Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Computer Voting Is Open to Easy Fraud, Experts Say
New York Times ^ | 7/24/03 | John Schwartz

Posted on 07/24/2003 12:15:16 PM PDT by csprof

Computer Voting Is Open to Easy Fraud, Experts Say

By JOHN SCHWARTZ

The software that runs many high-tech voting machines contains serious flaws that would allow voters to cast extra votes and permit poll workers to alter ballots without being detected, computer security researchers said yesterday.

"We found some stunning, stunning flaws," said Aviel D. Rubin, technical director of the Information Security Institute at Johns Hopkins University, who led a team that examined the software from Diebold Election Systems, which has about 33,000 voting machines operating in the United States.

The systems, in which voters are given computer-chip-bearing smart cards to operate the machines, could be tricked by anyone with $100 worth of computer equipment, said Adam Stubblefield, a co-author of the paper.

"With what we found, practically anyone in the country ? from a teenager on up ? could produce these smart cards that could allow someone to vote as many times as they like," Mr. Stubblefield said.

The software was initially obtained by critics of electronic voting, who discovered it on a Diebold Internet site in January. This is the first review of the software by recognized computer security experts.

A spokesman for Diebold, Joe Richardson, said the company could not comment in detail until it had seen the full report. He said that the software on the site was "about a year old" and that "if there were problems with it, the code could have been rectified or changed" since then. The company, he said, puts its software through rigorous testing.

"We're constantly improving it so the technology we have 10 years from now will be better than what we have today," Mr. Richardson said. "We're always open to anything that can improve our systems."

Another co-author of the paper, Tadayoshi Kohno, said it was unlikely that the company had plugged all of the holes they discovered.

"There is no easy fix," Mr. Kohno said.

The move to electronic voting, which intensified after the troubled Florida presidential balloting in 2000, has been a source of controversy among security researchers. They argue that the companies should open their software to public review to be sure it operates properly.

Mr. Richardson of Diebold said the company's voting-machine source code, the basis of its computer program, had been certified by an independent testing group. Outsiders might want more access, he said, but "we don't feel it's necessary to turn it over to everyone who asks to see it, because it is proprietary."

Diebold is one of the most successful companies in this field. Georgia and Maryland are among its clients, as are many counties around the country. The Maryland contract, announced this month, is worth $56 million.

Diebold, based in North Canton, Ohio, is best known as a maker of automated teller machines. The company acquired Global Election Systems last year and renamed it Diebold Election Systems. Last year the election unit contributed more than $110 million in sales to the company's $2 billion in revenue.

As an industry leader, Diebold has been the focus of much of the controversy over high-tech voting. Some people, in comments widely circulated on the Internet, contend that the company's software has been designed to allow voter fraud. Mr. Rubin called such assertions "ludicrous" and said the software's flaws showed the hallmarks of poor design, not subterfuge.

The list of flaws in the Diebold software is long, according to the paper, which is online at avirubin.com/vote.pdf. Among other things, the researchers said, ballots could be altered by anyone with access to a machine, so that a voter might think he is casting a ballot for one candidate while the vote is recorded for an opponent.

The kind of scrutiny that the researchers applied to the Diebold software would turn up flaws in all but the most rigorously produced software, Mr. Stubblefield said. But the standards must be as high as the stakes, he said.

"This isn't the code for a vending machine," he said. "This is the code that protects our democracy."

Still, things that seem troubling in coding may not be as big a problem in the real world, Mr. Richardson said. For example, counties restrict access to the voting machines before and after elections, he said. While the researchers "are all experts at writing code, they may not have a full understanding of how elections are run," he said.

But Douglas W. Jones, an associate professor of computer science at the University of Iowa, said he was shocked to discover flaws cited in Mr. Rubin's paper that he had mentioned to the system's developers about five years ago as a state elections official.

"To find that such flaws have not been corrected in half a decade is awful," Professor Jones said.

Peter G. Neumann, an expert in computer security at SRI International, said the Diebold code was "just the tip of the iceberg" of problems with electronic voting systems.

"This is an iceberg that needs to be hacked at a good bit," Mr. Neumann said, "so this is a step forward."


TOPICS: Front Page News; News/Current Events; Politics/Elections
KEYWORDS: computersecurity; elections; votefraud; votingmachines
Navigation: use the links below to view more comments.
first 1-2021-4041-49 next last

1 posted on 07/24/2003 12:15:16 PM PDT by csprof
[ Post Reply | Private Reply | View Replies]

To: csprof
What a surprise?
2 posted on 07/24/2003 12:15:35 PM PDT by nickcarraway
[ Post Reply | Private Reply | To 1 | View Replies]

To: csprof
Well, if we ran it on Linux instead....

