How E-Voting Threatens Democracy
By Kim Zetter 02:00 AM Mar. 29, 2004 PT
In January 2003, voting activist Bev Harris was holed up in the basement of her three-story house in Renton, Washington, searching the Internet for an electronic voting machine manual, when she made a startling discovery.
Clicking on a link for a file transfer protocol site belonging to voting machine maker Diebold Election Systems, Harris found about 40,000 unprotected computer files. They included source code for Diebold's AccuVote touch-screen voting machine, program files for its Global Election Management System tabulation software, a Texas voter-registration list with voters' names and addresses, and what appeared to be live vote data from 57 precincts in a 2002 California primary election.
"There was a lot of stuff that shouldn't have been there," Harris said.
The California file was time-stamped 3:31 p.m. on Election Day, indicating that Diebold might have obtained the data during voting. But polling precincts aren't supposed to release votes until after polls close at 8 p.m. So Harris began to wonder if it were possible for the company to extract votes during an election and change them without anyone knowing.
A look at the Diebold tabulation program provided a possible answer.
Harris discovered that she could enter the vote database using Microsoft Access a standard program often bundled with Microsoft Office and change votes without leaving a trace. Diebold hadn't password-protected the file or secured the audit log, so anyone with access to the tabulation program during an election Diebold employees, election staff or even hackers if the county server were connected to a phone line could change votes and alter the log to erase the evidence.
"It was getting scarier and scarier," Harris said. "I was thinking we have an immense problem here that's much bigger than me."
Over the past year, doubts about the accuracy and integrity of e-voting equipment have been growing, thanks to Harris' discovery. Some election officials have called Harris, a 53-year-old mother of five and a self-employed publicist, a wacko, a conspiracy nut and even a threat to democracy for her role in raising the controversy. But day by day, other election officials, secretaries of state, legislators and voters have come to agree with her that something is seriously wrong with electronic voting systems and the companies that make them.
In 2002, Congress passed the Help America Vote Act, or HAVA, which allocated $3.9 billion in matching federal funds to help states upgrade to new e-voting systems. Touted as the answer to the hanging chads in Florida that marred the 2000 presidential election, e-voting machines have been lauded by their makers as faster, more accurate and easier to use than punch-card and lever machines. But election glitches involving the systems paint a different picture, depicting machines that sometimes fail to boot up, fail to record votes or even record them for the wrong candidates. Computer scientists say the machines are also easy to hack.
In addition to glitches, there are concerns about the people behind the machines. A few voting company employees have been implicated in bribery or kickback schemes involving election officials. And there are concerns about the partisan loyalties of voting executives Diebold's chief executive, for example, is a top fund-raiser for President Bush.
Despite all this, many election officials who have purchased the machines for their counties deny the systems' vulnerability to miscounts or rigging and vehemently defend the integrity of the voting companies.
E-voting machines aren't new. They've been around since the 1960s and '70s, when optical-scan and punch-key machines (where a voter chooses candidates with a keyboard) were introduced. Paperless touch-screen machines, also known as Direct Recording Electronic machines, appeared in the '90s. However, they cost about $3,000 each, and few counties opted to buy them until funds became available through HAVA.
According to political consulting firm Election Data Services, about 50 million people in the United States will vote this November using paperless touch-screen voting machines, while 55 million will use optical-scan machines that require voters to use a pen to mark a paper ballot, which an electronic machine then scans.
Both systems have experienced problems in elections. But when optical-scan machines misread ballots or miscalculate votes, election officials can re-scan the ballots or recount them by hand. Touch-screen votes, however, exist only in digital form, so officials can't know if a machine records votes inaccurately. Nor can they correct the problem after the fact if somehow they do discover that a machine has recorded votes inaccurately.
The controversy around e-voting began in September 2002 when Harris read an online article under the provocative headline, "Elections in America: Assume Crooks Are in Control."
Written by environmental activist Lynn Landes, the article was based partly on a 1992 book on election rigging called Votescam: The Stealing of America.
Landes said she realized that the right to vote was useless as long as she had no way of verifying that her vote was recorded accurately.
"When we're using lever machines, touch-screen voting machines or the Internet, we are not voting, the machine is voting," Landes said. "We're inputting our choice and hoping the machine is (recording it) correctly."
She was concerned that voting machines were closed to public scrutiny, and the people who made them were not subject to background checks.
"Felons and foreigners can, and do, own computer voting machine companies," Landes wrote, suggesting that the Russian mafia could be behind U.S. elections and no one would know.
As it turned out, two of the top three companies did have foreign ties. Diebold Election Systems began as a Canadian firm called Global Election Systems before being purchased by Ohio-based Diebold Inc. in January 2002. And Sequoia Voting Systems is owned by two foreign firms 85 percent by De La Rue, a British company, and 15 percent by the Jefferson Smurfit Group of Ireland.
