Five and a half years after the historic débâcle of 2000, voting technology in the United States remains a major impediment to fair elections, with the technological fix to the 2000 problems with paper ballots (hanging chads, etc.) showing signs of being worse than the disease. -- Last Friday, the New York Times reported that "officials in Pennsylvania and California issued urgent directives in recent days about a potential security risk in their Diebold Election Systems touch-screen voting machines, while other states with similar equipment hurried to assess the seriousness of the problem." -- "It's the most severe security flaw ever discovered in a voting system," said a professor of computer science at Carnegie Mellon University who examines electronic voting systems for Pennsylvania, where the primary is to take place on Tuesday. -- "[C]omputer scientists said the problem might allow someone to tamper with a machine's software, some saying they preferred not to discuss the flaw at all for fear of offering a roadmap to a hacker," Monica Davey reported. -- The latest problems "were discovered by Harri Hursti, a Finnish computer expert who was working at the request of Black Box Voting Inc., a nonprofit group that has been critical of electronic voting in the past," and published in a report made available Thursday. -- Aviel Rubin, the Johns Hopkins professor of computer science who first analyzed the security flaws in the source code for Diebold touch-screen machines in 2003, said after studying the latest problem, "I almost had a heart attack. The implications of this are pretty astounding." -- A news release from the Verified Voting Foundation in San Francisco commented on the news, concluding: "[P]aperless electronic voting must be replaced with systems that provide a voter-verified paper record that is manually audited -- our democracy depends upon it." ...
NEW FEARS OF SECURITY RISKS IN ELECTRONIC VOTING SYSTEMS
By Monica Davey
New York Times
May 12, 2006
CHICAGO -- With primary election dates fast approaching in many states, officials in Pennsylvania and California issued urgent directives in recent days about a potential security risk in their Diebold Election Systems touch-screen voting machines, while other states with similar equipment hurried to assess the seriousness of the problem.
Officials from Diebold and from elections' offices in numerous states minimized the significance of the risk and emphasized that there were no signs that any touch-screen machines had been tampered with. But computer scientists said the problem might allow someone to tamper with a machine's software, some saying they preferred not to discuss the flaw at all for fear of offering a roadmap to a hacker.
"This is the barn door being wide open, while people were arguing over the lock on the front door," said Douglas W. Jones, a professor of computer science at the University of Iowa, a state where the primary is June 6.
The latest concern about the touch-screen machines was only the newest chapter in an emerging political and legal fight around the country over voting machines. While some voting officials defend the ease of touch-screens (similar to A.T.M.'s), some advocacy groups argue that optical scan machines, using paper ballots, are far more secure.
The wave of high-tech voting machines was prompted by the 2000 election in Florida, which spotlighted the problems of old-fashioned punch card ballots. But the machines that soon followed have spurred division. Here in Chicago, where voters used both touch-screen and optical-scan systems in a March primary, it took officials a week to tally all the votes because of technical problems and human errors, touching off a flurry of criticism over the Sequoia Voting Systems equipment.
In Maryland this spring, the State House of Delegates passed a bill that would have scrapped touch-screen machines, but the Senate last month took no action on the bill, effectively killing the idea.
This week, Voter Action, a nonprofit group, assisted voters in Arizona in filing for a legal injunction to try to block the state from buying touch-screen electronic voting systems. The suit is among several the group says it has pursued, in states including California, New York, and New Mexico.
The new concerns about Diebold's equipment were discovered by Harri Hursti, a Finnish computer expert who was working at the request of Black Box Voting Inc., a nonprofit group that has been critical of electronic voting in the past. The group issued a report on the findings on Thursday.
Computer scientists who have studied the vulnerability say the flaw might allow someone with brief access to a voting machine and with knowledge of computer code to tamper with the machine's software, and even, potentially, to spread malicious code to other parts of the voting system.
As word of Mr. Hursti's findings spread, Diebold issued a warning to recipients of thousands of its machines, saying that it had found a "theoretical security vulnerability" that "could potentially allow unauthorized software to be loaded onto the system."
The company's letter went on: "The probability for exploiting this vulnerability to install unauthorized software that could affect an election is considered low."
David Bear, a spokesman for Diebold Election Systems, said the potential risk existed because the company's technicians had intentionally built the machines in such a way that election officials would be able to update their systems in years ahead.
"For there to be a problem here, you're basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software," he said. "I don't believe these evil elections people exist."
Still, he said, the company will in the coming months solve the vulnerability, but not before most primary elections occur.
In places where the machines are used, most election officials said they were not worried.
"We're prepared for those types of problems," said Deborah Hench, the registrar of voters in San Joaquin County, Calif. "There are always activists that are anti-electronic voting, and they're constantly trying to put pressure on us to change our system."
