[E-voting] Verified Voting Special Newsletter

Catherine Ansbro cansbro at eircom.net
Thu May 18 21:49:23 IST 2006

*Verified Voting Special Newsletter*



May 16, 2006

Latest Security Vulnerability in Paperless Electronic Voting
Underscores Urgent Need for Paper Trail; Auditing

A critical security vulnerability has been brought to light in Diebold 
touch screen voting machines, just as several primaries are about to occur.

In a May 12th New York Times article 
<http://www.nytimes.com/2006/05/12/us/12vote.html%29,> Avi Rubin, a 
Professor at Johns Hopkins and Verified Voting advisory board member, 
said “I almost had a heart attack” when he understood the nature of the 
problem. Michael Shamos, a computer scientist and voting system examiner 
in Pennsylvania, was quoted in the same article, "It's the most severe 
security flaw ever discovered in a voting system." Indeed, several 
experts have urged that the technical details of the problem not be 
discussed because it is so easy to exploit. Such recommendations are 
extraordinary, coming from a community that values openness and 
transparency on computer security issues.

According to the report (available in redacted version at 
www.blackboxvoting.org) by computer expert Harri Hursti, the machines 
have insufficient protection to prevent malicious firmware from being 
installed. If bad firmware were installed, it would be difficult to 
detect, and it might be difficult to install new “clean” firmware. A 
wide variety of poll workers, shippers, technicians and so on, have 
physical access to voting machines at various times; any of these people 
might be able to use that access to install bad firmware.

Shockingly, news of the security flaw was topped off on Monday with news 
that both Diebold and the State of Maryland have been aware of the 
security vulnerability for at least two years.

Further adding to the scandal is the fact that the backdoor (or doors) 
were designed into the machines intentionally, against accepted design 
practice and, indeed, simple common sense, as Diebold spokesman David 
Bear admits in the same New York Times article. He goes on to say, “For 
there to be a problem here, you're basically assuming a premise where 
you have some evil and nefarious election officials who would sneak in 
and introduce a piece of software,” he said. “I don't believe these evil 
elections people exist.”

Diebold's confidence in election officials is heartwarming. But what 
really matters is the confidence of the voting public. What are these 
same election officials to do when disgruntled candidates question the 
results of their elections? They can’t point to federal and state 
safeguards, which completely overlooked this glaring problem. In most 
places using Diebold touch screen machines, there will be no 
voter-verified paper records to recount. In those jurisdictions in 
particular, Diebold has left election officials with no method to defend 
themselves or their elections when questions arise.

It is easy for people to learn the wrong lesson from this incident: that 
we need more stringent computer security. More stringent security is 
desirable (depending on how much it costs), but won’t solve the real 
problem. The cause of the real problem is the use of paperless 
electronic voting, which is fatally flawed as a concept. Modern computer 
systems cannot be made sufficiently secure to handle all-electronic 
voting with secret ballots. Mistakes or tampering at any level, from the 
software to the circuits in the chips can change electronic votes, 

This incident is just one of many, involving products from many 
different manufacturers. It won’t be the last. Indeed, such problems 
will never end as long as paperless electronic voting is in place.

Suppose we had the best possible practices, such as thorough background 
checks of the ownership, management, and employees of vendors, 
meticulous and intrusive reviews of the design and manufacture of the 
equipment by truly independent experts, and so on – the kinds of 
measures used for regulation of gambling equipment. Even these measures 
would not eliminate programming errors and security holes. Even in a 
best-case scenario, there will always be people who can “hack” the 
machines (including the programmers who write the code in the first 
place). Voters will never know whether their votes were recorded and 
counted accurately.

Given the current state of technology, elections cannot be trustworthy 
unless there are voter-verified paper records of the votes and a 
significant portion of those paper records are manually counted to check 
the machine counts. We can’t guarantee that machines will always 
function correctly, but each voter can make sure that his or her vote 
has been correctly recorded on paper (preferably by the voter’s own hand).

Fortunately, twenty-seven states with over fifty percent of the U.S. 
population require voter-verified paper records. Some counties in those 
states may use the Diebold touch screen machines with “paper trail” 
printers. If they must use the machines, we would urge them in the 
strongest terms to be especially diligent in protecting and auditing 
those paper records – including manually counting more than the minimum 
number required by law.

Every jurisdiction with voter-verified paper records (paper ballots or 
paper audit trail printouts verified by the voter) should publicly carry 
out a manual audit, after the initial vote count is reported, with 
random selection of the areas to be counted. Voters should encourage 
their election officials to carry out such an audit – regardless of 
whether it is required by law in their state – in order to check the 
voting system for accuracy. Currently, more than twice as many 
jurisdictions offer voter-verified paper records than there are 
jurisdictions that require audits.

Whatever you do, don’t let these problems discourage you from voting. If 
you don’t vote, you can be sure that your vote won’t count. