Avoiding Another Florida Fiasco
Electronic ‘Smart Cards’ Eliminate Chad, But May Bring Other Problems
By Jake Tapper
March 5 — The controversial Florida recount still looms large in the minds of election officials seeking to put an end to paper voting systems and their hanging, pregnant and dimpled chads.
But in California and Maryland on Tuesday, the new high-tech electronic voting machines — brought in to eliminate the specter of the Florida chaos circa 2000 — created new problems of their own.
Using new voting machines called Diebold TSXs, election workers in San Diego were unable to get a "precinct control module" to work at many polling places, so the electronic "smart cards" voters use to cast their votes were not being read. A similar problem reared its head in Annapolis, Md.
"Now it's 10 times more complicated," one San Diego voter was heard griping. "Florida did this to us. If it weren't for Florida, I would have been on my way to work."
Technical glitches, however, might be the least of it. Computer experts say that paperless voting — ed by Fortune magazine as "worst new technology" of 2003 — is rife with security and integrity issues. Many of these criticisms have focused on Diebold Election Systems, one of many manufacturers of electronic voting machines capitalizing on the hundreds of millions in federal dollars offered to states and counties in the Help America Vote Act of 2002, passed into law to avoid future Floridas.
"Politicians and election officials have mislaid their trust, preferring expediency and convenience, thereby leaving their voting systems subject to electronic fraud and abuse," said Michael Wertheimer, a computer security expert and former National Security Agency official who tested new Diebold machines for the state of Maryland in January.
No one from Diebold would talk to ABCNEWS, but one of its representatives was on hand to talk to reporters in San Diego. "Electronic voting is safe, secure and accurate," spokesman David Bear said. "There has never been an instance where a vote has ever come into question of not being tallied."
That statement is disputed, but to critics it is also irrelevant. They say the problem is not what has happened in the past — but what could happen in the future. After all, by this November, an estimated 50 million Americans will be voting electronically.
Bev Harris’ Investigations
Bev Harris, a public relations entrepreneur turned independent Internet journalist, was trying to find out more about electronic voting one day when she stumbled onto a Web site affiliated with Diebold.
"What was on that Web site — which was actually available for seven years — was a virtual tutorial on how to rig an election," Harris told ABCNEWS.
She found voting software, voter databases, passwords, remote communication protocols. "It had everything you need to rig it from 100 different angles."
In September 2003, Harris says, someone affiliated with Diebold leaked approximately 15,000 Diebold files to her, 13,000 of which were memos between programmers "talking about bypassing security and faking tests," she said.
In one memo, dated Oct. 18, 2001, Diebold engineer Ken Clark allowed that a central server was accessible to anyone, essentially, even those using a program as basic as Microsoft Access. "Right now you can open GEMS' .mdb file with MS-Access and alter its contents," he wrote. "That includes the audit log."
In her self-published book, Black Box Voting, Harris cites numerous other memos that all detail the insecurity of the electronic voting systems set up throughout the country. Diebold did not return a call seeking comment about the authenticity of the documents, though officials of the company have not disputed them in the past, or to Vanity Fair reporter Michael Shnayerson, who has an extensive story about Harris and Diebold in the magazine's April 2004 issue.
The V Files?
There is indisputably something rather X-Files-esque about all of this. Douglas W. Jones, a University of Iowa computer science professor and member of the Iowa Board of Examiners for Voting Machines and Electronic Voting Systems, even seemed to be quoting that TV show when he recently said, "A trustworthy system of elections must rest on one central principle: Trust no one."
It didn't help matters when Diebold's CEO, Walden O'Dell, a major Bush fund-raiser, recently wrote a letter to Ohio Republicans declaring his commitment "to helping Ohio deliver its electoral votes to the president next year."
But Joe Andrew, the former chairman of the Democratic National Committee, says electronic voting is the future and pooh-poohs questions about "rigged" elections as politics.
"There is no questions that Democrats recognize that the best way to rouse a Democratic crowd — I have done it myself — is to talk about what happened in Florida in 2000 and … about these security issues by raising the concerns about whether or not these machines really will be hacked into or not," Andrew told ABCNEWS. "You will definitely get a big applause line."
But the bottom line for Andrew is that the new technology will help enfranchise disabled voters, and those for whom English is not their first language.
‘I Need Some Answers!’
Some incidents might cause some skepticism about the integrity of the current system. One memo leaked to Harris, dated Jan. 17, 2001, and from Lana Hires — the supervisor of elections for Volusia County, Fla. — refers to that county's infamous role during the contested 2000 Florida recount, after one precinct registered negative votes for then-Vice President Al Gore, a mistake that was caught and corrected.