As for criminal activity, a Sequoia regional manager was indicted in Louisiana in 2001 for conspiring to commit money laundering and bribery, although he was never convicted. Philip Foster was accused of facilitating a 10-year kickback scheme between his brother-in-law and an election official involving millions of dollars in overcharges for voting equipment. But while the election official went to jail, Foster, who still works for Sequoia, received immunity for his testimony and is in the process of trying to get the charges expunged from his record.
Sequoia spokesman Alfie Charles said the voting equipment in question wasn't Sequoia equipment, and that "Sequoia has never been under any investigation regarding the situation in Louisiana and absolutely no allegations of improper conduct have been directed at the company."
Tom Eschberger, a vice president for the largest voting firm, Election Systems & Software, or ES&S, was also involved in a bribery and kickback scheme, this one in Arkansas. Former Arkansas Secretary of State Bill McCuen was convicted for his role in the crime, but Eschberger, like Foster, received immunity.
ES&S won't comment on the matter other than to say that Eschberger "wasn't prosecuted."
"I was casting a net out and challenging other people to look at this issue," said Landes, the environmental activist. "If I could find this much disturbing information in a short length of time, what could other people find?"
Harris was not the least bit interested in voting when she read Landes' article. She was a book publicist who promoted titles like They Told Me I Couldn't, a belly dancer's account of sword dancing through Colombia, and Belly Laughs, a collection of tales from belly dancers around the world.
But she was interested in investigations. She once had tracked the moves of an accountant who embezzled $80,000 from her PR business, and she had conducted background research on Bush's Rangers an elite group of fund-raisers for the president for the fun of it.
"I thought, I know how to do this. I'll just go find this stuff out. I literally viewed it as a 20-minute (project)," she said.
So one day on a whim, after completing her publicity calls, Harris typed the words "stock ownership" and the name Election Systems & Software into a search engine and pulled up a slew of articles. Reading the oldest ones first because that's where companies "give information that they haven't yet thought to hide," she uncovered some startling facts.
Up until 1995, Nebraska Sen. Chuck Hagel had been chairman of ES&S (then called American Information Systems) before quitting the company in March of that year two weeks before launching his Senate bid. ES&S, based in Omaha, Nebraska, manufactured the only voting machines used in the state in his election the following year. According to Neil Erickson, Nebraska's deputy secretary of state for elections, the machines counted 85 percent of votes in Hagel's race; the remaining votes were counted by hand.
Hagel, a first-time candidate who had lived out of the state for 20 years, came from behind to win two major upsets in that election: first in the primary race against a fellow Republican, then in the general race against Democrat Ben Nelson, the state's popular former governor. Nelson began the race with a 65 percent to 18 percent lead in the polls, but Hagel won with 56 percent of the vote, becoming the state's first Republican senator since 1972.
Now it was October 2002. Hagel was up for re-election, and Harris discovered that the senator still owned a financial stake in his former firm. Hagel held investments worth between $1 million and $5 million in the McCarthy Group. (Hagel won't reveal the exact size of his investment in the asset-management firm.) The McCarthy Group owns about 25 percent of ES&S, according to Hagel's chief of staff, Lou Ann Linehan. She estimated that Hagel's stake in ES&S amounts to about 1.5 percent.
Hagel disclosed the McCarthy investment in his campaign filings, but he neglected to mention that McCarthy owned part of the company counting his votes. His campaign treasurer, Michael R. McCarthy, was also chairman of the McCarthy Group and a member of ES&S's board of directors.
"That's about all it took," Harris said, expressing surprise that no reporters had bothered to uncover data that took only a few Internet searches to find.
In addition to raising concerns about the integrity of Hagel's election, the information raised concerns for Harris about Hagel's vote in Congress on HAVA. As he prepared for re-election that year, Hagel, along with hundreds of other legislators, passed the bill, which devoted billions of federal dollars to purchasing new voting machines like the ones ES&S made.
Harris thought someone in Nebraska should know about this. So, a month before the November election, she faxed a five-page press release, including supporting documents, to 3,000 journalists around the country, among them editors for Nebraska newspapers and broadcast stations, she said. No one responded.
She wasn't surprised that the Omaha World-Herald, the state's largest newspaper, didn't jump on the story. The Omaha World-Herald Co., the paper's parent company, owns part of ES&S (the newspaper declined to say how much). But the silence from other editors stunned her.
"I thought, 'That's strange, it's right there.' I even circled it (on the documents) for them," she said, noting that as a book publicist she generally had no trouble getting editors to jump at cookbooks about beans.
