E-voting machines remain vulnerable to attacks from people trying to steal elections and to glitches that incorrectly count votes, critics say as the U.S. prepares for Tuesday elections.
Critics, including noted computer security experts, have conducted a series of tests in recent months showing how hackers could access e-voting machines. And earlier this year, during primary elections, there were reports of technical problems at e-voting machines in several states.
“On balance, I’d say things haven’t gotten any better” since the 2004 elections, said Eugene Spafford, executive director of the Purdue University Center for Education and Research in Information Assurance and Security and chairman of the U.S. policy committee at the Association for Computing Machinery (ACM). “There’s a significant concern about the potential for error.”
This year, fellow ACM member Ed Felten, a professor of computer science and public affairs at Princeton University, released results of a series of experiments on popular e-voting machines sold by Diebold Election Systems and other vendors.
In an experiment published in September, Felten’s team showed that using a hotel minibar-type key card they could open the access panel doors to the memory cards where vote results are stored on Diebold AccuVote-TS voting machines. The key cards, used on office furniture, electronic equipment and jukeboxes, are widely available from office supply stores and Internet retailers, Felten said on his blog.
Felten called the use of a fixed encryption key a “rookie mistake” in a Sept. 18 blog post. Often, security experts have a hard time explaining e-voting problems to the general public, but the key card access is an example “anybody, expert or not, can appreciate,” he wrote.
Felten’s colleague opened the memory access panel using a 15-year-old access card from a VAX computer, Felten said.
“This seemed like a freakish coincidence — until we learned how common these keys are,” he wrote. “We bought several keys from an office furniture key shop — they open the voting machine too. We ordered another key on eBay from a jukebox supply shop.”
The locks are close to useless, he continued. “The bad guys don’t care whether you use encryption; they care whether they can read and modify your data,” Felten wrote. “Several people have asked whether this [blog] entry is a joke. Unfortunately, it is not a joke.”
Felten details more e-voting security problems in his blog.
A Diebold representative didn’t respond to a request for an interview, but the company issued a response to a study on Diebold vulnerabilities released Sept. 13 by Felten and two colleagues.
The e-voting machine Felten and his colleagues studies was two generations old and “to our knowledge, is not used anywhere in the country,” Diebold said in the statement. The researchers removed security tape, enclosure screws and security tags to get inside the machine, Diebold said.
“A virus was introduced to a machine that is never attached to a network,” Diebold said. “By any standard — academic or common sense — the study is unrealistic and inaccurate.”
Felten issued a response to the Diebold response, saying he stood by the study. He later noted that the Diebold machine’s manual contradicted Diebold’s claim that the machine wouldn’t be networked. “Results [of elections] are transferred … by means of a TCP/IP network connection, either directly, by modem or ethernet,” the manual said.
Defenders of e-voting machine vendors say touch-screen systems are far more accurate than the old paper ballots that raised questions in Florida after the 2000 presidential election. Some researchers seem more interested in creating controversy than in improving e-voting machines, said Michael Kerr, director of the Election Technology Council at the Information Technology Association of America (ITAA), a trade group representing e-voting machine vendors.
“Frankly, we’ve found these kinds of … attacks don’t yield a lot in the way of solid conclusions,” Kerr said. Instead of talking to the news media, researchers should work with vendors and the federal government on e-voting machine standards, he recommended.
Kerr also called the Felten studies unrealistic. “Take any computer out of its controlled surroundings, and it becomes vulnerable,” he said.
But e-voting critics say e-voting vendors have chosen to ignore continued problems, including ones that cropped up during primary elections:
— In a March primary, a programming error in a Hart InterCivic e-voting system created about 100,000 extra votes in Tarrant County, Texas.
— In September, Montgomery County, Maryland, turned away an unknown number of primary voters because election workers didn’t have access cards for Diebold machines.
— Nearly 10 percent of paper backups for Diebold e-voting machines in the May primary in Cuyahoga County, Ohio, were “either destroyed, blank, illegible, missing, taped together or otherwise compromised,” according to a report funded by the county board of commissioners.
Paper printouts used correctly in conjunction with e-voting machines can help ensure the machines aren’t tampered with or malfunctioning, e-voting critics say. But the printers have to work, of course, and states must require random audits to check the paper trail against the e-voting results, said Barbara Burt, director of the election reform program at Common Cause, the government watchdog.
About 39 percent of voters in Tuesday’s election will use e-voting machines, with the technology used in 37 states, according to a June Common Cause report, called Malfunction and Malfeasance. An estimated 1,050 U.S. counties will use e-voting machines next week, compared to about 320 in the November 2000 election.
Twenty-seven states require paper trail ballots used in conjunction with e-voting machines, but only 11 require audits comparing the paper with the electronic records, Burt said. In the 2004 election, only one state, Nevada, required paper-trail additions to its touch-screen voting machines.
So in two years, many states have made improvements, and the public has become more aware of potential e-voting problems, Burt said. “We’re much close to solving this problem … and that is a heartening thing,” she said.
On the other hand, improvements are still coming “too slowly,” she added. She’s not confident that most e-voting machines will correctly count the votes on Tuesday, she said.
“Part of it is we’re talking about complicated systems,” she said. “We’re asking a huge temporary work force that doesn’t have adequate training to manage it. It’s a recipe for disaster.”
