Electronic voting machines are still vulnerable, House is told

["Pete Klammer" <pklammer@xxxxxxxxxxx>]

Posted on Thu, Jul. 08, 2004  

Electronic voting machines are still vulnerable, House is told

By Sumana Chatterjee
Inquirer Washington Bureau

WASHINGTON - Just four months before the Nov. 2 elections, vulnerabilities
persist in electronic voting machines used nationwide, a group of computer
experts told House lawmakers yesterday.

The experts voiced concern that the elections may be plagued by hackers,
fraud and computer malfunctions. Some argue for the return of the paper
ballot as a backup to verify voters' intentions.

But election commissioners who plan to rely on electronic balloting insisted
that their machines worked well. Sufficient security measures and fallbacks
are in place to ensure that electronic voting is accurate, they said.

Nearly 50 million Americans are expected this fall to use touch-screen
equipment. Many states and counties moved to electronic voting machines
after the contested 2000 results in Florida.

"No matter how you cut this, voters are concerned about their votes being
counted," said Rep. Juanita Millender McDonald (D., Calif.), a member of the
House Administration Committee, which oversees voting systems.

"Given the gravity of the security failings the computer security community
has documented... it is irresponsible to move forward without addressing
them," said Avi Rubin, a professor at the Johns Hopkins University
Information Security Institute in Baltimore. The institute's doctoral
candidates found significant design and programming flaws in software for
Diebold voting machines, a popular system.

The general problem, according to Rubin, is that there is no way for
election officials to be sure that electronic machines are free of malicious
code designed to manipulate results.

He said companies were reluctant to share their "source code," the
proprietary software that controls voting and tabulating results, so that
their software can be checked independently. "We need more public scrutiny,"
Rubin said.

On Tuesday, the U.S. Election Assistance Commission, founded in the
aftermath of the 2000 vote to help states ensure fair elections, will try to
come up with ways to reduce security vulnerabilities and make source codes
available to independent testers.

Earlier this year, California Secretary of State Kevin Shelley banned the
use of a Diebold system in some counties after determining that software
problems jeopardized vote results.

Election officials dismissed the criticism yesterday from computer experts.
"Although any electronic voting system is hypothetically 'hackable,' I am
confident that the likelihood of this occurring is extraordinarily remote,"
said Linda Lamone, Maryland's election administrator.

Lamone outlined a dozen challenges a hacker would have to overcome. Chief
among them: obtaining a working knowledge of the software's specific
programming language and gaining physical access to computer servers and
voting machines.

"There has not been one single case of election fraud due to tampering with
a voting system's hardware or software," she said.

Election officials who use electronic machines also credited them with
reducing the number of voters disenfranchised by previously used mechanical
systems.

Computer experts worry that because most electronic voting machines lack a
paper trail, it would be impossible to conduct an accurate recount in a
contested election, Rubin said. He advocates a return to paper ballots as a
backup.

The federal voting commission is looking into guidelines for paper
verification.


----------------------------------------------------------------------------
----
Contact reporter Sumana Chatterjee at 202-383-6040 or
schatterjee@xxxxxxxxxxxxxxxxx  


 --
Pete Klammer / ACM(1970), IEEE, ICCP(CCP), NSPE(PE), NACSE(NSNE)
    3200 Routt Street / Wheat Ridge, Colorado 80033-5452
  (303)233-9485 / Fax:(303)274-6182 / Mailto:PKlammer@xxxxxxx
 Idealism may not win every contest, but that's not what I choose it for!