Test of Software in Machines Renews Security Concerns
By Zachary A. Goldfarb
Special to The Washington Post
Tuesday, May 30, 2006; Page A15
The already-cantankerous debate over high-tech voting machines, which have been installed in great numbers in recent years, is growing more intense and convoluted as primaries get underway and the midterm election nears.
A coalition of voting rights activists and prominent computer scientists argues that some of the machines are not sufficiently secure against tampering and could result in disputed elections, while voting machine vendors and many election officials say that view is exaggerated.
Fran Eck, left, and Judge of Elections Belita Rosier oversee a touch-screen machine used for a Pennsylvania primary. (By Bill Kalina -- York Dispatch Via Associated Press)
The latest dispute occurred several weeks ago after it was discovered at a test in Utah that someone with a reasonable knowledge of computer code could gain access to and tamper with the system software on a popular brand of voting machine manufactured by Diebold Election Systems. The developments prompted California and Pennsylvania to send urgent warnings to counties that use Diebold's touch-screen voting systems to take additional steps to secure them.
But the vastly differing assessments of the severity of the problem offered by computer scientists, Diebold and election officials made clear that four years after Congress passed a law to improve the reliability of elections, Americans still lack definitive word on whether the nation's voting machines are secure.
In California, David Jefferson, a computer scientist at Lawrence Livermore National Laboratory who consults with the state on its elections, said he was "stunned when he found out" about the vulnerability identified in the Utah test and agreed with the "frequently expressed opinion that this is the worst vulnerability that we have ever seen."
But Diebold spokesman David Bear said it was a "functionality" that company engineers had built into the voting machines so their software could be easily updated, and it only becomes an vulnerability if an unauthorized person gains unfettered access to the machine, and there are safeguards against that happening.
State officials tried to strike a middle ground. "There certainly are potential security vulnerabilities that have arisen," said Jennifer Kerns, a spokeswoman for California's secretary of state. "But you have to be realistic about it: When you're administrating elections, there's a very low risk of any" tampering.
By passing the 2002 Help America Vote Act and spending more than $2 billion to upgrade voting machines nationwide, Congress hoped to avoid this kind of exchange. HAVA was a response to the contested 2000 presidential election in Florida, which had brought the use of old punch-card voting machines into focus.
The newer technology, such as touch-screen and optical scan systems, held the promise of making voting more secure, transparent and accessible. But as the new technology was implemented, voting rights activists raised questions about whether vendors had paid enough attention to security. Activists pushed for the use of technology that still provided a paper record.
Many of the criticisms of voting technology were originally dismissed as exaggerations promulgated by partisans displeased with election results. But the criticisms have been viewed with increasing gravity as prominent computer scientists have rallied behind them. Although it has not been shown that an election was compromised by a security flaw, several elections since 2000, including in this year's primaries, have experienced problems with the technology that have delayed results.
The federal Election Assistance Commission, which was created to help states implement HAVA's wide-ranging requirements, says it is in the midst of strengthening the process of federal certification for election systems. States and localities also have their own procedures.
But voter groups have been unimpressed. They have pursued legal action to try to stop states from using the equipment, including in Arizona, California and New Mexico. Activists are also considering suits in Colorado, Florida, Missouri and Pennsylvania.
Unlike many colleagues in his field, Michael I. Shamos, a computer science professor at Carnegie Mellon University who has worked on election issues for about 20 years, has not generally been seen as a friend of the activists.
In 2004, they assailed Maryland's decision to buy Diebold touch-screen machines and asked a court to stop the state from using them. Shamos testified that with a few additional steps, the machines could be used without problem, and the court agreed.
Now, Shamos wonders. He is confident in his testimony and believes most security holes can be plugged. But he wonders whether Diebold cares enough about security and the sanctity of elections.
"There's a broader philosophical question that's been worrying me more and more lately," Shamos said. "What are these companies really doing? They don't seem to have embraced the seriousness with which people in this country take their elections. It's been kind of an adversarial thing where companies want to make profits, and they just haven't spent enough time and energy designing secure systems."
Bear says that is not true, and he repeats a frequent refrain about why the security concerns are overblown: "It's based on the premise that you have some nefarious or evil election official that's willing to commit a felony and break the law."
To which Shamos responds: "You don't want the success or failure of an election to be based on the individual."
© 2006 The Washington Post Company