March 12, 2004

Baltimore Sun: An Insider's View of Vote Vulnerability

I wrote one of the first articles published on the
dangers of electronic voting, back in Jan. '01, in the
aftermath of the Theft of the 2000 Presidential
Election in Fraudida...Avi Rubin and his colleagues
are doing an extraordinary service to the US
electorate...You must share this story with others...

Avi Rubin, Baltimore Sun: I worked as an election
judge during the March 2 primary in Baltimore County.
It was the best thing I could have done to learn about
election security. While some of my previous security
concerns appeared less threatening given the
procedures we followed, others seemed worse.

Thwart the Theft of a Second Presidential Election,
Show Up for Democracy in 2004: Defeat Bush (again!)


http://www.commondreams.org/views04/0310-02.htm

Published on Wednesday, March 10, 2004 by the
Baltimore Sun
An Insider's View of Vote Vulnerability
by Avi Rubin

I BECAME EMBROILED in the national debate about
electronic voting security when I co-authored a report
exposing serious security flaws in Diebold Inc.'s
AccuVote-TS machines.

The day before we released our report in July,
Maryland officials announced that they were buying
$55.6 million worth of these machines. Rather than
asking me to work with them, which I offered to do
several times, state officials immediately targeted me
with criticism and discounted my findings. They
continue to do so despite three subsequent studies,
two of them paid for by the state, which confirmed our
initial findings.

The main problem with electronic voting machines that
do not provide voter-verifiable paper ballots is that
they are entirely controlled by software.

I worked as an election judge during the March 2
primary in Baltimore County. It was the best thing I
could have done to learn about election security.
While some of my previous security concerns appeared
less threatening given the procedures we followed,
others seemed worse.

My July report suggested that a voter could create a
bogus voter access card, or smart card, in a garage
and cast multiple votes. The procedures in place at
the polling site most likely would catch this. We
counted all of the voter authorization cards every
hour and compared them with the number of votes
counted by the machine. We also counted the totals on
the machines hourly and compared them with the totals
in the registration roster that we used to check in
the voters.

If any voter managed to vote multiple times, it would
be detected within an hour. I have no idea what we
would do in that situation, but we'd have a serious
problem on our hands. But at least we would know it.

I was amazed at the number of counts and pieces of
paper that we shuffled throughout the day in what was
billed as a paperless electronic election.

But the way votes are tallied at the poll site and
sent electronically to the central tallying location
for all the precincts is much more vulnerable than I
previously thought.

Each of the voting machines at the precinct contains a
memory card on which votes are tallied.

When the polls close, all of the cards are removed and
loaded, one at a time, onto one of the machines. This
machine is then connected to a modem, and the vote
tallies are transmitted to a central server at the
Board of Elections.

My research team observed that the encryption of the
modem connection was carried out incorrectly in the
Diebold machines so that anyone able to tap the phone
lines would be able to tamper with the tally and
change votes. In my precinct, the phone line didn't
work; the memory cards were taken to the Board of
Elections office by the chief judges.

Software is highly complex. I have observed that large
software packages are so complex that there is no way
to successfully examine a program for malicious
behavior. So if voting machine vendors wanted, they
could control the outcome of the election with no one
ever knowing that the results had been programmed into
the voting machines.

Further, there are well-funded foreign powers that
would not hesitate to bribe or threaten a programmer
to rig the machines so that the outcome of the
election went a certain way.

After my experience as a judge, I still believe that
the Diebold machines, and ones like them from other
vendors, represent a major threat to our democracy. We
have put our trust in the outcome of our elections
into the hands of a few companies (Ohio-based Diebold
Election Systems, Sequoia Voting Systems, which is
based in California, and Election Systems and Software
in Omaha, Neb.).

They are in a position to control the outcomes of our
elections, and there's no way anyone can know if they,
or someone working for them, did something
underhanded. And meaningful recounts are impossible
with these machines.

Voter-verifiable paper ballots could counteract these
problems.

We have great people working in the trenches and on
the front lines on election days. They are ordinary
people, mostly elderly, who believe in our country and
our democracy and work like crazy for 16 hours,
starting at 6 a.m., to try to keep the mechanics of
our elections running smoothly. It's a shame that the
e-voting tidal wave has a near-hypnotic effect on
these judges and almost all voters.

I am much better equipped after having been a judge to
argue against e-voting machines. But I also greatly
appreciate how hard it's going to be to fight them
because of how much voters and election officials love
them.

My biggest fear is that Super Tuesday on March 2 will
be viewed as a big success. But the more electronic
voting is viewed as successful, the more it will be
adopted and the greater will be the risk when someone
decides to exploit the weaknesses of these systems.

Avi Rubin, a computer science professor at the Johns
Hopkins University specializing in security,
cryptography and e-voting, is technical director of
the school's Information Security Institute.

Copyright 2004, The Baltimore Sun

###

Printer Friendly Version E-Mail This Article

FAIR USE NOTICE
This site contains copyrighted material the use of
which has not always been specifically authorized by
the copyright owner. We are making such material
available in our efforts to advance understanding of
environmental, political, human rights, economic,
democracy, scientific, and social justice issues, etc.
We believe this constitutes a 'fair use' of any such
copyrighted material as provided for in section 107 of
the US Copyright Law. In accordance with Title 17
U.S.C. Section 107, the material on this site is
distributed without profit to those who have expressed
a prior interest in receiving the included information
for research and educational purposes. For more
information go to:
http://www.law.cornell.edu/uscode/17/107.shtml. If you
wish to use copyrighted material from this site for
purposes of your own that go beyond 'fair use', you
must obtain permission from the copyright owner.

Posted by richard at March 12, 2004 03:01 PM