HEHE
3 posted on 07/24/2003 12:17:10 PM PDT by smith288 (Everyone in this room is now dumber for having listened to it.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: csprof
"This isn't the code for a vending machine," he said. "This is the code that protects our democracy."

"This isn't the code for a vending machine," he said. "This is the code that protects our democracy."

"This isn't the code for a vending machine," he said. "This is the code that protects our democracy."

"This isn't the code for a vending machine," he said. "This is the code that protects our democracy."

BINGO this can not be said enough times!
4 posted on 07/24/2003 12:21:46 PM PDT by adam_az (This space for rent.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: csprof
The flaws are architectural, not just programming errors.

There is simply no way to do this with sufficient audit trail, given the stakes!

The risk far outweighs the benefit.
5 posted on 07/24/2003 12:24:13 PM PDT by adam_az (This space for rent.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: adam_az
"This isn't the code for a vending machine," he said. "This is the code that protects our democracy." >/i>

I would rather say "This is the code that protects our republic."

6 posted on 07/24/2003 12:24:49 PM PDT by w1andsodidwe (recycling is a waste of time for hardworking taxpayers, hire the homeless to sort garbage)
[ Post Reply | Private Reply | To 4 | View Replies]

To: csprof
Gee, ya think? At first I was happy to see that the liberals were finally getting the message, but I believe this is more likely setting up a foundatin to say that Bush really DIDN'T WIN (again) in 04. They won't be happy until they achieve civil war. IMHO
7 posted on 07/24/2003 12:26:59 PM PDT by Libertina
[ Post Reply | Private Reply | To 1 | View Replies]

To: csprof
Of course, this is why the left proposes internet voting. Look how well motor voter registration and mail in voting worked.
8 posted on 07/24/2003 12:27:12 PM PDT by OldFriend ((Dems inhabit a parallel universe))
[ Post Reply | Private Reply | To 1 | View Replies]

To: csprof
And GA. went statewide with electronic voting last year
9 posted on 07/24/2003 12:28:09 PM PDT by y2k_free_radical (i)
[ Post Reply | Private Reply | To 1 | View Replies]

To: csprof
Riight.

And we can get several THOUSAND PROGRAMMERS TO GO ALONG WITH THIS.

I am so over conspiracies. I really am.

10 posted on 07/24/2003 12:28:20 PM PDT by mabelkitty
[ Post Reply | Private Reply | To 1 | View Replies]

To: y2k_free_radical
So? West Virginia didn't, and boy-howdy what an upset that was!
11 posted on 07/24/2003 12:29:16 PM PDT by mabelkitty
[ Post Reply | Private Reply | To 9 | View Replies]

To: csprof
What is the difference between voting on line and voting over the phone?
12 posted on 07/24/2003 12:29:31 PM PDT by steve in DC
[ Post Reply | Private Reply | To 1 | View Replies]

To: mabelkitty
And we can get several THOUSAND PROGRAMMERS TO GO ALONG WITH THIS.

Huh?

13 posted on 07/24/2003 12:31:54 PM PDT by TheOtherOne
[ Post Reply | Private Reply | To 10 | View Replies]

To: csprof
Here's a pertinent piece I wrote in December 2002.

Ballot Transparency to Eliminate Fraudulent Counts

Voters have read and seen all sorts of assurances that the new touch-screen balloting systems are fool proof, tamper proof, and nothing to worry about. Many, including those who are familiar with the technology, are not at all reassured.

The concerns are on two levels. First, from the perspective of those not familiar with the technology, it is a device whose inner workings and inherent security they cannot possibly understand. If they can't understand it, how can they be assured that it is honest? Second, those who DO understand signal processing, software, and communications technology know that is far too easy to defraud the system in a way that would be irreversible and undetected. Either way, touch-screens are a loser.

Now, as users of ATMs, cell phones, the Internet, and other electronic media, it might at first seem a little strange that so many people have such concerns. Upon further consideration however, the key distinctions between voting and a service handling mere money become obvious:

  • Customers have a choice of banking vendors. Citizens don’t have a choice of governments.
  • There is a major difference between mere financial assets at risk, and a risk to individual liberty.

Governments are monopolies. One can go down the street to another bank and take the offending bank to court. An evil government can land you in prison (or worse) because they ARE the court. The stakes associated with voter fraud are far higher than with an ATM and so is the temptation to defraud the system.

Necessary and Sufficient

So, given that we are still smarting over hanging chads, what are the alternatives? Let’s begin to answer that question by looking at the requirements.