Aviel Rubin, a professor of computer science at Johns Hopkins University, did the first in-depth analysis of the security flaws in the source code for Diebold touch-screen machines in 2003. After studying the latest problem, he said: "I almost had a heart attack. The implications of this are pretty astounding."
--Gretchen Ruethling contributed reporting from Chicago for this article, and John Schwartz from New York.
LATEST SECURITY VULNERABILITY IN PAPERLESS ELECTRONIC VOTING UNDERSCORES URGENT NEED FOR PAPER TRAIL, AUDITING
Verified Voting Foundation
May 16, 2006
A critical security vulnerability has been brought to light in Diebold touch screen voting machines, just as several primaries are about to occur.
In a May 12th New York Times article [above], Avi Rubin, a Professor at Johns Hopkins and Verified Voting advisory board member, said I almost had a heart attack when he understood the nature of the problem. Michael Shamos, a computer scientist and voting system examiner in Pennsylvania, was quoted in the same article, "It's the most severe security flaw ever discovered in a voting system."
Indeed, several experts have urged that the technical details of the problem not be discussed because it is so easy to exploit. Such recommendations are extraordinary, coming from a community that values openness and transparency on computer security issues.
According to the report (available in redacted version at http://www.blackboxvoting.org) by computer expert Harri Hursti, the machines have insufficient protection to prevent malicious firmware from being installed. If bad firmware were installed, it would be difficult to detect, and it might be difficult to install new clean firmware. A wide variety of poll workers, shippers, technicians and so on, have physical access to voting machines at various times; any of these people might be able to use that access to install bad firmware.
Shockingly, news of the security flaw was topped off on Monday with news that both Diebold and the State of Maryland have been aware of the security vulnerability for at least two years.
Further adding to the scandal is the fact that the backdoor (or doors) were designed into the machines intentionally, against accepted design practice and, indeed, simple common sense, as Diebold spokesman David Bear admits in the same New York Times article. He goes on to say, For there to be a problem here, you're basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software, he said. I don't believe these evil elections people exist.
Diebold's confidence in election officials is heartwarming. But what really matters is the confidence of the voting public. What are these same election officials to do when disgruntled candidates question the results of their elections? They cant point to federal and state safeguards, which completely overlooked this glaring problem. In most places using Diebold touch screen machines, there will be no voter-verified paper records to recount. In those jurisdictions in particular, Diebold has left election officials with no method to defend themselves or their elections when questions arise.
It is easy for people to learn the wrong lesson from this incident: that we need more stringent computer security. More stringent security is desirable (depending on how much it costs), but wont solve the real problem. The cause of the real problem is the use of paperless electronic voting, which is fatally flawed as a concept. Modern computer systems cannot be made sufficiently secure to handle all-electronic voting with secret ballots. Mistakes or tampering at any level, from the software to the circuits in the chips can change electronic votes, undetectably.
This incident is just one of many, involving products from many different manufacturers. It wont be the last. Indeed, such problems will never end as long as paperless electronic voting is in place.
Suppose we had the best possible practices, such as thorough background checks of the ownership, management, and employees of vendors, meticulous and intrusive reviews of the design and manufacture of the equipment by truly independent experts, and so on -- the kinds of measures used for regulation of gambling equipment. Even these measures would not eliminate programming errors and security holes. Even in a best-case scenario, there will always be people who can hack the machines (including the programmers who write the code in the first place). Voters will never know whether their votes were recorded and counted accurately.
Given the current state of technology, elections cannot be trustworthy unless there are voter-verified paper records of the votes and a significant portion of those paper records are manually counted to check the machine counts. We cant guarantee that machines will always function correctly, but each voter can make sure that his or her vote has been correctly recorded on paper (preferably by the voters own hand).
Fortunately, twenty-seven states with over fifty percent of the U.S. population require voter-verified paper records. Some counties in those states may use the Diebold touch screen machines with paper trail printers. If they must use the machines, we would urge them in the strongest terms to be especially diligent in protecting and auditing those paper records -- including manually counting more than the minimum number required by law.
Every jurisdiction with voter-verified paper records (paper ballots or paper audit trail printouts verified by the voter) should publicly carry out a manual audit, after the initial vote count is reported, with random selection of the areas to be counted. Voters should encourage their election officials to carry out such an audit -- regardless of whether it is required by law in their state -- in order to check the voting system for accuracy. Currently, more than twice as many jurisdictions offer voter-verified paper records than there are jurisdictions that require audits.
Whatever you do, dont let these problems discourage you from voting. If you dont vote, you can be sure that your vote wont count. Instead, contact your elected officials and the candidates and make sure they understand that paperless electronic voting must be replaced with systems that provide a voter-verified paper record that is manually audited -- our democracy depends upon it.
Verified Voting Foundation
1550 Bryant St., Suite 855
San Francisco, CA 94103