PRISON Newswire
PRISON          Copyright 2002-2003 Alex Jones          All rights reserved.
High-tech voting machines could be rigged, experts say

Cleveland Plain Dealer

Washington - Worms and viruses already have crippled computers around the world. Now, computer security experts warn that hackers could cripple democracy itself.

They say hackers could rig the touch-screen voting machines that states are buying to replace error-prone punch cards like those that tainted the 2000 presidential election.

Makers of the machines, such as North Canton-based Diebold, say routine checks by poll workers would catch cheats.

But their assurances haven't stopped several states, including Ohio, from postponing purchases they had hoped to put on the fast track with federal dollars. Congress promised states $3.9 billion to update election machines when it adopted the Help America Vote Act last year.

Maryland, which has committed to buying touch-screen machines, asked an independent computer security firm to examine whether they could be subject to tampering. So has Ohio, whose purchase decision has been delayed by an unsuccessful bidder's lawsuit.

"We will put these voting devices through an extensive security assessment and validation process," promised Ohio Secretary of State Kenneth Blackwell, who has asked Science Application International Corp. of San Diego and InfoSentry Services of Raleigh, N.C., to test the machines and report back in six weeks.

The controversy flared in July when a report from Johns Hopkins University's Information Security Institute found significant security flaws in Diebold software for touch-screen machines.

"Voters can trivially cast multiple ballots with no built-in traceability, administrative functions can be performed by regular voters, and the threats posed by insiders such as poll workers, software developers and even janitors, is even greater," the report said.

Though the group examined only Diebold software, similar problems might affect other machines as well, said computer science professor Avi Rubin, who led the study. His group was able to scrutinize a version of Diebold's coding that was posted on the Internet.

"History is full of examples of people trying to change elections and their outcomes, so that is why security is so important in elections," Rubin said in an interview. "Whoever builds the voting machines can completely control the outcome of elections, regardless of how people vote. The less oversight there is over that process, the more control they have."

Company disputes report

Diebold vigorously disputed the report's conclusions. The company said Rubin's group examined outdated, incomplete software and that programming on its touch-screen machines can't be tampered with, as Rubin did, because the machines lack input devices such as computer keyboards.

Diebold spokesman John Kristoff said anyone wanting to manipulate an election would have to alter each of the thousands of terminals in use, a scenario he called "logistically unlikely." He said the number of ballots cast on machines must equal the number of voters signed in by poll workers, so cheats would be caught.

"Elections can be tilted today by paying election workers to change paper votes," Kristoff said.

"Electronic voting is much more secure than any other system out there," Kristoff said.

He said the report hasn't hurt company business because customers understand the security precautions taken by people who run elections. He said roughly a third of the touch-screen machines now in use were made by his company.

Georgia used Diebold's machines in last year's elections and found them accurate and secure, said Chris Riggall, press secretary for Georgia Secretary of State Cathy Cox.

"If there are security flaws, we are still in a position to fix them," said American Civil Liberties Union of Ohio legal director Raymond Vasvari, whose organization has filed a lawsuit to demand that the state update its balloting system. He believes electronic voting machines are the best solution. "We know for a fact that punch cards are lousy, and it's not speculative to say that they don't work."

The president of a company that Ohio hired to examine the machines, InfoSentry's Glenn Newkirk, said it's important to consider the managerial and operational aspects of voting systems, as well as their software and technology, to determine whether they are secure.

"You can't just look at one of these components and scream there is an undue risk and we shouldn't trust any elections technology," said Newkirk.

Soon after the Johns Hopkins report came out, Rubin revealed that he had served on the board of an election software company, VoteHere Inc., in Washington state. Diebold accused him of bias.

Rubin said his role with VoteHere was minimal, did not result in any profit, and that he severed ties with the company after the study was released. He said those ties did not affect the report's conclusions.

Other academics also question whether electronic voting is secure. More than 900 computer professionals and academics have signed an online petition authored by Stanford University computer science professor David Dill that contends "computerized voting equipment is inherently subject to programming error, equipment malfunction and malicious tampering."

It urges passage of federal legislation that would require voting machines to provide a "voter-verifiable audit trail" that voters could check for accuracy and that would be difficult or impossible to alter afterward.

The bill, sponsored by Rep. Rush Holt, a New Jersey Democrat, would require that electronic voting machines produce an internal paper trail to back up results in case of malfunction or mischief. Diebold's machines do not now produce a paper trail, but they can be modified to do so, the company said.

Ohio called critical

Kent State University physics professor Michael Lee, who signed the petition, said Ohio is a bellwether state that oscillates between parties in national elections with narrow margins, so "it wouldn't take much tampering to switch Ohio from one column to another."

"I don't think our politicians necessarily have the technical expertise to do something like that, but I believe we have zealots who would compromise the law to win," said Lee, who is president of the university's council on technology and faculty adviser to its campus Democratic group.

Rep. Marcy Kaptur, a Toledo Democrat whose district reaches into western Lorain County, was so concerned about the Johns Hopkins report that she asked security experts from universities in her district to examine systems the state is considering. They told her none could prevent fraud.

Kaptur fears that hackers, or even voting machine companies themselves, could conspire to rig elections.

"Some of these companies obviously have strong political ties," said Kaptur.

Diebold chief executive Walden O'Dell fed those perceptions by sending an Aug. 14 fund-raising letter to Republicans that said he is "committed to helping Ohio deliver its electoral votes to the president next year."

Democrats say it's a conflict of interest for the leader of a company that aspires to make Ohio's voting machines to make such a strong partisan commitment. They have asked Blackwell, a Republican, to disqualify Diebold's machines from consideration.

Blackwell brushed off their suggestions, insisting that all voting machine companies have political ties and his process for selecting Ohio's voting machine vendors is fair, thorough and impartial.

Since 2001, O'Dell has contributed $4,000 to President Bush, $5,965 to the Republican National Committee, and $2,500 to Republican Sen. George Voinovich, according to records compiled by the Center for Responsive Politics. O'Dell and his wife donated a combined $8,500 to Republican Gov. Bob Taft between June 2001 and October 2002, state records show.

Diebold officials said O'Dell's partisan activities don't affect the company, and shouldn't affect whether Ohio approves use of its machines. "Wally's political affiliations have no impact on our product, product development or how we approach these contracts," said company spokesman Kristoff.

Diebold isn't the only voting machine company that has faced conflict charges. Before winning a Senate seat in Nebraska, Republican Sen. Chuck Hagel was president of a company that later became Omaha-based Election Systems & Software, a Diebold rival. He left the job before his first campaign in 1996.

Hagel's unsuccessful 2002 Democratic foe, construction worker Charlie Matulka, called Hagel's links to the company that counts 80 percent of Nebraska's votes "an American travesty" and asked: "Is the fox guarding the hen house?"

But Hagel was re-elected with 83 percent of the vote, and he and ES&S officials said the conflict charges were groundless. Although Hagel's financial disclosure reports indicate he still owns shares in a company that is a part-owner of ES&S, he and the company say he has no role in the company.

"He has no power to stack the deck," said Hagel spokesman Mike Buttry.
E Mail This Page