"I need some answers! Our department is being audited by the County," Hires wrote to officials of Global Election Systems, who had provided the county's optiscan ballots. "I have been waiting for someone to give me an explanation as to why Precinct 216 gave Al Gore a minus 16022 when it was uploaded. Will someone please explain this so that I have the information to give the auditor instead of standing here 'looking dumb'."
Talbot Iredale, vice president of Research & Development for GES — which Diebold purchased not long afterwards, soon responded. The problem was that machines in Precinct 216 "had two memcory [sic] cards uploaded. The second one is the one I believe caused the problem. They were uploaded on the same port approx. 1 hour apart. As far as I know there should only have been one memory card uploaded."
Why would two memory cards have been uploaded? Iredale said it could have been any one of four possibilities. A corrupt memory card, which he calls "the most likely explaination [sic] for the problem; an invalid read of a good memory card; a corruption of memory; or an 'Invalid memory card' (i.e. one that should not have been uploaded). There is always the possiblity [sic] that the 'second memory card' or 'second upload' came from an un-authorised [sic] source."
Asked to comment about the e-mail's authenticity, Hires said she would not comment without seeing the e-mails. After they had been sent to her twice, she told ABCNEWS she hadn't received them and hung up the phone. She didn't return any future calls.
The Maryland Fiasco
But the greater concern, critics say, is what could happen — not what has. Though to be fair, what has happened cannot, in many cases, be verified — because a paperless system leaves no paper trail.
"The way the system is set up today, there is no evidence to be found," says computer security expert Wertheimer. "It's just software; there is no way to verify that it has been rigged." In January the state of Maryland, which used 16,000 new Diebold machines Tuesday, commissioned Wertheimer and his team to try to hack into a pretend election. They were successful.
"We broke into the computer at the state Board of Elections, completely changed the election, left and then erased all our trail and then got back out and we did it in under five minutes," Wertheimer told ABCNEWS.
Using programs he says a high school student could download off the Internet, they easily found dozens of ways the machines were vulnerable to an attack. Standing at the touch-screen units where voters cast their electronic ballots, "we showed that we could very easily pick the lock that secures the system, and once we were able to open that bay we were showing that we could votes, change votes, vote any way we want," he said.
They duplicated the "smart cards" voters use because passwords to do so were insecure. On the uploading side, they got local precincts to call their computer instead of the state's computer. After "they actually unwittingly uploaded their results to us, we changed them on the fly to however we chose and sent them right on to the state," he said.
Wertheimer believes for security's sake, these machines need to leave some sort of paper trail — and indeed, in some states, like California, there are moves to do just that.
Diebold's software, however, could not be changed in time for Maryland's March 2 primary election, so Wertheimer's team recommended a number of temporary fixes.
He was stunned when Diebold put out a press release proudly proclaiming that "Maryland Security Study Validates Diebold Election Systems Equipment for March Primary."
Are We Being Well SERVE-d?
At the end of January, an advisory panel said the Pentagon's plans to allow U.S. citizens and soldiers to vote via the Internet was unsafe. "Internet voting presents far too many opportunities for hackers or even terrorists to interfere with fair and accurate voting, potentially in ways impossible to detect," said the report about the Secure Electronic Registration and Voting Experiment, or SERVE, co-written by Aviel Rubin of the Information Security Institute at Johns Hopkins University. "Such tampering could alter election results, particularly in close contests."
At the time, Pentagon spokesman Glenn Flood said the SERVE program was going full speed ahead. But by Feb. 5, the Pentagon had scrapped plans for SERVE. Rubin is also critical of the security flaws inherent in systems like Diebold's. In a July 2003 study, his team "found significant security flaws" in Diebold machines. He has had less success convincing state officials of his argument.
For its part, Diebold said "inaccurate information, naivete of the election process and shallow research flawed" Rubin's report.
On Capitol Hill — which set much of this controversy in motion by passing a voting reform act that appropriated millions to the states to upgrade their voting machinery — legislators in the House and Senate have introduced the Voter Confidence and Increased Accessibility Act, requiring elections officials to ensure a voter-verified paper trail for future elections.
But the bills have not exactly taken Capitol Hill by fire. And the House version may require the approval of Rep. Bob Ney, the chairman of the Rules Committee and a Republican from Ohio — where Diebold is headquartered.
Joy Kalfopulos, Alberto Orso, and Anna Grabenstroer contributed to this report.