Marci Andino, executive director of the S.C. Election Commission, reported glowingly on the new electronic voting machines after the November election. This rebuttal is to alert South Carolina voters: Most computer professionals probably would disagree with Ms. Andino’s optimism. The most serious problems in the machines would be exactly those that the commission would not be capable of detecting.

Ms. Andino asserts that not a single vote has been lost because of an equipment malfunction either on Nov. 2 or in previous elections. This statement is indefensible. None of us, not even Ms. Andino, knows what the actual votes have been. In the absence of knowing the truth, malfunctions that are undetected pose serious problems. Further threats include attacks against the integrity of the voting process that are made possible by the inherent complexities of computer security.

I have studied the voting machines from ES&S (the South Carolina vendor) and from other vendors, at least insofar as one can from the available public information. I submitted a white paper on electronic voting in response to a call from the National Research Council.

As a professional computer scientist with more than 25 years’ experience, I believe the security of the ES&S machines is extremely suspect and consider their use in South Carolina inadvisable. I do not believe voters in South Carolina should feel comfortable about their votes being recorded properly. I myself would not trust my vote to these machines, since they contain fundamental software and system flaws. Some of these flaws come from simple errors in technical judgment such as one might see in an average — but not a winning — high school science project.

Further, the machines are part of a more complicated system, and the system, not just the machines, is suspect. Maintaining complete system security is difficult, and preventing exploits against inherent security flaws requires high standards that derive from significant expertise. That expertise seems neither readily available to nor used by the Election Commission. The commission also seems to have no knowledge about how the electronic voting machines actually work; when I asked for technical details, I was instantly referred to the vendor.

Examples of the problems with passwords should be sufficient to convince the skeptical. In its analysis for the state of Ohio, Compuware Corp. reported that all recorded votes can be cleared by a supervisor using three passwords. Two of these passwords are hard-coded into the equipment and are three characters long. Since we prudently must assume that an adversary has access to the equipment, we must also assume that these passwords are known (and perhaps common across the country?) and no longer provide any security whatsoever.

Elsewhere in the report, we read that a supervisor password is not encrypted and is visible in the flash memory audit trail. In the world of computer security, password encryption has been standard since the 1970s. We ought to call into question not just the details of these problems, but also the judgment of those who would make them.

Much of the machines’ security is based on the fact that technical details and software are proprietary, supposedly available to neither the public nor an adversary. This notion of “security through obscurity” is one of the first things students of computer security are taught never to rely upon. Even the fact that all machines have been certified by one of the independent testing authorities offers little comfort. Flawed software in electronic voting machines has been certified acceptable by these authorities, sometimes over a period of several years.

I believe we should view Ms. Andino’s rosy report with a healthy skepticism. Voting is important, and we should not trust machines we know are flawed, vendors with a record of suspect technical judgment or testing authorities that have failed in the past to catch obvious problems.

Dr. Buell holds a doctorate in mathematics. He lives in Columbia.