The following article, originally published Aug. 11, 2003, in The Washington Post, is reprinted here with the permission of Linda Grist Cunningham, executive editor of the Rockford Register Star, which holds exclusive rights to the story. The article is also reprinted with the permission of The Washington Post.
The Virginia State Board of Elections had a seemingly simple task before it: Certify an upgrade to the states electronic voting machines. But with a recent report by Johns Hopkins University computer scientists warning that the systems software could easily be hacked into and election results tampered with, the once perfunctory vote now seemed to carry the weight of democracy and the peoples trust along with it.
An outside consultant assured the three-member panel recently that the report was nonsense.
I hope youre right, Chairman Michael G. Brown said, taking a leap of faith and approving Diebold Election Systems upgrades. Because when they get ready to hang the three of us in effigy, you wont be here.
Since being released two weeks ago, the Hopkins report has sent shock waves across the country. Some states have backed away from purchasing any kind of electronic voting machine, despite a new federal law that has created a gold rush by allocating billions to buy the machines and requiring all states, as well as the District of Columbia, to replace antiquated voting equipment by 2006.
The rush to buy equipment this year or next year just doesnt make sense to us anymore, said Cory Fong, North Dakotas deputy secretary of state.
Maryland officials, who signed a $55.6 million agreement with Diebold for 11,000 touch-screen voting machines just days before the Hopkins report came out, have asked an international computer security firm to review the systems security. If they dont like what they find, officials have said, the sale will be off.
The report has brought square into the mainstream an obscure but increasingly nasty debate between about 900 computer scientists, who warn that these machines are untrustworthy, and state and local election officials and machine manufacturers, who insist that they are reliable.
The computer scientists are saying, The machinery you vote on is inaccurate and could be threatened; therefore, dont go. Your vote doesnt mean anything, said Penelope Bonsall, director of the Office of Election Administration at the Federal Election Commission. That negative perception takes years to turn around.
Still, even some advocates of the new system are thinking twice. The Leadership Conference on Civil Rights, which pushed for electronic machines to help visually impaired and disabled voters, says the Hopkins report has given them pause. Theyre calling on President Bush and members of Congress to convene a forum of experts to hash it out. We have become concerned about these questions of ballot security, said Deputy Director Nancy Zirkin.
Her group and others supported passage of the $3.9 billion Help America Vote Act in November. Of the $1.5 billion appropriated so far to replace old machines, rewrite outdated equipment standards, encourage research to improve technology, train poll workers and update registration lists, about half has been released. And that has all gone toward buying electronic machines, which cost as much as $4,000 apiece.
These vendors are everywhere, said David Blount, spokesman for Mississippi Secretary of State Eric Clark. Theyre besieging everyone.
The remaining money is to be released once an Election Assistance Commission is appointed. By law, the board was to have begun work in February. But the names of the four commissioners, two from each major party, have yet to go to the Senate for confirmation.
The stakes are high. The 2000 Florida presidential election showed the shortcomings of the current system.
A subsequent Cal Tech/MIT report found that of more than 100 million votes cast nationwide, as many as 6 million werent counted because of registration errors or problems with punch-card and lever machines. One study found that of 800 lever machines tested, 200 had broken meters that stopped counting once they hit 999.
Frustrations with the old machineslevers were invented in the 1930s and punch cards in 1904have turned many local election officials into staunch supporters of the new electronic models. Advocates for the disabled say that the machines will enable the visually impaired, for the first time, to put on headphones and vote a secret ballot.
Mischelle Townsend, registrar of voters in Riverside County, Calif., said the electronic machines have saved as much as $600,000 in paper every election and, from 1996 to 2000, helped increase voter turnout to 72 percent, up 10 percent.
Any tampering would be caught, she said, in the extensive pre- and post-election testing. The best defense of the machines, she said, is that there has been no documented case of voter fraud. If the computer scientists had one valid point, one, then why hasnt one incident of what theyre saying occurred in all of these elections?
But past is not prologue, historians and political scientists warn.
Some of these hacking scenarios are highly improbable. But its not completely out of the question, said Larry J. Sabato, a political scientist at the University of Virginia who has written about political corruption. When the stakes are high enough in an election, partisans and others will do just about anything. So this is a worry.