The Omaha World-Herald wouldn't discuss the paper's coverage of Hagel. But Hagel's staff faxed Wired News a 2,600-word profile of Hagel published in the World-Herald in October 1996 that briefly mentioned in three paragraphs the senator's chairmanship of the voting company. It also noted that World-Herald publisher John Gottschalk was the person who recruited Hagel to the voting company in 1992. The article, however, didn't address the potential conflict-of-interest issue.
"We haven't covered it too much. This is kind of a tricky area," said World-Herald reporter David Kotok, who declined to say more before hanging up.
When Wired News asked World-Herald executive editor Larry King about his paper's coverage of Hagel, he said, "You're hitting me cold with questions about something that happened in 1996. I would never have one of my reporters do that. I'm not going to respond to this." Wired News later e-mailed questions to King but he didn't respond.
Harris posted the information about Hagel to her publicity website, and ES&S sent her a cease-and-desist letter, the first of three that she would receive from voting companies over the next year. The letter, hand-delivered by a courier, warned Harris to retract statements on her website that implicated Hagel in wrongdoing or face a lawsuit.
"That was very frightening," she said. "Especially because it came with a knock on the door. I knew we stood a very good chance of losing everything. (My husband and I) have five college-age kids ... and we had no money for an attorney."
But activism is in Harris' blood. Relatives on her mother's side hosted a stop on the Underground Railroad, she said. And her husband, an African-American from the South, was passionate about the right to vote, long denied to his ancestors.
So Harris contacted a Hagel opponent, Democratic hopeful Charlie Matulka, a construction worker and first-time office seeker, two weeks before he was to square off against incumbent Hagel at the polls.
Matulka sent a letter to the Senate Ethics Committee requesting an investigation into Hagel's finances. But by the time the committee director responded, Hagel had already won the race. The director wrote that Matulka's complaint had no merit.
Three months after the election, Alexander Bolton, a reporter for The Hill, a newspaper covering Capitol Hill, began reporting a story about Hagel's connection to the voting firm. But before the article ran, he got a visit from Linehan, the senator's chief of staff, who was accompanied by "a prominent GOP lawyer." According to Bolton, they asked him "to soften the story or it."
The staff's attempt to influence Bolton's story wasn't unusual. "That's what congressional staffs do," Bolton said. But the interest of the GOP lawyer was different. "That was very unusual," Bolton said. "I've been at The Hill for over four years and that has never happened. It's probably because Hagel has presidential ambitions."
Hagel, a 57-year-old telecommunications millionaire and twice-wounded Vietnam veteran, was on the short list for George W. Bush's running mate in 2000, a slot that ultimately went to fellow Nebraskan Dick Cheney. Hagel and his staff haven't ruled out a possible presidential bid by Hagel in 2008.
They have, however, ruled out Harris' interpretation of events.
"She's misinformed and she misleads," Linehan said, adding that Hagel's employment with ES&S was well-known in Nebraska and was never kept secret. His connection to the McCarthy Group has been on his bio since 1995, she said, and anyone interested could have connected the dots to see that he had a financial interest in the voting company.
She also said that under Federal Election Commission filing rules, which politicians and congressional staffers often complain are murky and open to interpretation, Hagel didn't have to list the McCarthy Group's underlying assets.
"When Hagel ran, he knew there would be questions about what he did and when," Linehan said. "He disclosed everything he was supposed to disclose in 1995. We never did anything wrong. We did not mislead."
Linehan faxed a letter to Wired News from the Senate Ethics Committee dated May 2003, which concluded that Hagel did not violate its rules. However, the committee had changed the way it traditionally interpreted the rules after Hagel's staff met with it to discuss the allegations against the senator. The letter was issued after the rule change.
As for the integrity of Hagel's election, Linehan said polls conducted by the Omaha World-Herald and Gallup days before Hagel's 1996 race showed him and opponent Ben Nelson neck and neck. She also noted that the voting machines used in Nebraska were optical-scan machines with paper ballots. If anyone had questioned the election, officials could have recounted the ballots.
"But nobody ever questioned the results," Linehan said.
Hagel's opponent in the 2002 race, Charlie Matulka, did request a recount, but election officials refused. Matulka wanted the ballots recounted by hand, but officials said that Nebraska law only permitted optical-scan ballots to be rescanned in a recount.
Erickson, Nebraska's deputy secretary of state for elections, said he wasn't concerned about Hagel's connection to the voting company because the state had been using ES&S's machines for half a dozen years before Hagel joined the company.
While potential conflicts of interest are disconcerting, they mean little if voting machines can be trusted to count accurately. So Harris, after investigating Hagel, decided to look for instances where e-voting machines counted inaccurately.
"When I put the four magic words into a search engine voting machine and glitch there was this litany of miscounts," she said.
