February 6, 2004


The Potential for Voting Machine Fraud


By Charles R. Smith


Electronic Democracy or Disaster?


There is an old proverb in data processing: To err is human. To really mess things up you need a computer.


The flawed 2000 presidential election in Florida unleashed a sudden and urgent effort to reform the U.S. voting system. At the forefront of this effort are businesses offering touch screen computer voting and Internet voting systems to replace punch cards and physical paper ballots.


Yet three separate reports issued by computer security experts have determined that electronic voting is a risky business. In fact, the most recent report issued in Maryland showed that the leading touch screen voting system offered by Ohio-based Diebold Corp. was vulnerable to tampering.


"We were genuinely surprised at the basic level of the exploits that allowed tampering," said Dr. Wertheimer, a former employee for the National Security Agency now working as a director at Raba Technologies LLC, a Maryland-based security consulting firm.


Raba teams apparently found it easy to hack into the Maryland Touch Screen voting system built by Diebold. Raba's report on hacking the Diebold voting machines noted that the system was insecure and required some basic changes before it could be reliable enough for a general election.


"The State of Maryland election system, as configured at the time of this report, contains considerable security risks that can cause moderate to severe disruption in an election," noted the report.


"Further steps could be taken to ensure a safe general election in November. ... Ultimately, we feel there will be a need for paper receipts, at least in a limited fashion," stated the report.


Raba's report stated that Diebold election software has to be rewritten to meet industry security standards and called for limited use of paper receipts to help verify voting. Raba's report also stated that the testers had expected a higher degree of security in the design of the machines.


Diebold Safe and Secure


Amazingly, Diebold officials hailed the report as proof that if not tampered with their election machines should work perfectly.


"The Raba report in Maryland findings were similar to the report issued by SAIC," stated David Bear, a spokesman for Diebold.


"The software issues identified by the SAIC report have been implemented and used in the most recent elections. The Raba report did identify security issues for the State Board of Elections in Maryland on physical barriers to enhance security, which the state board is addressing," said Bear.


"The main thing out of the Raba report is that the voters of Maryland should be comfortable with the safety, security and accuracy of the election for the March primary," stated Bear.


In contrast, some Maryland voters do not see the Raba report as proof positive that Diebold's election systems work.


"Diebold touch screen voting machines have been technically evaluated three times by Johns Hopkins University, SAIC and Raba working for the Maryland's Department of Legislative Services and each time they were given a failing grade," stated Linda Schade of the Campaign for Verifiable Voting.


"An expert witness testified that it is 'more secure to buy a book on Amazon than to vote in Maryland,'" noted Schade.


"We agree with the Raba report that paper ballots are necessary," stated Schade.


Schade noted that cost and objections from Diebold should not be a factor in demanding a voter paper trail. "Four California counties have received upgrades to Diebold systems to provide verified paper ballot audit trails for no charge. In fact, the State of Maryland appears to have paid 76% more for each machine than California," concluded Schade.


Fix the Vote


The Raba report may not cover all the security risks previously exposed. According to Schade, Maryland officials failed to review the potential for an insider attack or a malfunction in the software. A previous review by Johns Hopkins warned that an insider attack was a "considerable" threat.


"If any party introduces flaws into the voting system software or takes advantage of pre-existing flaws, then the results of the election cannot be assured to accurately reflect the votes legally cast by the voters," noted the Hopkins report.


"It would be far easier for someone to fix an election by modifying the software at Diebold's installation or elsewhere before it is delivered to election offices to install on all the machines," concluded the Johns Hopkins report.


U.S. voters are not the only ones to voice their dissatisfaction with Diebold and ballot less elections. Canadian voters are also using Touch Screen systems and have found the lack of audit trails to be very disturbing. "Who is running these companies? Do we really know where the money and computer expertise is coming from?" asked Brent Beleskey, Director of the Canadian based International Voters Coalition.


"If people like Saddam Hussein and the Colombian Drug Cartel and friends, have the technical means to undermined the free worlds election process, why should we accommodate them?" asked Beleskey.


"The Deputy Commissioner of Elections of the USA, Bill Kimberling declared on June 7, 2000, at an annual meeting of the Maryland Association of Elected Officials, called Internet voting and ballot less elections 'a breeding ground for fraud' and a business-driven threat to democracy. In addition, the sanctity of the secret vote would also be in danger," said Beleskey.


"We must maintain and move vigorously to totally expose this blatant attack on our priceless due process, our freedoms and our liberties," concluded Beleskey.


Felons Inside


There is evidence that possible tampering and criminal intent may be more than just an issue. Voter advocate Bev Harris recently charged that managers of a Diebold subsidiary included a cocaine trafficker, a man who conducted fraudulent stock transactions, and a programmer jailed for falsifying computer records.


According to Harris, at least five convicted felons secured management positions at a manufacturer of electronic voting machines. One top programmer, Jeffrey Dean, wrote and maintained proprietary code used to count hundreds of thousands of votes as senior vice president of Global Election Systems Inc., which was later purchased by Diebold, in January 2002.


According to court records, Dean served time for stealing money and tampering with computer files in a scheme that "involved a high degree of sophistication and planning."


Diebold officials stated that the company now performs background checks on all managers and programmers. A Diebold spokesman publicly announced that Dean left at the time of the 2002 acquisition.


"There are dozens of stories about computerized voting machines producing erroneous results. Votes mysteriously appear or disappear. Votes cast for one person are credited to another," wrote Bruce Schneier, author and head of California-based Counterpane Internet Security, Inc.


"Here are two from the most recent election: One candidate in Virginia found that the computerized election machines failed to register votes for her, and in fact subtracted a vote for her, in about 'one out of a hundred tries.' And in Indiana, 5,352 voters in a district of 19,000 managed to cast 144,000 ballots on a computerized machine," note Schneier.


Fallible and Unreliable


"Computers are fallible and software is unreliable; election machines are no different than your home computer," wrote Schneier. "Even more frightening than software mistakes is the potential for fraud. The companies producing voting machine software use poor computer-security practices. They leave sensitive code unprotected on networks. They install patches and updates without proper security auditing," noted Schneier.


Schneier also said that many of the election contractors use legal tactics to punish those who discover their flaws.


"They use the law to prohibit public scrutiny of their practices. When damning memos from Diebold became public, the company sued to suppress them. Given these shoddy security practices, what confidence do we have that someone didn't break into the company's network and modify the voting software?" asked Schneier.


Paper Ballots


"My suggestion is simple, and it's one echoed by many computer security researchers. All computerized voting machines need a paper audit trail. Build any computerized machine you want. Have it work any way you want. The voter votes on it, and when he's done the machine prints out a paper receipt, much like an ATM does. The receipt is the voter's real ballot. He looks it over, and then drops it into a ballot box. The ballot box contains the official votes, which are used for any recount. The voting machine has the quick initial tally."


"This system isn't perfect, and doesn't address many security issues surrounding voting. It's still possible to deny individuals the right to vote, stuff machines and ballot boxes with pre-cast votes, lose machines and ballot boxes, intimidate voters, etc. Computerized machines don't make voting completely secure, but machines with paper audit trails prevent all sorts of new avenues of error and fraud," concluded Schneier.


All Rights Reserved, Copyright



This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of political, democracy, scientific, and social justice issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.