http://www.washingtonpost.com/wp-dyn/articles/A42085-2003Aug10.htmlJolted Over Electronic Voting Report's Security Warning Shakes Some States' Trust By Brigid Schulte Washington Post Staff Writer Monday, August 11, 2003; Page A01
The Virginia State Board of Elections had a seemingly simple task before it: Certify an upgrade to the state's electronic voting machines. But with a recent report by Johns Hopkins University computer scientists warning that the system's software could easily be hacked into and election results tampered with, the once perfunctory vote now seemed to carry the weight of democracy and the people's trust along with it. An outside consultant assured the three-member panel recently that the report was nonsense. "I hope you're right," Chairman Michael G. Brown said, taking a leap of faith and approving Diebold Election System's upgrades. "Because when they get ready to hang the three of us in effigy, you won't be here."
Since being released two weeks ago, the Hopkins report has sent shock waves across the country. Some states have backed away from purchasing any kind of electronic voting machine, despite a new federal law that has created a gold rush by allocating billions to buy the machines and requiring all states, as well as the District of Columbia, to replace antiquated voting equipment by 2006. "The rush to buy equipment this year or next year just doesn't make sense to us anymore," said Cory Fong, North Dakota's deputy secretary of state. Maryland officials, who signed a $55.6 million agreement with Diebold for 11,000 touch-screen voting machines just days before the Hopkins report came out, have asked an international computer security firm to review the system's security. If they don't like what they find, officials have said, the sale will be off.
The report has brought square into the mainstream an obscure but increasingly nasty debate between about 900 computer scientists, who warn that these machines are untrustworthy, and state and local election officials and machine manufacturers, who insist that they are reliable. "The computer scientists are saying, 'The machinery you vote on is inaccurate and could be threatened; therefore, don't go. Your vote doesn't mean anything,' " said Penelope Bonsall, director of the Office of Election Administration at the Federal Election Commission. "That negative perception takes years to turn around." Still, even some advocates of the new system are thinking twice. The Leadership Conference on Civil Rights, which pushed for electronic machines to help visually impaired and disabled voters, says the Hopkins report has given them pause. They're calling on President Bush and members of Congress to convene a forum of experts to hash it out. "We have become concerned about these questions of ballot security," said Deputy Director Nancy Zirkin. Her group and others supported passage of the $3.9 billion Help America Vote Act in November. Of the $1.5 billion appropriated so far to replace old machines, rewrite outdated equipment standards, encourage research to improve technology, train poll workers and update registration lists, about half has been released. And that has all gone toward buying electronic machines, which cost as much as $4,000 a piece.
<snip>
Mischelle Townsend, registrar of voters in Riverside County, Calif., said the electronic machines have saved as much as $600,000 in paper every election and, from 1996 to 2000, helped increase voter turnout to 72 percent, up 10 percent. Any tampering would be caught, she said, in the extensive pre- and post-election testing. The best defense of the machines, she said, is that there has been no documented case of voter fraud. "If the computer scientists had one valid point, one, then why hasn't one incident of what they're saying occurred in all of these elections?" But past is not prologue, historians and political scientists warn. <Snip>
Computer scientists note that computers are unreliable, subject to bugs, glitches and hiccups as well as the more remote possibility of outright hacking and code tampering.They warn of a hostile programmer inserting what they call Trojan horses, Easter eggs or back doors to predetermine the outcome. They point to a number of errors in the 2002 elections, from poll workers -- like some in Montgomery County -- unfamiliar with how long it takes to warm up the machines to mysterious vote tallies. In Georgia, where Diebold machines are used, a handful of voters found that when they pressed the screen to vote for one candidate, the machine registered a vote for the opponent. Technicians were called in and the problem was fixed, state officials have said. In Alabama, a computer glitch caused a 7,000-vote error and clouded the outcome of the gubernatorial race for two weeks. But more critically, computer scientists charge that the software that runs the machines is riddled with security flaws. "Whoever certified that code as secure should be fired," said Avi Rubin, technical director of the Information Security Institute at Johns Hopkins and co-author of the report.
<snip>
In the end, however, with experts still at loggerheads and the 2004 election looming, voters are left wondering which side to trust. Howard A. Denis (R-Potomac-Bethesda), a Montgomery County Council member, was so shaken by the Hopkins report that he is considering asking for a waiver to stop using electronic machines. "The more I look into this, the more serious I think it is," he said.