Will Your Vote Count in 2006?
By Steven Levy
Newsweek

29 May 2006 Issue

"When you're using a paperless voting system, there is no
security," says Stanford's David Dill.

Just when you thought it was safe to go back into the voting
booth, here comes more disturbing news about the trustworthiness of
electronic touchscreen ballot machines. Earlier this month a report
by Finnish security expert Harri Hursti analyzed Diebold voting
machines for an organization called Black Box Voting. Hursti found
unheralded vulnerabilities in the machines that are currently
entrusted to faithfully record the votes of millions of Americans.

How bad are the problems? Experts are calling them the most
serious voting-machine flaws ever documented. Basically the trouble
stems from the ease with which the machine's software can be altered.
It requires only a few minutes of pre-election access to a Diebold
machine to open the machine and insert a PC card that, if it
contained malicious code, could reprogram the machine to give control
to the violator. The machine could go dead on Election Day or throw
votes to the wrong candidate. Worse, it's even possible for such
ballot-tampering software to trick authorized technicians into
thinking that everything is working fine, an illusion you couldn't
pull off with pre-electronic systems. "If Diebold had set out to
build a system as insecure as they possibly could, this would be it,"
says Avi Rubin, a Johns Hopkins University computer-science professor
and elections-security expert.

Diebold Election Systems spokesperson David Bear says Hursti's
findings do not represent a fatal vulnerability in Diebold
technology, but simply note the presence of a feature that allows
access to authorized technicians to periodically update the software.
If it so happens that someone not supposed to use the machine-or an
election official who wants to put his or her thumb on the scale of
democracy-takes advantage of this fast track to fraud, that's not
Diebold's problem. "[Our critics are] throwing out a 'what if' that's
premised on a basis of an evil, nefarious person breaking the law,"
says Bear.

Those familiar with the actual election process-by and large run
by honest people but historically subject to partisan politicking,
dirty tricks and sloppy practices-are less sanguine. "It gives me a
bit of alarm that the voting systems are subject to tampering and
errors," says Democratic Rep. William Lacy Clay, who worries that
machines in his own St. Louis district might be affected by this
vulnerability. (In Maryland and Georgia, all the machines are
Diebold's.)

The Diebold security gap is only the most vivid example of the
reality that no electronic voting system can be 100 percent safe or
reliable. That's the reason behind an initiative to augment these
systems, adding a paper receipt that voters can check to make sure it
conforms with their choices. The receipt is retained at the polling
place so a physical count can be conducted. "When you're using a
paperless voting system, there is no security," says David Dill, a
Stanford professor who founded the election-reform organization
Verified Voting.

To their credit, 26 states have taken action to implement paper
trails. But the U.S. Congress has yet to pass legislation introduced
last year by Rep. Rush Holt, Democrat of New Jersey, that would
extend this protection nationwide. Holt says his bill is slowly
gaining support. "The voters are saying that every vote should count,
and the only way to do this is by verified audit trails," he says.
But even an optimistic scenario for passage would challenge his goal
of mandatory paper receipts for November's elections. In other words,
it's unlikely that every voter using an electronic voting device in
2006 will know for sure that his or her vote will be reflected in the
actual totals. Six years after the 2000 electoral debacle, how can
this be?

http://www.truthout.org/docs_2006/052206B.shtml

Will Your Vote Count in 2006?
By Steven Levy
Newsweek

29 May 2006 Issue

"When you're using a paperless voting system, there is no
security," says Stanford's David Dill.

Just when you thought it was safe to go back into the voting
booth, here comes more disturbing news about the trustworthiness of
electronic touchscreen ballot machines. Earlier this month a report
by Finnish security expert Harri Hursti analyzed Diebold voting
machines for an organization called Black Box Voting. Hursti found
unheralded vulnerabilities in the machines that are currently
entrusted to faithfully record the votes of millions of Americans.

How bad are the problems? Experts are calling them the most
serious voting-machine flaws ever documented. Basically the trouble
stems from the ease with which the machine's software can be altered.
It requires only a few minutes of pre-election access to a Diebold
machine to open the machine and insert a PC card that, if it
contained malicious code, could reprogram the machine to give control
to the violator. The machine could go dead on Election Day or throw
votes to the wrong candidate. Worse, it's even possible for such
ballot-tampering software to trick authorized technicians into
thinking that everything is working fine, an illusion you couldn't
pull off with pre-electronic systems. "If Diebold had set out to
build a system as insecure as they possibly could, this would be it,"
says Avi Rubin, a Johns Hopkins University computer-science professor
and elections-security expert.

Diebold Election Systems spokesperson David Bear says Hursti's
findings do not represent a fatal vulnerability in Diebold
technology, but simply note the presence of a feature that allows
access to authorized technicians to periodically update the software.
If it so happens that someone not supposed to use the machine-or an
election official who wants to put his or her thumb on the scale of
democracy-takes advantage of this fast track to fraud, that's not
Diebold's problem. "[Our critics are] throwing out a 'what if' that's
premised on a basis of an evil, nefarious person breaking the law,"
says Bear.

Those familiar with the actual election process-by and large run
by honest people but historically subject to partisan politicking,
dirty tricks and sloppy practices-are less sanguine. "It gives me a
bit of alarm that the voting systems are subject to tampering and
errors," says Democratic Rep. William Lacy Clay, who worries that
machines in his own St. Louis district might be affected by this
vulnerability. (In Maryland and Georgia, all the machines are
Diebold's.)

The Diebold security gap is only the most vivid example of the
reality that no electronic voting system can be 100 percent safe or
reliable. That's the reason behind an initiative to augment these
systems, adding a paper receipt that voters can check to make sure it
conforms with their choices. The receipt is retained at the polling
place so a physical count can be conducted. "When you're using a
paperless voting system, there is no security," says David Dill, a
Stanford professor who founded the election-reform organization
Verified Voting.

To their credit, 26 states have taken action to implement paper
trails. But the U.S. Congress has yet to pass legislation introduced
last year by Rep. Rush Holt, Democrat of New Jersey, that would
extend this protection nationwide. Holt says his bill is slowly
gaining support. "The voters are saying that every vote should count,
and the only way to do this is by verified audit trails," he says.
But even an optimistic scenario for passage would challenge his goal
of mandatory paper receipts for November's elections. In other words,
it's unlikely that every voter using an electronic voting device in
2006 will know for sure that his or her vote will be reflected in the
actual totals. Six years after the 2000 electoral debacle, how can
this be?

http://www.truthout.org/docs_2006/052206B.shtml