Bugs, glitches can abound
Computer scientists note that computers are unreliable, subject to bugs, glitches and hiccups as well as the more remote possibility of outright hacking and code tampering.
They warn of a hostile programmer inserting what they call Trojan horses, Easter eggs or back doors to predetermine the outcome. They point to a number of errors in the 2002 elections, from poll workerslike some in Montgomery Countyunfamiliar with how long it takes to warm up the machines, to mysterious vote tallies.
In Georgia, where Diebold machines are used, a handful of voters found that when they pressed the screen to vote for one candidate, the machine registered a vote for the opponent. Technicians were called in, and the problem was fixed, state officials have said.
In Alabama, a computer glitch caused a 7,000-vote error and clouded the outcome of the gubernatorial race for two weeks. But more critically, computer scientists charge that the software that runs the machines is riddled with security flaws.
Whoever certified that code as secure should be fired, said Avi Rubin, technical director of the Information Security Institute at Johns Hopkins and co-author of the report.
Rubin analyzed portions of Diebold software source code that was mistakenly left on a public Internet site and concluded that a teenager could manufacture smart cards and vote several times. Further, he said, insiders could program the machine to alter election results without detection. All machines had the same password hard-wired into the code. And in some instances, it was set at 1111, a number laughably easy to hack, Rubin said.
Because there is no paper or electronic auditing system in the machine, there would be no way to reconstruct an actual vote, he said.
In a 27-page rebuttal, Diebold dismissed the findings. Officials said that the software Rubin analyzed was old and that only a portion may have been used in an actual election. Right now, were very, very confident about the security of our system, said Mark Radke, a Diebold executive. If there is a way to make it more secure, were open to that from good, reliable, knowledgeable sources who dont have a previous agenda.
That doesnt satisfy some critics. The most important thing about the Hopkins report is not the security holes they found, but irrefutable proof that all this stuff that the machines are secure is hot air, said David Dill, a computer scientist at Stanford University who has turned the debate over electronic machines into a national crusade.
State and local electio
n officials, however, say the checks and balancesthe poll workers and judges, the thick manuals of proceduresensure the sanctity of elections.
Its not fair to do an evaluation that doesnt talk about context, said Mary Kiffmeyer, president of the National Association of Secretaries of State. Our voting process has all kinds of security. Its not just the box of technology.
Few players in game
Although free and fair elections are a central tenet of Americas democracy, no one paid much attention to how they were executed for years. Not until 1990 did federal elections officials decide to write voluntary standards to certify voting machines.
Still, the atmosphere remained fairly clubby, with one lab doing the testing and a revolving door between voting machine companies and the state officials who later went to work for them. Although nearly 20 companies have had equipment certified by the FEC, only three are major players: Diebold, with 55,000 touch screens throughout the country; ES&S of Omaha; and Oakland, Calif.-based Sequoia Voting Systems.
All machines go through the FECs testing and certification process, which can cost companies anywhere from $25,000 to $100,000. Yet, a 2001 report by the General Accounting Office found that the FEC standards do not thoroughly test for security or user friendliness and that only 37 states follow them.
Doug Jones, a computer scientist in Iowa, said the testing is so secret that even he, as an insider who serves on the state board that certifies voting equipment, cant get information. Five years ago, he found the identical security flaws cited in the Hopkins report.
They promised it would be fixed, Jones said. The Hopkins group found clear evidence that it wasnt. Yet for five years, I had been under the impression that it was fixed.
Diebolds Radke said the code has been fixed.
Even the most vocal critics say there are workable solutions. Computer scientists say the companies should release their secret source codes for expert review, as two start-ups, VoteHere and Populex, have agreed to do. Or that states should require automatic upgrade clauses, as Santa Clara County has.
Dill, the Stanford computer scientist, and others are pushing for what are called voter-verified audit trails. By attaching a printer to every machine, voters can review the electronic ballot before it drops into a locked box.
Many solutions are already spelled out in the Help America Vote Act, which mandates tougher security, usability and accuracy standards.
In the end, however, with experts still at loggerheads, and the 2004 election looming, voters are left wondering which side to trust. Howard A. Denis (R-Potomac-Bethesda), a Montgomery County Council member, was so shaken by the Hopkins report that he is considering asking for a waiver to stop using electronic machines.
The more I look into this, the more serious I think it is, he said.