[link to index of press clippings]

From
Creative Loafing Atlanta

High-tech train wreck

Experts question just how secure Georgia elections are


By Kevin Griffis
4/2/2003


It's Election Day 2004. Do you know where your voting machine has been? What about its software code? Its programmers? And just what political persuasion are they?

Flummoxed? Chances are, the secretary of state's office isn't completely sure either. And that's why a long and growing list of computer scientists and security experts are calling on election officials around the country to consider a small but significant change to direct recording electronic (DRE) voting -- our new touchscreen machines. They want the machines to produce a paper record of the ballots cast, a voter-verifiable audit trail. To make their case, they're using Georgia as an example of what can go wrong even in a seemingly successful election and just how many opportunities exist to sabotage the system.

...

"I'm making a strong statement there," says Stanford University computer scientist David Dill. "I'm saying within the state of the art in computer science, it is not known how to be sufficiently sure that the programs are bug-free and especially to be sufficiently sure that there is no tampering, that it's actually safe to use them without paper."

Secretary of State Cathy Cox, though, says a paper trail will create more opportunity for fraud, not less. Georgia's tainted election history serves as a primer on what could happen, she says.

...

Under the old system, the state was ripe for a Florida-style, hanging-chad meltdown.

But Cox's $54 million effort to computerize the state's election system changed the country's estimation of Georgia, as scores of articles from across America before and after the November elections attest. The secretary of state moved ahead with voting reform on the state's dime instead of waiting for federal money that was only recently released.

Cox argued that it was necessary lest Georgia be the site of Florida 2000 redux.

"I think [Cox] has done a remarkable job," says Robert Pastor, the head of American University's Center for Democracy and Election Management, and former Emory University professor. The secretary of state should be lauded for putting Georgia in the forefront of election reform, he says.

...

But take a short trip around the Internet today, and Georgia looks positively Nigerian. You'll likely happen upon Bev Harris' blackbox voting site, among a number of others that question the security of Georgia's 2002 election.

...

Among the more troubling discoveries: Harris, a Seattle-based publicist and writer, found a Geocities website that Diebold used to allow technicians to download program information while in the field. On the site, which could be accessed anonymously and without a password, Harris discovered files such as "rob-georgia." The mere fact that anyone could get onto the site is alarming enough, but conspicuously named documents seemed to indicate Election Day mischief.

...

"It would take a conspiracy beyond belief, of all these different poll workers, [most of whom] are just happy to know how to unfold this machine and plug it in, who couldn't begin to understand how to get in there and change the software," Cox says. "The machines are not networked, so you would have to get into every individual machine to try to manipulate elections. Probably not more than maybe 100-200 people voted on any one machine in any polling place. I don't see how this could happen in the real world."

There's a long line of computer scientists willing to explain it. On the one hand, Stanford University's Dill agrees that Georgia's election safeguards are laudable and more stringent than those in other states, but he says Cox's assessment that it would take a vast conspiracy to rig an election is flat wrong.

"It requires one programmer at the company who has a political agenda or who has been bribed or somebody who can break into the company's network, who can hack the code when they're not looking," Dill says.

...

Proponents of paper audits produce election scenarios that make one wonder whether Cox's staff is relying on the right people to supply it with technical answers. For instance, Dill and University of Iowa computer scientist Douglas Jones, who also recently served as chairman of the Iowa Board of Examiners for Voting Machines and Electronic Voting Systems, suggest a programmer could make changes to the binary code that runs the computer without leaving his fingerprints in the source code that is supposed to be examined by federal labs.

After consulting with the state's experts, Cox press secretary Chris Riggal says that is an impossibility, that any changes to the binary code would be reflected in the source code.

"[His] response is another example of willful or uninformed misrepresentation that is common on the part of the vendors, misinformed election officials and gullible people," says Peter Neumann, one of the top computer security specialists in the country, who then explains in an e-mail message a number of ways interested parties could get around current security measures.

...