http://www.newsmax.com/archives/articles/2004/2/5/164440.shtml
February
6, 2004
The Potential for Voting
Machine Fraud
By
Charles R. Smith
Electronic Democracy or
Disaster?
There
is an old proverb in data processing: To err is human. To really mess things up
you need a computer.
The
flawed 2000 presidential election in Florida unleashed a sudden and urgent
effort to reform the U.S. voting system. At the forefront of this effort are
businesses offering touch screen computer voting and Internet voting systems to
replace punch cards and physical paper ballots.
Yet
three separate reports issued by computer security experts have determined that
electronic voting is a risky business. In fact, the most recent report issued
in Maryland showed that the leading touch screen voting system offered by
Ohio-based Diebold Corp. was vulnerable to tampering.
"We
were genuinely surprised at the basic level of the exploits that allowed
tampering," said Dr. Wertheimer, a former employee for the National Security
Agency now working as a director at Raba Technologies
LLC, a Maryland-based security consulting firm.
Raba teams apparently found it easy to hack into the
Maryland Touch Screen voting system built by Diebold.
Raba's report on hacking the Diebold
voting machines noted that the system was insecure and required some basic
changes before it could be reliable enough for a general election.
"The
State of Maryland election system, as configured at the time of this report,
contains considerable security risks that can cause moderate to severe
disruption in an election," noted the report.
"Further
steps could be taken to ensure a safe general election in November. ... Ultimately, we feel there will be a need for
paper receipts, at least in a limited fashion," stated the report.
Raba's report stated that Diebold
election software has to be rewritten to meet industry security standards and
called for limited use of paper receipts to help verify voting. Raba's report also stated that the testers had expected a
higher degree of security in the design of the machines.
Diebold Safe and Secure
Amazingly,
Diebold officials hailed the report as proof that –
if not tampered with – their election machines should work perfectly.
"The
Raba report in Maryland findings were similar to the
report issued by SAIC," stated David Bear, a spokesman for Diebold.
"The
software issues identified by the SAIC report have been implemented and used in
the most recent elections. The Raba report did
identify security issues for the State Board of Elections in Maryland on
physical barriers to enhance security, which the state board is
addressing," said Bear.
"The
main thing out of the Raba report is that the voters
of Maryland should be comfortable with the safety, security and accuracy of the
election for the March primary," stated Bear.
In
contrast, some Maryland voters do not see the Raba
report as proof positive that Diebold's election
systems work.
"Diebold touch screen voting machines have been technically
evaluated three times by Johns Hopkins University, SAIC and Raba
working for the Maryland's Department of Legislative Services and each time
they were given a failing grade," stated Linda Schade
of the Campaign for Verifiable Voting.
"An
expert witness testified that it is 'more secure to buy a book on Amazon than
to vote in Maryland,'" noted Schade.
"We
agree with the Raba report that paper ballots are
necessary," stated Schade.
Schade noted that cost and objections from Diebold should not be a factor in demanding a voter paper
trail. "Four California counties have received upgrades to Diebold systems to provide verified paper ballot audit
trails for no charge. In fact, the State of Maryland appears to have paid 76%
more for each machine than California," concluded Schade.
Fix
the Vote
The
Raba report may not cover all the security risks
previously exposed. According to Schade, Maryland officials failed to review the potential
for an insider attack or a malfunction in the software. A previous review by
Johns Hopkins warned that an insider attack was a "considerable"
threat.
"If
any party introduces flaws into the voting system software or takes advantage
of pre-existing flaws, then the results of the election cannot be assured to
accurately reflect the votes legally cast by the voters," noted the
Hopkins report.
"It
would be far easier for someone to fix an election by modifying the software at
Diebold's installation or elsewhere before it is
delivered to election offices to install on all the machines," concluded
the Johns Hopkins report.
U.S.
voters are not the only ones to voice their dissatisfaction with Diebold and ballot less elections. Canadian voters are also
using Touch Screen systems and have found the lack of audit trails to be very
disturbing. "Who is running these companies? Do we really know where the
money and computer expertise is coming from?" asked Brent Beleskey, Director of the Canadian based International
Voters Coalition.
