Choose a different title name

[ThatHawaiiGuy]

'Flaws' found in computer voting system
Hopkins study details how touch-screen devices could be manipulated; Md. among states to adopt machines

The Associated Press
Originally published July 24, 2003, 2:31 PM EDT



An electronic voting system used in some states and recently adopted by others, including Maryland, is so flawed that it could be easily manipulated, computer security researchers concluded in a Hopkins study released today.

The study found "significant security flaws" with the system designed by Diebold Election Systems. The system was vulnerable to unscrupulous voters as well as "insiders such as poll workers, software developers and even janitors," who could cast multiple votes without a trace, the study reported.

The system allows ballots to be cast on a 15-inch touch-screen monitor.

"I don't think it can be done right now this way," said Avi Rubin of Johns Hopkins University, a lead researcher on the study, which was the first review of the software by independent computer security researchers.

Diebold reached an agreement this month with Maryland to provide up to $55.6 million in voting technology, expanding the use of touch screens from four counties to the rest of the state.

Rubin said he planned to urge state officials not to use the system.

"You guys just bought something that doesn't work," Rubin said he planned to tell Maryland election officials. "Go get a refund."

Mike Jacobsen, a spokesman for the North Canton, Ohio-based company, declined to comment in detail about the study until company officials had more time to review it. But he said the company's systems "pass rigorous certification tests at the federal and state governmental levels."

"However, we welcome the opportunity to work with credible organizations, including Johns Hopkins, to continue to improve and strengthen the security of our systems," Jacobsen said.

Jacobsen also said the software analyzed in the study was about a year old, and problems with it may have been fixed.

But Rubin said a secure electronic system would require a different methodology and there was no quick fix for the current software.

"You would have to start over," he said.

Rebecca Mercuri, an independent consultant who specializes in studying electronic vote tabulation, said the report raises questions about the security of electronic voting systems. But widespread manipulation of the system described in the study was "highly unlikely," she said.

"There would have to be a massive violation, systematically, of a huge amount of protocols, for this to take place," Mercuri said.

Rubin said a glaring weakness in the system is a lack of a verifiable audit trail that could be used to double-check voting results.

"I think they need to have paper trails, and I don't think these kinds of machines should be used for voting," he said.

The study also concluded the system was vulnerable to a group or foreign government wanting to influence an election.

The findings were based on a July study of the computer code used in the voting system. The code was posted anonymously on the Internet earlier this year.

The results are significant, Rubin said, as cities and states consider computer screen voting as an alternative to punch-card ballots that governments decided to replace after problems during the 2000 presidential election.

Last year, about 33,000 Diebold voting stations were used in elections in Maryland, Georgia, California and Kansas and other locations, according to the company.

For the study, three researchers from the Johns Hopkins Information Security Institute and a computer scientist at Rice University analyzed tens of thousands of lines of programming code.

The researchers were critical of a "smart card" used in the system. An ATM-like card given to each voter is designed to make sure that voter casts only one ballot. But the researchers said a voter could easily bring a specially programmed counterfeit card to the polls and use it to cast multiple votes.

Bogus cards could be made by a 15-year-old computer enthusiast and sold for various amounts of money depending on the number of votes it would enable a person to cast, researchers said.

The system also was susceptible to poll workers who wanted to alter ballots, the study concluded.

On the Net:

Johns Hopkins Information Security Institute: http://www.jhuisi.jhu.edu


http://www.sunspot.net/news/nationworld/bal-votingflaws0724,0,3912884.story?coll=bal-nationworld-hea...