's secure, it's secure," she said.
NCVI officials said it may take weeks to determine the extent and kinds of problems voters encountered. The group plans to sift through voter incident reports and news accounts of problems and will continue to push Congress to fund research at the National Institute of Standards and Technology.
The agency has been tasked by Congress to develop e-voting standards, but is not getting the funding needed to do the job, according to the NCVI.
Other issues arising from the use of e-voting could also raise questions about the overall voting process in the US. Some voting experts pointed to problems in some polling places with the manual process of verifying voter registrations. Disputes often led to the issuance of provisional ballots.
"Having successfully avoided the recount problems of 2000, the focus has now shifted to voter qualification," said Stewart H Thomas, a managing partner at the law firm Thomas & Dees.
"The provisional ballot, just like the touch-screen ballot, is an unrewarding process, especially when it comes at the end of a several-hour wait in the poll line. We must find a way to enrich the voter's ballot experience while maintaining tabulation and registration integrity," he said. "Certainly we can do better."
Some problems were more serious than that. Avi Rubin, a Johns Hopkins University computer science professor who earlier this year was at the forefront of the controversy over e-voting security, worked as an election official in Maryland.
A critic of the way e-voting system suppliers designed their software and of the secrecy around the development process, Rubin said the deployment process and controls put in place were woefully inadequate.
As a result, there is reason to be concerned about the integrity of the results in many polling places, he said.
Rubin said Diebold Accuvote TS touch-screen systems were left unattended overnight at the polling place on 1 November.
In addition, the same machines referenced by Rubin were set up the night before the election by two local elections officials from the same political party, according to Rubin.
"The Diebold Accuvote TS machines were shown to be highly vulnerable to tampering," Rubin wrote in an online weblog established by a group of computer science professors from around the country.
"With physical access to the machines, one could change a few bytes in the ballot definition file and votes for the two major presidential candidates would be swapped. In that case, none of the procedures we had in place could detect that votes were tallied for the wrong candidates," he said.
Rubin said that the fact that this election is being labeled a success for e-voting systems "does not mean that it will be next time. And, we'll never really know if [this election] was actually successful," he said.
"When votes are stored as electrons, and tallying is done using shoddy software that is running on Microsoft Windows, there is no way to know that someone hasn't tampered with it," said Rubin. "If you drive without a seat belt, as we did in this election, and you don't crash, that doesn't mean you should conclude that it is safe to drive that way."
Dan Verton and Patrick Thibodeau write for Computerworld