To help mitigate the risks identified in the security analyses, Maryland proposed a set of technological changes to Diebold’s voting machines as well as procedural changes to the election process. While this may help “raise the bar,” it is impossible to know whether any security analysis identifies all the possible vulnerabilities present in an analyzed system. By only patching the known vulnerabilities, Maryland is not actually ensuring that the voting system will be secure. Rather, Maryland should follow security engineering best practices, which state that security can only be assured through a rigorous design process that considers security from a project’s conception, not through a set of patches applied after the fact.
It appears that the state of Maryland has had to compromise on the security of the voting system due to the election calendar. The Maryland State Board of Elections states that “an alternative system could not be implemented in time to conduct the March 2004 Presidential Primary election and could jeopardize the November 2004 Presidential General election.” Unfortunately, by compromising on security, the integrity and privacy of these elections may still be in jeopardy.