sacbee.com - The online division of The Sacramento Bee
This story is taken from Sacbee / Politics.
July 28, 2007
The successful invasions will be weighed in state's
By Jim Sanders - Bee Capitol Bureau
Teams of computer hackers participating in a
first-of-its-kind experiment in California have succeeded in breaking into all
three electronic voting machines they targeted.
The systems were invaded in ways ranging from altering votes
via a laptop computer to physically breaking into an electronic ballot box with
small, concealable tools, the hackers reported to the state Friday.
Secretary of State Debra Bowen released a summary of the
experts' findings Friday as part of a wide-ranging research project into the
accessibility, security and viability of electronic balloting.
"It's a big deal for many people in this country,"
Bowen said of the hacking. "We are a democracy, and our very existence as
a democracy is dependent on our having voting systems that are secure, reliable
The hackers reported successful invasions that could
"alter vote totals, violate the privacy of individual voters, make systems
unavailable, and delete audit trails."
But Stephen Weir, head of the state association of county
registrars, said the hacking was not an accurate portrayal of risk because
researchers were given extensive access to the voting machines and their
"This wasn't someone stealing the car -- it was someone
taking the car with permission," Weir said.
Counties routinely lock up their voting machines to prevent
sabotage, keep detailed access records, employ camera surveillance and conduct
extensive testing to ensure accuracy, Weir said.
Perhaps the most important thing about the state's
experiment, Weir said, was that the experts did not report finding any sabotage
or illicit devices in voting machines to suggest they are handling ballots
"There's no smoking gun here," he said.
Bowen declined to comment specifically on flaws uncovered,
saying she needed more time to review the findings released Friday.
Bowen said it is important to determine whether counties
have adequate procedures to bar access or heighten security in ways that would
prevent voting machines from being hacked.
"That's a matter for us to investigate, and pull apart,
and analyze," she said.
Bowen will hold a public hearing Monday to solicit public,
expert and industry comment on the voting machines, used statewide.
Bowen conceivably could move to decertify voting machines
she deems unsecure.
Bowen said she has made no decision on what, if any,
security changes are needed -- but she plans to do so by next Friday.
"I think it's important to point out that I'm not in
competition or in an antagonistic posture with voting system vendors or local
elections officials," she said. "We're all in this together."
The hacking experiment focused on machines by three
voting-system firms -- Diebold, Sequoia and Hart. A fourth company, Election
Systems & Software, did not provide vital data in time for its system to be
reviewed, Bowen said.
The University of California conducted the state's
"top-to-bottom" review of electronic voting machines under a $1.8
million contract with the secretary of state's office.
Bowen, unveiling the project May 9, noted that California
has spent about $450 million on new voting systems in recent years, yet the
"result is that people have more questions about whether votes are being
counted as they are cast."
Nationwide, numerous questions have been raised about the
security of electronic balloting, which encompasses everything from
touch-screen voting machines to optical scan devices that count paper ballots.
During the October 2003 gubernatorial recall election,
thousands of ballots in Alameda County for Democratic Lt. Gov. Cruz Bustamante
were recorded on electronic machines as votes for Socialist John Burton before
the error was corrected.
In Florida, Democrat Christine Jennings demanded an
investigation last year into an electronic voting machine that she claims
malfunctioned and cost her nearly 18,000 votes in a House of Representatives
race that she lost by only 369 votes.
California counties use electronic machines extensively, but
the state also requires that votes be documented in paper records that can be
reviewed by voters and auditors.
Kim Alexander, president of the California Voter Foundation,
a nonprofit public policy group, said the hacking successes reported Friday are
disturbing but ultimately could lead to improvements.
"I think it's a wake-up call for the whole
nation," Alexander said.
Officials of the Sequoia and Hart firms declined to comment
in detail Friday on the successful hackings, saying they had just received the
state's report and had not had time to study it. Diebold representatives could
not be reached.
"This testing was not done in an official elections
environment, with any of the procedures and processes employed ... by
hard-working elections officials," said Michelle M. Shafer, a spokeswoman
"Technology is only one piece of a system of checks and
balances in voting security," added Josh Allen, a Hart spokesman, in a
Copyright © The Sacramento Bee
The Sacramento Bee, 2100 Q St., P.O. Box 15779, Sacramento,