  1. The system has to be simple and familiar to the voter.
  2. There must be NO SOFTWARE involved, because it is too easy to change.
  3. The system must be capable of completely manual operation.
  4. The count must be capable of being validated by all parties involved and each count must be separate and distinct.
  5. There must be no possibility to count a ballot twice or "lose" counts along the way.

Electronic sensors and interlocks are permissible as long as they can be duplicated manually.

Here is my proposal for a system that meets these requirements:

At the Polling Place

  1. Ballot boxes are preprinted, serialized and tracked by a physical chain-of-custody document.
  2. The box must be destroyed to be opened.
  3. The box is locked under a ballot receiving machine.
  4. The ballot receiving machine at the polling place reads the box number and records it on the ballot in Scantron form on the back side (fill in the dots). Note that one could do the same manually under observation.
  5. The voter completes the standard optical ballot and delivers it to the receiving machine.
  6. The machine prints the box number on the back of every ballot it accepts with a Scantron dot pattern. This too can be both read and performed manually. Then a dry film coating (basically an adhesive or heat activated tape) is applied to the ballot on the way into the sealed ballot box.
  7. The coating is transparent but reveals a "watermark" when exposed to UV light. The ballot is now tamperproof.
  8. The receiving machine totals the number of ballots in every box. The total is read manually and a receipt is delivered to each political party and candidate detailing the box numbers, precincts, and tally of ballots in every uniquely identified box.
  9. Representatives of all Parties check the box tallies before the boxes leave the polling place.
  10. If they agree on its accuracy, they record the ballot tally on the box using Scantron dots, initial it, and put a similar dry film over the number.

Note that the Scantron pattern is the perfect bridge between human and machine. It is readable by people for manual counting but does not require an optical character reading machine that needs cameras or software.

Both parties thus know the EXACT number of ballots cast in every precinct and in every box. Every box is signed. All parties can thus run check sums at the processing centers and verify the chain-of-custody.

At the Ballot Counting Center

  1. The total of the ballots on the box is read by the counting machine. It would be very similar to the existing optical reader and might only require very minor modifications.
  2. The counting machine reads the box code for precinct and ballot count or accepts that data input from a keypad read off the box by at least two witnesses with keys. The machine will not count the ballots without the UV visible watermark on the ballot over the votes AND matching precinct codes on the box and the ballot.
  3. The machine halts and will not display the vote totals if the number of ballots recorded on the box and the number it counts do not match.
  4. The ballots leave the counting machine get a NEW ballot box. Counted ballots are stamped again with output box number, recoated, and then deposited into the new sealed ballot box.
  5. The new coating was applied in case of a recount, thus each ballot thus maintains a recount history.

14 posted on 07/24/2003 12:36:13 PM PDT by Carry_Okie (A faith in Justice, none in "fairness")
[ Post Reply | Private Reply | To 1 | View Replies]

To: TheOtherOne
These machines are tested before they are sold to a municipality. They are then tested again. They are tested each and every year. Specs are test run even before the code is written.

Tell me again how the Holocaust never happened, because the amount of subterfuge required to pull it off is about the same.
15 posted on 07/24/2003 12:36:28 PM PDT by mabelkitty
[ Post Reply | Private Reply | To 13 | View Replies]

To: mabelkitty
I'm not a computer geek, but I do know hackers can gather up several hundred computers tie them all together and crash web sites, and you dont even know they used your computer. Do you really think they couldnt hack a voting site?
16 posted on 07/24/2003 12:40:36 PM PDT by sgtbono2002
[ Post Reply | Private Reply | To 15 | View Replies]

To: csprof
D'OH!
17 posted on 07/24/2003 12:45:29 PM PDT by Publius6961 (Californians are as dumm as a sack of rocks)
[ Post Reply | Private Reply | To 1 | View Replies]

To: sgtbono2002
It's isn't that I don't believe the act is possible - I don't believe for one minute that anybody, especially hackers!, could keep their mouths shut regarding any such conspiracy.

Human nature. No way.
18 posted on 07/24/2003 12:49:43 PM PDT by mabelkitty
[ Post Reply | Private Reply | To 16 | View Replies]

To: conspiratoristo; Las Vegas Dave; boxerblues; dr.j'sfirst; dedavies; estrogen; His_law_is_liberty; ..
Nice to know we have these in Lake County.
19 posted on 07/24/2003 12:50:14 PM PDT by Pontiac
[ Post Reply | Private Reply | To 15 | View Replies]

To: mabelkitty
Small time hackers aren't a worry however someone well funded like the Chinese government could spend $300 million to come up with a clever hack. The Chinese will be voting for Democrats. Hmmm, I wonder why.
20 posted on 07/24/2003 12:58:19 PM PDT by Reeses
[ Post Reply | Private Reply | To 18 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-49 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson