HIGH-TECH VOTING MACHINES VULNERABLE TO SHENANIGANS
Saturday, August 9, 2003
Anyone who uses a computer for any length of time learns -- usually painfully -- to make frequent backups and to save them in a secure location.
As the nation flees in terror from chads (hanging and dimpled) to voting machines that are, in essence, nothing but computers, is enough being done to ensure that they are accurate and secure? Not nearly enough, say a growing number of computer scientists.
David Dill, professor of computer science at Stanford University, is particularly worried by paperless touch-screen machines, which, he says ``pose an unacceptable risk that errors or deliberate election-rigging will go undetected, since they do not provide a way for the voters to verify independently that the machine correctly records and counts the votes they have cast.''
Touch-screen machines don't have to be paperless. Wired magazine's online site, which has been following the story closely, reported that Diebold Election Systems ``included ballot-printing capability in more than 300,000 voting machines it sold to Brazil.'' And a company spokesman said it would offer that option to U.S. customers if there were demand for it.
Dill and his colleagues are crusading to create demand. On the Web site verifiedvoting.org, they have posted a ``Resolution on Electronic Voting,'' which has been endorsed by more than a thousand people in the technology field -- and exactly 10 elected officials, which is not encouraging.
Computerized voting equipment, the resolution says, ``is inherently subject to programming error, equipment malfunction, and malicious tampering.'' It urges that no system be adopted unless it provides an audit trail that the voter can verify before the vote is submitted and that cannot easily be altered afterward -- a paper ballot, for an obvious example. The resolution's authors also recommend that the paper ballots, not the computer total, be the ultimate authority if a result is questioned, and that such manual recounts be conducted often enough to make it likely that any accidental or deliberate inaccuracies will be caught.
Diebold has been a particular focus of security concerns. On Thursday, Wired reported that someone had come forward with 1.8 gigabytes of files taken in March from a supposedly secure part of the company's ``staff Web site,'' including thousands of company messages and a database of bugs in the software.
That follows stories last month that researchers at Johns Hopkins and Rice universities had found bugs in Diebold software that would ``allow voters and poll workers to cast multiple ballots, switch others' votes, or shut down an election early.'' They downloaded the software in January from a Diebold site with lax security, even though as long ago as May 2000 a manager had warned about putting files intended for customers out where anybody could get them.
Diebold's director of communications, John Kristoff, told Wired, ``Thus far we haven't see anything that would be of use to anyone trying to affect the outcome of an election.''
But changing the outcome of an election is not the only thing to worry about. Sabotaging an election might be a tempting target. As the proliferation of worms and viruses has demonstrated, the people who want to break things tend to run a little ahead of the people who want them to work.
Hey, it wouldn't even have to be Diebold's problem. These machines are running Windows. Ever had it happen that the screen freezes up and the task manager says ``application not responding'' and before you click on ``End task'' it warns you that all unsaved information will be lost?
Imagine that two minutes before the polls close on Election Day 2004, that happens to every touch-screen machine coast to coast. We'd be longing for something as simple and low-tech as chads.
After Florida in 2000, Congress mandated that states replace or supplement punch-card voting machines by 2004. Unfortunately, the standards the new machines will have to meet are not yet available, and Colorado is asking for a two-year extension. Secretary of State Donetta Davidson is recommending that counties not purchase new machines until they know whether the equipment will be acceptable under the federal regulations. If it isn't, the state won't get reimbursement from the federal government for what has been spent.
The authors of the resolution observe, ``Unfortunately, if available funds are spent on fatally flawed 'high-tech' voting equipment, it will be a long time before there is more funding to adopt truly superior voting technology.''
Lack of a low-tech record that guarantees accuracy is about as fatal a flaw as I can think of.