Harris documented 56 cases in which software flaws were implicated in miscounts and wrote an account of them (PDF) on her website. "I didn't finish (finding cases)," she said. "I just got tired of writing." In Dallas County, Texas, in 1998, for example, ES&S tabulation software failed to count about 44,000 votes that its optical-scan machine had recorded on ballots. In 2000 in Allamakee County, Iowa, 300 ballots fed into an ES&S optical-scan machine produced 4 million votes. The machine broke down repeatedly and flashed absurd numbers throughout the evening, election auditor Bill Roe Jr. told the Chicago Tribune.
"Equipment failures such as this are rare," wrote ES&S spokeswoman Meghan McCormick in an e-mail when asked about the problem. "When they do occur we carefully review each situation and make changes as needed."
Last year in Fairfax County, Virginia, which used machines made by Advanced Voting Solutions, voters in three precincts complained that when they touched the box next to school board member Rita Thompson's name to vote for her, an "X" appeared in the box, but then disappeared. They had to press the box up to five times before their ion took. Thompson lost the election by 1 percent of the vote.
Fairfax election officials had promised voters that the new machines would speed up the reporting of results, but another glitch prevented poll workers from transmitting votes to the county after polls closed, producing one of the slowest counts anyone could remember. Fairfax electoral board secretary Margaret Luca said it was noon the next day before results were in as opposed to 11 p.m. on election night when the county had finished in the past.
"We've just done an electronic Florida," state Sen. Ken Cuccinelli (R-Fairfax) told the Washington Post when it was over. Curiously, Luca gave the voting machines "an A-plus" anyway.
Harris said it concerned her that only large discrepancies seemed to get reported. "You're going to catch it when you know that 5,000 votes are cast and 140,000 are counted," she said. "But what if it's a difference of 500 or 100? Who checks?"
Furthermore, she said, "The word 'glitch' ... sounds benign. Like it's always going to happen. But incorrect software programming means someone needs to be held accountable.... Besides the fact that there were programming errors, they were giving the elections to the wrong people."
In the 2002 general election in Scurry County, Texas, for example, poll workers grew suspicious when two Republican commissioners won landslide victories on ES&S optical-scan machines. When officials recounted the ballots twice by hand, the wins went to their Democratic opponents instead.
The most famous example of election flipping occurred in the hotly contested 2000 presidential election in Florida when the tabulation system for Diebold's optical-scan system subtracted votes from Al Gore's total. While hanging chads distracted the nation, a few people noticed that in a Volusia County precinct where only 412 people voted, a Diebold system actually d votes for Gore, giving him minus 16,022 votes. Bush received 2,813 votes. Some news media had already called the win (PDF, see page 20) for Bush when someone noticed the numbers.
Diebold spokesman David Bear said the problem wasn't the machine but the result of someone uploading a second, faulty memory card to the county server after workers had already uploaded the real precinct results from another card.
"This error was immediately detected, through normal auditing procedures, and the votes were re-tabulated," Bear wrote in an e-mail.
In many stories about voting machine glitches that Harris found, no follow-up news stories explained what went wrong with the machines. Where explanations did occur, officials blamed poll-worker error or "minor programming flaws," with the caveat that the glitches didn't affect the outcome of the election, making them irrelevant.
Election officials, most of whom have no technical background, relied on the vendors' claims that their systems were fine. In many cases, it was usually the vendor who stepped in to fix the machines and provide an explanation to feed reporters. The situation highlighted a concern among critics that election officials had become increasingly dependent on voting companies to run their elections.
In fact, the relationship between vendors and election officials has raised questions about conflicts of interest around the country. Manufacturers vying for million-dollar contracts have sponsored national and state conferences for election officials and courted some officials with expensive meals, cruises and tickets to concerts and sporting events, according to a Los Angeles Times investigation. They also hire former state employees to ease their way through contract negotiations and certification processes.
For example, after she left office, former Florida Secretary of State Sandra Mortham, a one-time running mate of Florida Gov. Jeb Bush, became a lobbyist for both ES&S and the Florida Association of Counties. During that time, the association signed an exclusive endorsement deal with ES&S to earn a commission on any contracts that counties signed with the voting company. Karen Marcus, the association's president when the deal was signed, said Mortham didn't broker the partnership, nor did the association pressure counties to purchase ES&S machines.
In California, where counties are under court order to replace punch-card machines and will likely spend $400 million on new equipment, former Secretary of State Bill Jones praised the virtues of touch-screen voting while in office in 2001, sponsoring a $200 million bond measure to help counties purchase new e-voting machines. Support for the bill, which passed in 2002, was financed by Sequoia and ES&S. Jones became a consultant for Sequoia after leaving office and is now a GOP Senate candidate.
Lou Dedier, who once supervised the certification process for voting systems in California, prompted an ethics investigation when he participated in certification discussions for a competing company after accepting a job with ES&S. In a company press release announcing his new job, Dedier called ES&S machines "by far the best elections systems" he had ever seen.
