Science > Abortion > Officials Probing Possible Theft of Voting Software in Maryland
| Topic: |
Science > Abortion |
| User: |
"james g. keegan jr." |
| Date: |
20 Oct 2006 05:23:15 PM |
| Object: |
Officials Probing Possible Theft of Voting Software in Maryland |
Officials Probing Possible Theft of Voting Software in Maryland
By Cameron W. Barr
The Washington Post
Friday 20 October 2006
Ex-delegate says FBI contacted her about disks she received.
The FBI is investigating the possible theft of software developed
by the nation's leading maker of electronic voting equipment, said a
former Maryland legislator who this week received three computer
disks that apparently contain key portions of programs created by
Diebold Election Systems.
Cheryl C. Kagan, a former Democratic delegate who has long
questioned the security of electronic voting systems, said the disks
were delivered anonymously to her office in Olney on Tuesday and that
the FBI contacted her yesterday. The package contained an unsigned
letter critical of Maryland State Board of Elections Administrator
Linda H. Lamone that said the disks were "right from SBE" and had
been "accidentally picked up."
Lamone's deputy, Ross Goldstein, said "they were not our disks,"
but he acknowledged that the software was used in Maryland in the
2004 elections. Diebold said in a statement last night that it had
never created or received the disks.
The disks bear the logos of two testing companies that send such
disks to the Maryland board after using the software to conduct tests
on Diebold equipment. A Ciber Inc. spokeswoman said the disks had not
come from Ciber, and Wyle Laboratories Inc. said it was not missing
any disks.
Diebold spokesman Mark Radke and Goldstein said that the labels
on the disks referred to versions of the software that are no longer
in use in Maryland, although the Diebold statement said the version
of one program apparently stored on the disks is still in use in "a
limited number of jurisdictions" and is protected by encryption. The
statement also said the FBI is investigating the disks' chain of
custody.
Michelle Crnkovich, an FBI spokeswoman in Baltimore, said she had
no knowledge of an investigation.
In an unrelated development, Maryland state auditors said in a
report yesterday that the State Board of Elections is not properly
controlling access to a new statewide database of registered voters
or verifying what changes are made to it. The report comes at a time
of heightened concern over the security and effectiveness of
electronic voting systems.
Legislative auditor Bruce Myers said it was unusual to allow
"across-the-board access" by local election officials to a sensitive
database, but Lamone defended the board's practices. In a letter
released with the Office of Legislative Audits report, she wrote that
the board "is unaware of any allegations of the falsification of
additions or deletions to the system."
The FBI investigation into the disks could focus further scrutiny
on the security of Maryland's electronic voting system.
The disks delivered to Kagan's office bear labels indicating that
they hold "source code" - the instructions that constitute the core
of a software program - for Diebold's Ballot Station and Global
Election Management System (GEMS) programs. The former guides the
operation of the company's touch-screen voting machines; the latter
is in part a tabulation program used to tally votes after an election.
Three years ago, Diebold was embarrassed when an activist
obtained some of its confidential software by searching the Internet.
The company vowed to improve its security procedures to prevent
another lapse.
The release of such software poses a risk, computer scientists
say, because it could allow someone to discover security
vulnerabilities or to write a virus that could be used to manipulate
election results.
In September, computer scientists at Princeton University who had
obtained a Diebold voting machine demonstrated how a program they had
created could secretly alter the votes cast on the machine. Diebold
President Dave Byrd called the demonstration "unrealistic and
inaccurate" and said it ignored the "physical security" measures used
to safeguard voting machines.
The Washington Post obtained copies of the disks Wednesday and
allowed Avi Rubin, a computer scientist at Johns Hopkins University,
along with a colleague and a graduate student, to review the software
on the condition that they make no copies of it.
"I would be stunned if it's not real," Rubin said.
Rubin, who has said that electronic voting systems that do not
produce a paper record of each vote cannot be secured, led a team
that produced an analysis that pointed out security vulnerabilities
in the Diebold software found on the Internet in 2003.
Sam Small, the graduate student, said the version of Ballot
Station "was consistent with what we've seen previously." Small could
not gain access to the GEMS software because the material on two of
the disks was protected by a password.
Radke, the Diebold spokesman, said the versions of Ballot Station
released since the version identified on the disks have many new
security features. The Diebold statement said "it would take years
for a knowledgeable scientist" to break the encryption used on the
software apparently contained on the disks delivered to Kagan. But
Rubin said "the data and files were not encrypted" on the Ballot
Station disk he reviewed.
The Office of Legislative Audits report also said the Maryland
elections board has paid bills submitted by contractors without
proper documentation and has not taken appropriate steps to safeguard
its computer network and Web site.
Lamone said, "It seems inappropriate to base findings on a
partially implemented system," referring to the new MDVOTERS
database, which Maryland has established to comply with federal law.
She said it is appropriate for local election workers to have
access to the database and said procedures are in place to verify
changes. Lamone concurred with the auditors' criticism of her staff's
accounting practices and said they had "obtained nearly all necessary
documentation" for contractors' bills.
Providing the sort of local oversight envisioned by the auditors,
she said, "simply cannot be conducted with existing resources."
Staff writer Eric Rich contributed to this report.
http://www.truthout.org/docs_2006/102006R.shtml
.
|
|
|
Related Articles |
|
|
