From The Washington Post, 1/22/06:
http://www.washingtonpost.com/wp-dyn/content/article/2006/01/21/AR2006012101051.html
As Elections Near, Officials Challenge Balloting Security
In Controlled Test, Results Are Manipulated in Florida System
By Zachary Goldfarb
Special to The Washington Post
Sunday, January 22, 2006; Page A06
As the Leon County supervisor of elections, Ion Sancho's job is to
make sure voting is free of fraud.
But the most brazen effort lately to manipulate election results in
this Florida locality was carried out by Sancho himself.
Four times over the past year Sancho told computer specialists to
break in to his voting system.
And on all four occasions they did, changing results with what the
specialists described as relatively unsophisticated hacking
techniques.
To Sancho, the results showed the vulnerability of voting equipment
manufactured by Ohio-based Diebold Election Systems, which is used by
Leon County and many other jurisdictions around the country.
Sancho's most recent demonstration was last month.
Harri Hursti, a computer security expert from Finland, manipulated the
"memory card" that records the votes of ballots run through an optical
scanning machine.
Then, in a warehouse a few blocks from his office in downtown
Tallahassee, Sancho and seven other people held a referendum.
The question on the ballot:
"Can the votes of this Diebold system be hacked using the memory
card?"
Two people marked yes on their ballots, and six no.
The optical scan machine read the ballots, and the data were
transmitted to a final tabulator.
The result?
Seven yes, one no.
"Was it possible for a disgruntled employee to do this and not have
the elections administrator find out?" Sancho asked.
"The answer was yes."
Diebold and some officials have criticized Sancho's experiments and
said his conclusions about the vulnerability of electronic voting
systems are unfounded.
What Sancho did "is analogous to if I gave you the keys to my house
and told you when I was gone," said David Bear, a Diebold spokesman.
As Bear sees it, Sancho's experiment involved giving hackers "complete
unfettered access" to the equipment, something a responsible elections
administrator would never allow.
Questions about the security of electronic voting machines have been
circulating widely in recent years.
But many of the concerns have been dismissed as the fantasies of
Internet conspiracy theorists or sore-loser partisans who could not
accept that their candidates simply got fewer votes.
Critics have not demonstrated that any real elections have had returns
altered by the manipulation of electronic voting systems.
But the questions raised by Sancho, who has held his post since 1989,
show how the concerns are being taken more seriously among elections
professionals.
"While electronic voting systems hold promise for improving the
election process," the Government Accountability Office said in a
report to Congress last year, there are still pressing concerns about
"security and reliability . . . design flaws" and other issues.
The questions about electronic balloting have become widespread as
states and counties move to upgrade equipment, as required by the 2002
Help America Vote Act.
The law and new state regulations were enacted to make voting more
accessible and more accurate, a response to the controversy generated
by the contested outcome in Florida in the 2000 presidential election.
Since the federal law was passed, though, a hodgepodge of federal and
state requirements and debates over the best technology have
complicated the task of upgrading.
In a recent survey by the National Association of Secretaries of
State, 17 of 43 states that responded said they expected to miss a
congressionally imposed Jan. 1, 2006, deadline to upgrade voting
systems.
Election officials have repeatedly clashed with voting-machine
manufacturers.
In Connecticut, for example, Secretary of State Susan Bysiewicz said
she would scrap her plans to replace her state's lever machines after
the company she planned to buy from "misrepresented" itself in
negotiations about how accessible the machines would be for people
with disabilities.
In Miami-Dade County, Fla., the elections chief -- the third in five
years -- is thinking about tossing out touch-screen systems installed
after 2000.
The concern is that they do not leave a paper trail that auditors
could examine in a disputed election and are expensive to use.
In California, the secretary of state recently asked Hursti to
investigate whether Diebold machines the state was considering had
similar vulnerabilities.
The events that set in motion Hursti and Sancho meeting, and a new
wave of concern over today's voting technologies, started in 2003,
when a Seattle-based activist named Bev Harris released thousands of
Diebold documents she said she found on an unsecured portion of the
company's Web site.
Some computer scientists said the documents showed Diebold's systems
were vulnerable to attack.
Today, more than 800 jurisdictions use their technology, Harris said.
She wanted to find a way to test whether those vulnerabilities could
be exploited.
Sancho volunteered his equipment to be tested by experts Harris would
select.
Harris recruited computer expert Herbert Thompson, and on Feb. 14,
2005, in Tallahassee, Thompson met with Sancho and tried to crack the
Diebold system remotely.
The first attempt failed.
On a second attempt, by directly accessing a computer where the votes
are counted in a final tally, he manipulated returns.
They used a local high school election for the experiment.
In May, two more tests were held, this time with Hursti present.
Using a device bought for about $200, he was able to easily alter the
final vote by changing the program stored on the memory card.
"You have to admit these systems are vulnerable and act accordingly,"
Hursti said.
Diebold took a dim view of the experiments.
On June 8, a senior company lawyer faxed Sancho:
"You have willfully and intentionally allowed the manipulation of
memory cards related to your elections. . . . We believe this to have
been a very foolish and irresponsible act."
The response frustrated Sancho.
"More troubling than the test itself was the manner in which Diebold
simply failed to respond to my concerns or the concerns of citizens
who believe in American elections," he said.
"I really think they're not engaged in this discussion of how to make
elections safer."
He is also critical of state officials who he believes should have
caught the vulnerabilities earlier.
He said that vendors such as Diebold have too much influence in the
administration of elections, a view that resonated with Lida
Rodriguez-Taseff, the founder of the Miami-Dade Election Reform
Coalition.
Sancho is "truly an advocate for voters," she said.
"What he is doing in Leon County goes completely against the grain of
county election commissioners elsewhere, who are allowing vendors to
dictate how to run their own elections."
Johns Hopkins University computer sciences professor Avi Rubin, who is
leading a group that has received a $7.5 million grant from the
National Academy of Sciences to research election technology, said the
vulnerabilities of electronic systems -- including new touch-screen
voting machines -- point to the need for a paper trail in any
election.
"The more I see, I say we need voting to rely on paper," he said.
About 26 states require paper ballots, according to Verified Voting,
an advocacy group.
Jenny Nash, a spokeswoman for Florida's secretary of state, said in
the end the integrity of any voting system must be protected by the
local officials who administer elections.
"Machines are designed and certified to operate in a secure
environment and under secure procedures that each supervisor puts in
place and follows directly," she said.
_______________________________________________________
OK. So what happened in 2004 and what's the plan for 2006? Listen to
the sound of silence.
Harry
.
|