As Harris began to uncover more information about e-voting glitches, she decided to write a book about the voting companies and their machines. She launched BlackBoxVoting to track the progress of her investigation and contacted several publishers to pitch her idea. But no one wanted to touch it. They all told her voting was boring.
Only David Allen, a North Carolina publisher of comic book titles like Bastard Operator From Hell and My Big Fat Geek Wedding, was interested. It turned out to be a propitious partnership, though, since Allen had a background in systems administration and could answer some of Harris' technical questions. It was Allen who sent her in search of a voting machine manual, which led to the FTP site and the discovery of Diebold's source code.
"I knew that in order to really understand the potential for vote-rigging, we had to know how the systems worked," Allen said.
Diebold had installed the FTP site so that employees around the country could communicate with each other and transfer files. But somehow the company neglected to secure it. Harris wondered how the company could secure the nation's elections if it couldn't secure its own source code.
Ironically, Diebold's parent company was known for its security products. Diebold began as a safe and bank vault maker in Ohio in 1859, and over the years has produced jail cells and security systems. The company developed the system that secures the Hope Diamond at the Smithsonian Institution and recently constructed security vaults to contain the Constitution, Bill of Rights and Declaration of Independence at the National Archives.
Currently one of the largest makers of automatic teller machines, the company entered the voting business in 1999 after purchasing a Brazilian technology firm and winning a $105.5 million contract to supply about 200,000 voting systems to the Brazilian government.
In 2002, Diebold jumped into the lucrative U.S. elections market by acquiring Canada's Global Election Systems and taking over its division in McKinney, Texas, to launch Diebold Election Systems. In 2000, prior to the passage of HAVA, Global Election Systems had reported a profit of just $1.1 million on total revenues of $20.2 million. Last year, Diebold's election division reported an operating profit of about $100 million.
Even as the company's profits were growing, a handful of critics were trying to warn the public about the insecurity of e-voting systems. Their efforts were hampered, however, because none of them had seen the inside of a voting system.
Harris' discovery of Diebold's source code was significant because until then the only people who had seen the workings of a voting system had been forced to sign non-disclosure agreements. Anyone else who criticized the systems could do so only in theory, without seeing the code.
But the burden of Harris' discovery was heavy. The more she uncovered, the more she realized that she didn't have the expertise to sift through the files alone. So she went to Democratic Underground, an online political forum, seeking people who could help out. Suddenly, a community movement was born.
For weeks, about 75 people sifted through the files, including computer programmers who read the software code and lawyers who advised her about election law.
"That's the first time I really felt that I had some kind of support network, other than my husband," she said. "I could hash out ideas and ... everybody had expertise in different things."
As they uncovered more problems with the code and Harris published their results online, the pressure mounted, as did the paranoia. Harris worried that Diebold employees reading Democratic Underground would pose as activists to bait her into revealing information, or into opening password-protected documents that could get her in trouble. Other activists talked cryptically about cut brake lines in their cars or expressed suspicions about having their phone lines tapped.
Harris alternated between feistiness and fear before deciding that she needed to bring in academic experts who could formally analyze the code and weigh in on the security of the system.
She contacted Stanford University computer scientist David Dill, who had served on a California task force on e-voting and launched a nonprofit called VerifiedVoting.org to educate people about the need for a voter-verified paper trail. Dill contacted Avi Rubin, a computer scientist at Johns Hopkins University and director of the university's Information Security Institute.
At 36, Rubin was only eight months into his new job as an assistant professor, but he was hardly unseasoned on the topic of e-voting.
In 1997, the Costa Rican government asked AT&T Labs Research, where Rubin was working, to design an e-voting system. But after Rubin met with them, "they decided we had scared them sufficiently about security and scrapped the whole project," he said.
Rubin was also a panelist for an e-voting feasibility study launched by the National Science Foundation at the request of President Clinton in 2000. And he had just finished teaching a graduate course on e-voting security in which students spent the first weeks of the class designing e-voting systems, then devising ways to break into them.
"No system in the class was unbreakable," Rubin said. "It was really good training for the Diebold thing."
He contacted two grad students, 25-year-old Yoshi Kohno, a University of California at San Diego student who was in Maryland for the summer, and 22-year-old Adam Stubblefield, who was only two years away from completing his Ph.D. at Johns Hopkins.
Stubblefield made a name for himself in 2001 when he and a team of researchers that included Rubin cracked the encryption code used in Wi-Fi networks and exposed the networks' insecurity. The news made headlines and led the industry to revamp the wireless encryption protocol. He was also part of a group that broke the music industry's watermark code, which had been designed to thwart piracy.
