July 25, 2003
Electronic voting machines security risk
Diebold Election Systems under attack
By Ellen Messmer
Computer-science researchers from Johns Hopkins University and Rice University are heaping criticism on electronic voting machines built by Diebold Election Systems, based on software code for the machine said to have been posted publicly to the Internet by an activist.
Avi Rubin, technical director of the Information Security Institute at John Hopkins, along with computer science doctoral students Adam Stubblefield and Toshi Kohno, say their research of the code from the Internet shows a voter could find it very easy to trick the Diebold Election Systems into accepting more than one ballot per voter.
Another researcher, Dan Wallach, assistant professor of computer science at Rice University, echoed the findings, which have been issued in a technical report, saying the country needs to have extensive independent security evaluation of all electronic voting machines on the market.
In response, Diebold indicated that the released code was not a current version of the voting machine's software.
"The work we've released is part of a dialog nationally we want to have," said Wallach, who reviewed the findings of the Johns Hopkins team's two-week security evaluation of the Diebold software code that had been posted to the Internet. "My opinion is that the code we looked at is deeply unsuitable for an election."
According to the university researchers, the tens of thousands lines of code for the Diebold Elections Systems voting machine obtained from the Internet had several serious and irremediable flaws.
For one thing, the electronic voting system could be easily exploited by an individual or group intent on tampering with election results. The researchers pointed to the smart card necessary to use the machine to cast a single ballot. The researchers said it would be easy to program a counterfeit card, hide it in a pocket and then use it inside the booth to cast multiple votes."
A 15-year-old computer enthusiast could make these counterfeit cards in a garage and sell them," said Johns Hopkins' Rubin. Rubin has conducted other research in the area that makes him feel high-tech balloting should not be conducted in haste. "People are rushing too quickly to computerize our method of voting before we know how to do it securely," he stated.
Rice's Wallach noted that the Diebold system doesn't use encryption to conceal results and prevent tampering. Wallach added that he has similar concerns about voting machines marketed by Hart-Inter-Civic, but that the firm has rebuffed any overtures to do a security check on the machines without a nondisclosure agreement that would prevent any publicizing of spotted flaws.
The strained interaction between voting machine manufacturers and academic researchers with security expertise was apparent in the criticism of the Diebold code.
The Johns Hopkins researchers decided not to notify Diebold in advance of publicizing their evaluation. Instead, the Johns Hopkins research team deliberately released the findings publicly and discussed it with the media, triggering a response from Diebold.
Kohno said the research group "made a judgment call" that there was a "duty to notify" the public about the perceived flaws in the voting machines to hold the manufacturer of them accountable. For his part, Wallach said he had some worries that the manufacturer might issue a restraining order.
Diebold's official response to the July 23 Johns Hopkins research report was that the company would "reserve judgment on the researchers' fundamental conclusions," and Diebold noted the researchers themselves acknowledged they could not be wholly sure the code was actually from Diebold.
However, Diebold did not deny that the software posted to the Internet was not that of the Diebold electronic voting system, either. The company said, "the software code they evaluated, while sharing similarities to the current code, is outdated and was never used in an actual election. In addition, similar to any of our software products, Diebold Election Systems constantly updates its software to meet certification requirements.
"In this official statement, Diebold said, "It is also important to note that the clinical research focused almost solely on software code, and overlooked the total system of software, hardware, services and poll worker training that have made Diebold electronic voting systems so effective in real-world implementation.
"Maryland recently decided to purchase $55 million worth of the Diebold systems, and they are also used in California and Georgia. Diebold says it has more than 55,000 electronic voting units installed throughout the U.S.
The statement from Diebold said the company found it "unfortunate that the Johns Hopkins researchers did not involve us or the election community in their analysis, including the Federal Election Commission, which sets standards that all election processes must follow." The company claims it welcomes the chance to work with Johns Hopkins.
Ellen Messmer is a senior editor for Network World, an InfoWorld affiliate.