The Sacramento Bee
Voting devices' security at issue
By Clubt Swett
Bee Staff Writer
As election officials rush to prep new electronic voting machines for the Oct. 7 recall, some computer security experts are raising alarms over what they see as the devices' potential for permitting electoral fraud.
At issue are touch-screen computers that will be used next month in Shasta, Alameda, Plumas and Riverside counties, which account for about 9 percent of all votes cast in the state.
The controversy could influence how California counties spend some $200 million to upgrade their voting systems. And it's likely to affect the financial fortunes of big voting machine companies such as Diebold Election Systems and Sequoia Voting Systems, which are chasing a market Diebold estimates to be worth at $2 billion over the next five years.
Voting officials say touch-screen systems have a number of advantages. There are no hanging chads on punch cards or smudged paper ballots. The computers also can prevent voters from accidently voting for more than one candidate in a race as well as alert voters if they have skipped some ballot measures.
Electronic voting also cuts down on the paper chase, especially in areas where ballots must be printed in multiple languages.
But computer scientists say that for all their benefits, the new voting machines could be prone to tampering, either by a rogue company programmer or by someone at the polling place.
And because such machines typically don't produce a piece of paper for the voter to review before leaving the polls, officials might never be able to discover if votes had been correctly recorded.
Diebold officials counter that such tampering would be highly unlikely and that they could provide a "paper trail" if voting officials asked for one.
"With touch-screen voting, there's an auditing gap between when you cast a vote on the screen and when it's recorded," said David Dill, a computer science professor at Stanford University. "Nobody can be sure that the votes coming out were the same ones that went in."
Dill's argument gained traction in July when a team from Johns Hopkins University in Baltimore and Rice University in Houston analyzed software from Diebold. The Canton, Ohio-based company has more than 33,000 machines operating in the United States, including 4,000 in Alameda County and 65 in Plumas County.
"We found widespread vulnerability to all kinds of tampering," said Aviel Rubin, who led the Johns Hopkins team. "I honestly don't trust the machines."
But a greater danger, they said, could be internal hacking. Programmers at the manufacturer might insert code into the machines that could skew the voting totals or cause other mischief to influence an election.
Diebold spokesman Mark Radke disputed the Johns Hopkins group's findings, saying its conclusions were based on old software, flawed analysis and faulty assumptions about election procedures.
"They sensationalized inaccurate information," Radke said.
Conflict of interest allegations aside, Diebold also released a highly technical, 27-page rebuttal of the Johns Hopkins findings. But some computer scientists consider Diebold's response unconvincing.
"I think the primary issues raised in the Hopkins study are still valid," said Douglas Jones, who teaches computer science at the University of Iowa and has studied electronic voting since 1994.
Jones said he analyzed the Hopkins findings and Diebold's responses, and said Diebold essentially agreed with the Hopkins researchers on many points, though the company said many of the scenarios were highly unlikely.
Some election officials say security fears are overblown.
Ginnold, the Alameda County election official, said critics don't understand the precautions taken at the polls.
For example, state law requires that individual ballots be hand-counted in 1 percent of precincts and the totals be matched to what comes out of the machines. The new voting computers are programmed to print out individual ballots so that election officials can make comparisons to the tabulated vote.
However, if voting machines spit out lengthy ballots for each individual voter to peruse at the polling place, Ginnold said, the polls would be jammed by people reviewing their choices after they voted.
We've been counting ballots by computer for more than 30 years," she said. "People spin out fantastical tales of things that could happen, like rogue programers, but it's so remote. ... I think it's the wild ravings of people who play computer games, trying to kill monsters."
But Dill, the Stanford professor, disagrees.
"I know computers can't be made that reliable," he said. "If they are under attack by people who want to steal an election, they can't be made secure."