Rubin told the students he had a " everything" project. By the time the three convened, Stubblefield had already downloaded the Diebold code and printed it out.
He and Kohno divvied up reams of paper and attacked the code with highlighters and pens. Within half an hour they discovered the first serious flaw.
It was a basic error that students in Cryptography 101 learn never to make: Diebold's programmers had written the key for unscrambling the system's encryption directly into the code. This meant the key would never change, and anyone reading the source code (including anyone who downloaded it from the FTP site) would know it. The same key unlocked the data on every machine. It was the equivalent of a bank assigning the same PIN to every customer's ATM card.
"Oh man, we thought, this is horrible," said Kohno. "We realized that the system was written by novices and we weren't really surprised then by anything else we found."
For two weeks they did little but pore over the code and write their analysis. They talked to no one about what they were doing, fearing that Diebold would try to stop them with a restraining order.
Initially, they thought they might find malicious code in the software that would allow the results of elections to be changed at will. Computer scientists had long contended that anyone with access to a voting system could slip the code in and no one would know.
"We found a system that was so vulnerable in itself that you didn't need to put malicious code into it to rig an election," Kohno said. The system, they concluded, was open to attack from both inside and out.
In July 2003, they released a 23-page report (PDF). "That's when the haggis hit the fire," said Allen, the publisher of Harris' book.
The timing was critical because Rubin's own state, Maryland, had just signed a $56 million contract to purchase Diebold machines. Georgia had used 22,000 of the machines exclusively in its 2002 gubernatorial election, and California was well on its way to purchasing thousands of them.
"There was only a fixed amount of time until the next primaries to get the machines secure," Rubin said.
None of them could have predicted the publicity that ensued. TV crews lined the hall outside Rubin's office, and the three spent the next several days doing nonstop interviews. Rubin went to Capitol Hill to brief congressional staff and then testified before the Maryland legislature. He was named a Baltimorean of the year by Baltimore magazine, even though he'd only moved to the city a year earlier.
David Jefferson, a computer scientist at Lawrence Livermore National Laboratory who served on California's e-voting task force with Stanford computer scientist Dill, called the report "a watershed event" that showed things were "far worse than any of us had ever dreamed."
"It's one thing for a computer scientist to say we know what the security issues are, but you can only go so far without having the hard evidence," Jefferson said. "Avi and his authors were the first to get the hard evidence. I think it was a thunderclap to the security and election communities."
Diebold derided the report as an amateurish "homework assignment" by grad students and said the researchers had examined old code that was never used in an election, a claim that was later disproved. Election officials accused the Johns Hopkins team of courting media attention and recklessly undermining the public's confidence in elections. Rubin said that other critics even sent a letter to the president of Johns Hopkins trying to get him fired.
"We weren't concerned about being refuted," Stubblefield said. "We knew the technical accuracy of what we discovered. (Critics) could try to spin things against us, but in the end truth prevails."
It wasn't the first time someone had found problems with Diebold's system. Doug Jones, a computer scientist at the University of Iowa and a member of Iowa's voting system board of examiners, found the same problems in 1997 when his state was considering buying the systems. Jones was particularly disturbed by the same problem that Kohno and Stubblefield found regarding the encryption key that was coded into the system and was the same for every voting machine. He told Diebold about his finding, but a non-disclosure agreement prevented him from going public.
"I was disappointed to see that the company had done nothing to fix the problems in all of these years," Jones said after reading the Johns Hopkins report. Diebold spokesman Bear said the company fixed the encryption key problem after a second research report came out last September that raised the same concerns raised by Doug Jones and Rubin's group.
"If any of the multitudes of reviewers of our system find any issues we immediately investigate the issues and where appropriate modify the system to address the issues," Bear wrote in an e-mail.
Long before Jones expressed his concerns about the Diebold system, computer scientist Rebecca Mercuri, an e-voting expert and a fellow at Harvard University's Kennedy School of Government, had been warning about the insecurity of e-voting in general ever since her Pennsylvania county contemplated buying e-voting equipment in 1989. She helped convince New York City to abandon a planned $60 million voting contract with Sequoia, but few others, including computer scientists, took her warnings seriously.
Although any voting system is open to fraud, digital machines made it easier to affect vast numbers of votes with little effort, Mercuri said. She was the first to call for voter-verified paper ballots to be used with e-voting machines. The Mercuri Method, as it's now known, would require machines to produce a paper receipt that voters could see, but not touch, to verify that the machine recorded their votes correctly before the receipt is deposited into a secure ballot box. It's a solution that nearly all critics of e-voting are now demanding.
Jefferson, the computer scientist from Lawrence Livermore, admits that he "just didn't get it" for many years, and said Mercuri had been "alone in the wilderness for a long time."
"I think the work that Rebecca and others did before us put the fuel out there. We just provided the spark," Rubin said.
