http://www

http://www.nytimes.com/2004/02/28/politics/campaign/28VOTE.html?pagewanted=1

February 28, 2004

Electronic Vote Faces Big Test of Its Security

By JOHN SCHWARTZ

KENNESAW, Ga. — Millions of voters in 10 states will cast ballots on Tuesday in the single biggest test so far of new touchscreen voting machines that have been billed as one of the best answers to the Florida election debacle of 2000. But many computer security experts worry that the machines could allow democracy to be hacked.

Here in Georgia, along with Maryland and California, an estimated six million people will be using machines from Diebold Election Systems, which has been the focus of the biggest controversy.

Independent studies have found flaws in Diebold's system that researchers say might allow hackers or corrupt insiders to reprogram the touchscreens or computers that tally the votes, without leaving a trace.

Without a paper record of every vote or some other way to verify voters' choices after the fact, these experts warn, elections may lose the public's trust.

"People complain about hanging chads," said Aviel D. Rubin, technical director of the Information Security Institute at Johns Hopkins University in Baltimore and a co-author of the first study that found security flaws in the Diebold machines. "But if an electronic machine has malicious code in it, it's possible that all of the chads are hanging — and then you have to question every vote."

The company has worked to fix all security issues that researchers have described, said David Bear, a Diebold spokesman. "Those things have not only already been addressed," he said, "they were implemented."

For more than a year, Diebold also has been fighting conspiracy theories popularized on the Internet that say its Jetsons-at-the-polling-place wares serve as cover for an ongoing effort to stuff electronic ballot boxes on behalf of the Republican Party.

Diebold executives, along with outside computer security experts who are seeking to fix the voting machines, say the conspiracy theories are bunk. The company's chief executive, Walden W. O'Dell, did not help matters, though, when he sent out a fund-raising letter for the Bush campaign last summer saying he was committed to "helping Ohio deliver its electoral votes for the president next year."

The conspiracy talk took off not long after the November 2002 election here, when two Georgia Democrats, Gov. Roy Barnes and Senator Max Cleland, were defeated in upsets.

It was the first time in the United States that new touchscreen machines from Diebold had been used in a statewide election. And several months before the election, the software on the machines received patches that had not been vetted by independent testing authorities.

But even the state's most ardent Democratic officials say that while the races were particularly ugly the vote counts were accurate.

"Listen, I have looked at this election every which way," said Bobby Kahn, who is chairman of the state's Democratic Party and who served as Governor Barnes's chief of staff. "I would love to say that it was hacked. That's just not the case."

Those who keep Georgia's election system running admit that the process two years ago, particularly the late patching, was flawed. "We did things some ways we'd rather not do if we had the time to do them in," said Britain Williams, a professor emeritus of computer science at Kennesaw State University and a consultant on voting to Georgia and other states.

But the Georgia Center for Election Systems, which he helped found here and which assists the Georgia Secretary of State, was working under a deadline, Election Day.

"We did not have the luxury of a calm schedule there, to put it mildly," he said.

The patched software code, he said, was inspected after the election and passed muster. "I'm happy to say that when we went back after the fact, we found that we had not made any bad decisions," he said.

Mr. Williams insisted that Georgia had addressed its shortcomings from that election and was continuing to improve the processes that will make voting run safely and smoothly.

The computer security experts — and an increasingly vocal group of skeptics, including presidential candidate Dennis J. Kucinich — say they are not so sure. They argue that electronic voting from any of the current systems on the market opens the door to mischief and election fraud going beyond anything seen in the world of paper ballots and mechanical voting machines.

In one exercise conducted for Maryland, computer researchers showed that with hand-held computers and quick fingers, they could open the touchscreen machines and even reprogram them to make votes for one candidate count for another.

In response to such concerns, California's secretary of state, Kevin Shelley, has demanded that all election system companies in his state add printers to their machines by the 2006 elections so that votes can be verified. Mr. Williams and some other states' voting officials oppose adding printers, arguing that the move is untested and would be expensive and that the printers would be a maintenance nightmare.

Proponents of the computer voting systems argue that the critics underestimate the degree to which good procedures can compensate for imperfect security. In Georgia, Mr. Williams said, individual precincts publish paper summaries of each machine's results, providing an audit function.

"We don't have to make the system a hundred percent secure," he said. "What we have to do is make the security bar so high that anybody will say, `To heck with that.' "

But Mr. Rubin, the principal author of the first Diebold study, argues that when the stakes are sufficiently high, people will go to extraordinary measures to beat a system. In an interview, he cited the Breeders' Cup betting scandal in 2002, when a programmer for the race track system exploited a hole for counting wagers to win a Pick Six bet worth $3 million. The programmer, Chris Harn, and two accomplices were sent to federal prison.

And Mr. Rubin and other experts point to a conspiracy among slot machine workers who rigged the devices with software patches that shifted the odds when a particular sequence of coins was entered. The fraud went undetected from 1992 until 1996, after the ringleader, Ronald Harris, won a $100,000 jackpot with an accomplice in Atlantic City. Mr. Harris, a gaming regulator at the time, was convicted of racketeering.

These are merely the cases that have come to light, Mr. Rubin and David L. Dill, a security expert at Stanford University, warned in a recent article on electronic voting in a technical journal, IEEE Security & Privacy.

"We know about the Harris case only because he was caught, but how many times have such crimes occurred without being detected?" they wrote. "We'll never know."

In a telephone interview, Mr. Dill said the same concerns apply to any voting system that does not allow a verifiable audit. "We don't have any way of proving the absence of fraud in any of these elections," he said.

In Georgia, officials say that despite occasional glitches voting has greatly improved in the 300 statewide and local elections that have been held since touchscreens were introduced. Undervoting — in which people go into a voting booth but do not cast a vote, usually because of some mistake or flaw — has dropped considerably with the use of touchscreens, they say, from nearly 5 percent in 1998 to less than 1 percent in 2002. And statewide polls suggest that most Georgians prefer the new voting system.

Mr. Williams and others at the Kennesaw State center acknowledge some frustration with the security flaws. But they attribute the problems to the fact that voting systems were, until recently, a cottage industry with software-writing practices more like those found in small business than in first-rank corporate environments.

Diebold Election Systems, a subsidiary of Diebold Inc. of North Canton, Ohio, was, until 2001, a stand-alone company known as Global Election Systems. Larger companies like Diebold swooped in to buy the smaller companies after the election fiasco in Florida put pressure on states to upgrade their systems.

And when Georgia went looking for voting machines, Mr. Williams said, it found that Diebold produced "the best system on the market."