THE PLAIN DEAER

Cleveland.com

THE PLAIN DEAER

Statewide electronic voting delayed

Julie Carr Smyth, Plain Dealer Bureau, 12/03/03

Plain Dealer reporter Mark Naymik contributed to this story.

Columbus - Ohio's sweeping review of electronic voting machines turned up so many potential security flaws in the systems that the state's top elections official has called off deploying them in March.

The detailed findings confirmed what academics, computer scientists and voter advocates across the country have said for months: Electronic voting systems are prime targets for manipulation by anyone from expert computer hackers to poll workers to individual voters.

Secretary of State Ken Blackwell, who ordered the review, said he and machine vendors are confident that all 57 problems identified by investigators can be fixed.

He said his decision to detail each security flaw in a public report, and then to assure each one is addressed, will provide vendors with a "Good Seal of Security Approval" and build confidence in electronic voting technology both in the state of Ohio and around the United States.

"Their cooperation and collaboration in this process, which I think was laudatory, actually wins them competitive advantage in the marketplace," he said.

Blackwell said he will seek a waiver under the Help America Vote Act to give Ohio until 2006 to implement the technology.

He hopes, however, that many of the problems will be addressed within as few as 60 days, allowing machines to be in place by next August's special election.

"When the voters of Ohio begin casting ballots on electronic devices, they will do so with full knowledge that the integrity of their voting system has been maintained, and that we have in place one of the nation's finest, fraud-prevention systems," Blackwell said.

Blackwell's two-pronged review of the vendor's security procedures, as well as their hardware and software, was conducted by Raleigh, N.C.-based InfoSentry and Compuware of Detroit. It cost $175,000.

Diebold Election Systems, the Ohio-based company that has taken the most heat for potential flaws in the security of its machines, was not singled out in the review. The machines of the three other companies selected during Ohio's extensive certification process - Sequoia, Hart InterCivic, and Election Systems & Software - were also found to carry risks.

Diebold led the pack in the number of serious flaws in its systems, but the technology of the other companies also was found to be riddled with problems.

The review confirmed a laundry list of security flaws that some observers had tried to dismiss as merely alarmist. Among the findings:

Voter "smart cards" inserted in the machines could be deciphered or counterfeited and used to cast illegal votes.

Poll supervisors' passwords could be easily guessed and used to manipulate election results or end polling early. Diebold, for example, has the same password - 1111 - nationwide, and investigators were able to guess it in two minutes.

Election results could be unencrypted and intercepted during transmission.

Many scenarios exist in which someone without the proper authority could enter the systems - with the flick of a switch or the use of a laptop PC - and change results.

Voting-machine technology guru Bev Harris of blackboxvoting.org praised Blackwell for releasing such a comprehensive study. She said about two-thirds of a similar review conducted on Diebold technology in Maryland was blacked out before it was released.

"I think this is a really impressive act of leadership," Harris said. She said opening the review process to average citizens will go a long way to improve voter confidence in the technology.

But she pointed out that Blackwell had already certified all the machines now discovered to be risky.

"Obviously, the certification system for these machines is broken," she said.

Six counties in Ohio already use machines studied in the review: Lake, Mahoning, Franklin, Knox, Pickaway and Ross. Blackwell said he is confident elections in those counties have been fair, and he is not interested in disrupting polling activities there.

Counties close to selecting a vendor must wait for a follow-up review and any recertifications to take place before picking their machines. While they wait, Ohio counties will be able to buy optical-scan machines that were not subject to the security review, Blackwell said.

Michael Vu, Cuyahoga County's elections director, said the county will proceed with its plans to buy electronic voting machines by Jan. 15.

"We are going to follow the same game plan and make sure that whatever [vendor] is selected answer and have a solution to any risks that the secretary of state has outlined," Vu said. Cuyahoga's elections board is the largest in the state and wants to buy 6,000 machines. It has reviewed vendors for more than a year and hopes to use the machines next year.

All four vendors embraced the security report and indicated they are well on the way to addressing many of the flaws. Blackwell said machine makers are as interested as anyone in restoring voter confidence to the new technology.

"There's a national will to update the voting technology of this nation, but to do it in a professional and secure way," he said.

FAIR USE NOTICE

This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of political, democracy, scientific, and social justice issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml. If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.