To many e-voting critics, the Rubin report highlighted serious problems with federal certification processes and standards, which they say addressed the functionality of voting systems but not their security.
"If the Diebold system made it through the certification process, then the certification process is really broken," Rubin said. There was no reason to believe that systems made by other vendors were any more secure, he said.
In fact, in a certification report for the Diebold system that Doug Jones read in 1997, an unnamed certifier for Wyle Laboratories called the Diebold system, which was then called the I-Mark Electronic Ballot Station, the best of the lot. "This is the best voting system software we've ever seen," the certifier wrote.
Embarrassed by the Rubin report, Maryland commissioned its own audit of the Diebold system, hoping to dispel concerns about the machines. But that report confirmed that the machines were poorly programmed and "at high risk of compromise."
Six months later, Maryland officials hired a group of researchers from Raba Technologies some of whom were former employees of the National Security Agency to hack into the Diebold systems during a simulated election. Again, they confirmed what the Johns Hopkins researchers had found.
"We could have done anything we wanted to," said William Arbaugh, a University of Maryland assistant professor of computer science and one of the hackers. "We could change the ballots (before the election) or change the votes during the election."
Amazingly, Diebold interpreted the Raba report as positive. Diebold President Bob Urosevich said in a statement that the report confirmed "the accuracy and security of ... our voting systems as they exist today."
Maryland officials seemed to agree. Despite three reports detailing serious security problems, election officials continued to support the voting machines and the vendor.
Linda Lamone, Maryland's chief election official, told reporters her confidence in the system was unshaken because it had passed "the one certification process that matters most an election. The system performed flawlessly and earned the trust of Maryland's election officials and voters."
Karl Aro, director of Maryland's legislative services department, also told a TV station that Raba's damning report was "a validation" that the system was ready for the March primary.
"I couldn't understand why they would be defending this system that was so clearly flawed," Stubblefield said.
Back in San Diego, Kohno's local board of supervisors invited him to speak about the Johns Hopkins team's report. But the county purchased Diebold machines anyway.
"I was very disappointed to see how things played out," Kohno said. "I never pictured myself becoming an activist, but this has motivated me to maybe become one."
Rubin was struck by the different reaction election officials gave another report he helped write. The year before his team's report on Diebold came out, the Pentagon asked him to evaluate its Internet voting project, Secure Electronic Registration and Voting Experiment, or SERVE, designed to help overseas members of the military and their families vote. The report Rubin produced with four other researchers last month led the Pentagon to cancel plans to use the project in this year's elections.
"We decided SERVE was so insecure that we had to write a report to stop it and they stopped it," he said. "But when the Diebold report came out, the states defended the machines more vigorously."
Voting activists felt the voting companies had election officials in their thrall.
"I really see the elections industry like the Wizard of Oz," said California voting activist Joseph Holder. "They sit behind this curtain of secrecy, and dazzle election officials with smoke and mirrors. We have to play the part of Toto and pull back the curtain."
The grass-roots movement really took off when a large stash of Diebold memos were leaked to Wired News and Harris' publisher a month after the Rubin report came out. Harris said an anonymous Diebold employee leaked the data, which included more than 13,000 internal company e-mails written between 1999 and February 2003.
The memos suggested the company knew about security problems with its voting machines but sold them to states anyway. One memo indicated that Diebold knew there was no security on its tabulation software to prevent someone from changing votes and erasing any trace of the activity in the audit log.
Diebold's reaction to the memos only stoked criticism of the company. Diebold won't confirm whether the memos are genuine, but when Harris posted some of them to her website, Diebold sent a cease-and-desist letter accusing her of copyright violations under the Digital Millennium Copyright Act. This prompted half a dozen other people to host the memos on sites in New Zealand, Canada, Italy and the United States, including sites that offered a searchable database of the memos. And after students at Swarthmore College in Pennsylvania also received a cease-and-desist letter, an anti-Diebold campaign launched on the Internet, with dozens of people hosting the memos and dissecting their content on forums and blogs.
The company's reputation declined further when news came out that it had installed uncertified software on Diebold systems in 17 California counties before last year's gubernatorial recall, a violation of the state's election law. A former Diebold employee accused the company of doing the same in Georgia, though Diebold has denied the latter charge.
Harris' reputation has taken some hits as well. While some activists lauded her for her diligence, others compared her to Matt Drudge, an Internet journalist often criticized for publishing rumors along with facts. They criticized her for getting sidetracked by non-issues and being more concerned with sticking it to the voting companies than advancing election reform. In addition, she had falling-outs with several activists and academics.
Regardless of the criticism from e-voting activists, they acknowledged that most of the time Harris got things right. Activists and academics have credited her for finding the Diebold code and launching the movement to examine electronic voting. Without her, they say, the movement to demand a paper trail for digital machines would not have progressed.
