Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Tue, 07 Oct 2003 14:32:28 -0500
From: David Bolduc <dbolduc@xxxxxxxxxxx>
Subject: Wired - Time to Recall E-Vote Machines?
To: "Dave Farber (E-mail)" <dave@xxxxxxxxxx>
For IP, if you like.
More bad news on e-voting machines.
(3-page story - only first page reproduced below, follow links to see the
rest. Page 3 lists some serious security problems.)
http://www.wired.com/news/politics/0,1283,60713,00.html
Time to Recall E-Vote Machines?
By Kim Zetter | Also by this reporter Page 1 of 3 next »
08:39 AM Oct. 06, 2003 PT
As Californians head to the polls on Tuesday, voters in at least one
county will cast their ballots electronically on machines that have been
shown to be flawed.
Election officials around the country have been switching to new
computerized polling machines with the hope of avoiding a repeat of the
Florida debacle over punch-card voting that marred the 2000 presidential
election.
Alameda County uses 4,000 touch-screen voting machines manufactured by
Diebold Election Systems. But last month, officials in Maryland released a
report saying that the Diebold machines were "at high risk of compromise"
due to security flaws in the software. Despite this, officials in Alameda
County said their policies and procedures for using the machines will
secure them against voting fraud.
However, information obtained by Wired News at a training session for
Alameda County poll workers indicates that security lapses in the use of
the equipment and poor worker training could expose the election to
serious tampering.
Voting-machine experts say the lapses could allow a poll worker or an
outsider to change votes in machines without being detected. And because
other problems inherent in the software won't be fixed before the recall,
experts say sophisticated intruders can intercept and change vote tallies
as officials transmit them electronically.
The training session revealed the following:
Officials leave voting machines at polling stations days before the
election. The machines contain memory cards with ballots already loaded on
them. This means before the election, someone could alter the ballot file
in such a way that voters would cast votes for the wrong candidate without
knowing it.
The memory card rests behind a locked door on the side of the voting
machine. But supervisors receive a key to the compartment the weekend
before the election. The same key fits every machine at a polling station.
Poll supervisors are selected with no background checks and are given keys
to buildings where they can access the machines several days before the
election.
The machines, worth around $3,000 each, are locked on a trolley at polling
stations with only a bicycle lock. The combination, which anyone could
crack in a couple of tries, is the same for every polling station in the
county and is given to poll supervisors during their training.
Although the machines have two blue tamper-resistant ties threaded through
holes in their carrying cases, the ties can easily be purchased on the
Internet. Supervisors open at least one case the night before the election
to charge the machine inside, which means the case remains unsealed overnight.
While leaving equipment unattended overnight might be fine if the county
were using punch-card machines, experts say electronic machines raise the
security risks tenfold because minor changes to the machines can result in
changes to millions of votes.
David Dill, a computer science professor at Stanford University and critic
of electronic voting machines that don't provide a verifiable paper trail,
calls the information about the county's security "jaw-dropping."
"The Maryland study emphasizes page after page how essential physical
security is to these machines. And yet people here are saying they're not
worrying about it. We don't know everything there is to know about these
machines and there are probably attacks to these machines that people
haven't even thought of yet. It's very clear that there are serious
problems here."
Alameda County, a Democratic stronghold that includes the cities of
Berkeley and Oakland, converted to all-electronic voting last year at a
cost of more than $12 million. In addition to Alameda, one other small
county will be using 200 of the Diebold AccuVote-TS machines in the
recall. Two other counties will use touch-screen machines from another
manufacturer.
But three weeks ago, a report (PDF) commissioned by the state of Maryland
found that flaws in the software could open an election to rigging.
While Alameda County couldn't fix problems with the software before the
recall, Elaine Ginnold, the county's assistant registrar of voters, said
after the report was released that the procedures for using the machines
would protect the systems from tampering.
Those procedures did not appear to be in place last week.
The county has no plans to place tamper-resistant tape over memory card
compartments on the machines, a step that authors of the Maryland report
recommended. Therefore, anyone with access to the machines can pick the
lock on the compartment or open it with a key.
Furthermore, security around passwords was lax. The password for the card
used to close down a machine at the end of an election is printed in
Diebold manuals, which workers keep in their homes over the election
weekend. The password is the same easy-to-guess number that opens
combination locks securing machines at polling stations.
"We have to have something that's easy for poll workers to remember,"
Ginnold said.
The training session for about 30 poll workers, held in an Oakland
warehouse, lasted two-and-a-half hours. In a 20-minute, hands-on phase,
workers practiced setting up machines, voting on them and shutting them
down. But most of the workers didn't have time to complete the sequence.
Tom Wilson, a poll supervisor who attended the training, said he signed up
to work in the polls because of problems in the last presidential race.
"I was appalled by what happened in Florida," he said. "I wanted to make
sure that this time all votes would get counted."
But Wilson was concerned he did not have enough hands-on training with the
machines to serve voters effectively.
"There was a lot of information, and I didn't get it all," he said. "Maybe
my mind was wandering a bit."
He added, "I feel reasonably confident about myself, but not necessarily
confident about every other supervisor. Given the level of training,
there's still a lot of room for human error. But it does seem better than
dangling chads."
That remains to be seen.
<continued - see links)