"If
people like Saddam Hussein and the Colombian Drug Cartel and friends, have the
technical means to undermined the free worlds election
process, why should we accommodate them?" asked Beleskey.
"The
Deputy Commissioner of Elections of the USA, Bill Kimberling declared on June
7, 2000, at an annual meeting of the Maryland Association of Elected Officials,
called Internet voting and ballot less elections 'a breeding ground for fraud'
and a business-driven threat to democracy. In addition, the sanctity of the
secret vote would also be in danger," said Beleskey.
"We
must maintain and move vigorously to totally expose this blatant attack on our
priceless due process, our freedoms and our liberties," concluded Beleskey.
Felons
Inside
There
is evidence that possible tampering and criminal intent may be more than just
an issue. Voter advocate Bev Harris recently charged
that managers of a Diebold subsidiary included a
cocaine trafficker, a man who conducted fraudulent stock transactions, and a
programmer jailed for falsifying computer records.
According
to Harris, at least five convicted felons secured management positions at a
manufacturer of electronic voting machines. One top programmer, Jeffrey Dean,
wrote and maintained proprietary code used to count hundreds of thousands of
votes as senior vice president of Global Election Systems Inc., which was later
purchased by Diebold, in January 2002.
According
to court records, Dean served time for stealing money and tampering with
computer files in a scheme that "involved a high degree of sophistication
and planning."
Diebold officials stated that the company now
performs background checks on all managers and programmers. A Diebold spokesman publicly announced that Dean left at the
time of the 2002 acquisition.
"There
are dozens of stories about computerized voting machines producing erroneous
results. Votes mysteriously appear or disappear. Votes cast for one person are
credited to another," wrote Bruce Schneier,
author and head of California-based Counterpane Internet Security, Inc.
"Here
are two from the most recent election: One candidate in Virginia found that the
computerized election machines failed to register votes for her, and in fact
subtracted a vote for her, in about 'one out of a hundred tries.' And in
Indiana, 5,352 voters in a district of 19,000 managed to cast 144,000 ballots
on a computerized machine," note Schneier.
Fallible
and Unreliable
"Computers
are fallible and software is unreliable; election machines are no different
than your home computer," wrote Schneier.
"Even more frightening than software mistakes is the potential for fraud.
The companies producing voting machine software use poor computer-security
practices. They leave sensitive code unprotected on networks. They install
patches and updates without proper security auditing," noted Schneier.
Schneier also said that many of the election
contractors use legal tactics to punish those who discover their flaws.
"They
use the law to prohibit public scrutiny of their practices. When damning memos
from Diebold became public, the company sued to
suppress them. Given these shoddy security practices, what confidence do we
have that someone didn't break into the company's network and modify the voting
software?" asked Schneier.
Paper
Ballots
"My
suggestion is simple, and it's one echoed by many computer security
researchers. All computerized voting machines need a paper audit trail. Build
any computerized machine you want. Have it work any way you want. The voter
votes on it, and when he's done the machine prints out a paper receipt, much
like an ATM does. The receipt is the voter's real ballot. He looks it over, and
then drops it into a ballot box. The ballot box contains the official votes,
which are used for any recount. The voting machine has the quick initial
tally."
"This
system isn't perfect, and doesn't address many security issues surrounding
voting. It's still possible to deny individuals the right to vote, stuff
machines and ballot boxes with pre-cast votes, lose machines and ballot boxes,
intimidate voters, etc. Computerized machines don't make voting completely
secure, but machines with paper audit trails prevent all sorts of new avenues
of error and fraud," concluded Schneier.
All
Rights Reserved, Copyright NewsMax.com
FAIR USE NOTICE
This site contains
copyrighted material the use of which has not always been specifically
authorized by the copyright owner. We are making such material available in our
efforts to advance understanding of political, democracy, scientific, and
social justice issues. We believe this constitutes a 'fair use' of any such
copyrighted material as provided for in section 107 of the US Copyright Law. In
accordance with Title 17 U.S.C. Section 107, the material on this site is distributed
without profit to those who have expressed a prior interest in receiving the
included information for research and educational purposes. For
more information go to: http://www.law.cornell.edu/uscode/17/107.shtml.
If you wish to use copyrighted material from this site for purposes of your own
that go beyond 'fair use', you must obtain permission from the copyright owner.