<<< Date Index >>>     <<< Thread Index >>>

[IP] Wired - Time to Recall E-Vote Machines?




Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Tue, 07 Oct 2003 14:32:28 -0500
From: David Bolduc <dbolduc@xxxxxxxxxxx>
Subject: Wired - Time to Recall E-Vote Machines?
To: "Dave Farber (E-mail)" <dave@xxxxxxxxxx>


For IP, if you like.

More bad news on e-voting machines.

(3-page story - only first page reproduced below, follow links to see the rest. Page 3 lists some serious security problems.)

http://www.wired.com/news/politics/0,1283,60713,00.html
Time to Recall E-Vote Machines?


By Kim Zetter  |   Also by this reporter  Page 1 of 3 next »

08:39 AM Oct. 06, 2003 PT

As Californians head to the polls on Tuesday, voters in at least one county will cast their ballots electronically on machines that have been shown to be flawed.

Election officials around the country have been switching to new computerized polling machines with the hope of avoiding a repeat of the Florida debacle over punch-card voting that marred the 2000 presidential election.

Alameda County uses 4,000 touch-screen voting machines manufactured by Diebold Election Systems. But last month, officials in Maryland released a report saying that the Diebold machines were "at high risk of compromise" due to security flaws in the software. Despite this, officials in Alameda County said their policies and procedures for using the machines will secure them against voting fraud.

However, information obtained by Wired News at a training session for Alameda County poll workers indicates that security lapses in the use of the equipment and poor worker training could expose the election to serious tampering.

Voting-machine experts say the lapses could allow a poll worker or an outsider to change votes in machines without being detected. And because other problems inherent in the software won't be fixed before the recall, experts say sophisticated intruders can intercept and change vote tallies as officials transmit them electronically.

The training session revealed the following:


Officials leave voting machines at polling stations days before the election. The machines contain memory cards with ballots already loaded on them. This means before the election, someone could alter the ballot file in such a way that voters would cast votes for the wrong candidate without knowing it.


The memory card rests behind a locked door on the side of the voting machine. But supervisors receive a key to the compartment the weekend before the election. The same key fits every machine at a polling station.


Poll supervisors are selected with no background checks and are given keys to buildings where they can access the machines several days before the election.


The machines, worth around $3,000 each, are locked on a trolley at polling stations with only a bicycle lock. The combination, which anyone could crack in a couple of tries, is the same for every polling station in the county and is given to poll supervisors during their training.


Although the machines have two blue tamper-resistant ties threaded through holes in their carrying cases, the ties can easily be purchased on the Internet. Supervisors open at least one case the night before the election to charge the machine inside, which means the case remains unsealed overnight.

While leaving equipment unattended overnight might be fine if the county were using punch-card machines, experts say electronic machines raise the security risks tenfold because minor changes to the machines can result in changes to millions of votes.

David Dill, a computer science professor at Stanford University and critic of electronic voting machines that don't provide a verifiable paper trail, calls the information about the county's security "jaw-dropping."

"The Maryland study emphasizes page after page how essential physical security is to these machines. And yet people here are saying they're not worrying about it. We don't know everything there is to know about these machines and there are probably attacks to these machines that people haven't even thought of yet. It's very clear that there are serious problems here."

Alameda County, a Democratic stronghold that includes the cities of Berkeley and Oakland, converted to all-electronic voting last year at a cost of more than $12 million. In addition to Alameda, one other small county will be using 200 of the Diebold AccuVote-TS machines in the recall. Two other counties will use touch-screen machines from another manufacturer.

But three weeks ago, a report (PDF) commissioned by the state of Maryland found that flaws in the software could open an election to rigging.

While Alameda County couldn't fix problems with the software before the recall, Elaine Ginnold, the county's assistant registrar of voters, said after the report was released that the procedures for using the machines would protect the systems from tampering.

Those procedures did not appear to be in place last week.

The county has no plans to place tamper-resistant tape over memory card compartments on the machines, a step that authors of the Maryland report recommended. Therefore, anyone with access to the machines can pick the lock on the compartment or open it with a key.

Furthermore, security around passwords was lax. The password for the card used to close down a machine at the end of an election is printed in Diebold manuals, which workers keep in their homes over the election weekend. The password is the same easy-to-guess number that opens combination locks securing machines at polling stations.

"We have to have something that's easy for poll workers to remember," Ginnold said.

The training session for about 30 poll workers, held in an Oakland warehouse, lasted two-and-a-half hours. In a 20-minute, hands-on phase, workers practiced setting up machines, voting on them and shutting them down. But most of the workers didn't have time to complete the sequence. Tom Wilson, a poll supervisor who attended the training, said he signed up to work in the polls because of problems in the last presidential race.

"I was appalled by what happened in Florida," he said. "I wanted to make sure that this time all votes would get counted."

But Wilson was concerned he did not have enough hands-on training with the machines to serve voters effectively.

"There was a lot of information, and I didn't get it all," he said. "Maybe my mind was wandering a bit."

He added, "I feel reasonably confident about myself, but not necessarily confident about every other supervisor. Given the level of training, there's still a lot of room for human error. But it does seem better than dangling chads."

That remains to be seen.

<continued - see links)

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/