As public outrage swelled last December, California Secretary of State Kevin Shelley mandated that all e-voting systems in the state must produce a voter-verified paper trail by July 2006. Nevada, Vermont, Missouri, Washington and West Virginia have announced similar mandates or legislative proposals since then. This month, two California legislators, worried that the 2006 deadline would be too late to preserve the integrity of this year's presidential election, called on Shelley to decertify all touch-screen machines in the state before the November election and to keep them decertified until systems that produce a voter-verified paper trail can be implemented. The state is expected to discuss the certification issue at a two-day public meeting (PDF) in late April.
Rep. Rush Holt (D-New Jersey) introduced a bill that would require a voter-verified paper trail nationwide and force companies to open their software for public inspection. The bill's list of co-sponsors grew from three to 128 over the past year. Fewer than a dozen of the co-sponsors are Republicans. This month Sens. Bob Graham (D-Florida) and Hillary Clinton (D-New York) jointly introduced a companion voting-system bill in the Senate.
"Four reports now have shown enormous, gaping-wide, embarrassing vulnerabilities in the Diebold code. It is now no longer honest to deny that there are fundamental problems," said Jefferson, the Lawrence Livermore computer scientist.
Although there's no evidence that e-voting machines have ever been rigged, the political partisanship of voting company owners has only added to concerns about the systems. Howard Ahmanson Jr., a right-wing Christian fundamentalist millionaire based in California, bankrolled the founders of ES&S. Ahmanson, heir to the Home Savings of America fortune, no longer holds a stake in ES&S.
And there's the famous fund-raising letter from Diebold CEO Walden O'Dell. A member of the Bush's Rangers fund-raising team and a sometime guest at the president's ranch, O'Dell sent a letter to 100 wealthy Republicans last year inviting them to his Ohio home. In the letter he said he was "committed to helping Ohio deliver its electoral votes to the president" in 2004. He had the unfortunate timing of sending the letter while Diebold was in the process of bidding for Ohio's voting-machine contract. The company said O'Dell would be keeping a lower political profile in 2004. (Watch an animated parody of Diebold's Republican connections that appeared on the Web after O'Dell's fund-raising letter came out.)
"I don't think there's any vast right-wing conspiracy to control the vote," said Allen, the publisher of Harris' book. "All I know is that voting fraud in this country has a long tradition. If there's enough money in it and it can be done with a reasonable certainty of getting away with it, it will be done."
Today, Rubin and other scientists, including Doug Jones, are writing a proposal for a $10 million, five-year National Science Foundation grant to study e-voting issues and design a system. If the funding comes through, the group could have a system built by 2006, Rubin said.
This week, the Open Voting Consortium, an international group of researchers, plans to demonstrate a free, open-source voting software that runs on inexpensive PCs. The group recently posted a demo of its ballot software, which took four years of planning, online.
Landes, the environmental activist, said the grass-roots movement to demand a paper trail is just getting started.
"I don't think this issue is going to go away once people understand that our votes are up for grabs and that a single individual can really throw an election nationally," she said.
Jefferson said a growing public awareness of e-voting security would likely be coupled with disenchantment with voting companies, "especially Diebold. Their reputation is right up there with Enron now," he said.
Diebold spokesman Bear said he is not surprised by the debate over e-voting, because any time people don't understand a new technology, they question it until they get used to it. He said Congress passed the Help America Vote Act to provide funds for e-voting because it recognized that there were "problems with accuracy in former forms of voting like punch-card and lever (machines). It was a determination that we could do better and move forward, and e-voting seemed to be the answer to address those problems."
Although Diebold has been the focus of much of the controversy over the last year, Bear said that good things have come from the e-voting debate.
"New ideas on enhancing security have come from it," he said. "I think all of that is healthy for the industry. The discussion ultimately makes for a better system."
Harris, who has continued investigating the voting companies and election glitches over the last year, is certain that research will eventually uncover evidence of actual tampering by public officials or voting companies. There's no evidence of this to date, but Harris feels it's inevitable.
"The material we're learning now is staggering," she said.
Harris said she sympathizes with election officials who have become scapegoats for a situation that is not entirely their fault.
"They were given a bill of goods. They were told to trust the system and it turns out they were not given trustworthy information about it," she said.
But election officials haven't responded in ways that they should. Harris says in the absence of action by the officials, voters will have to do it. She said the next step is the court system. She and other activists are working on several lawsuits that they hope will force officials to act.
"If the courts don't deal with it and the public officials don't deal with it, there will be demonstrations in the streets come fall. Folks want an answer. They're not going to give up," she said. "What we're fighting for is clean voting. Democracy isn't democracy if our vote isn't counted properly."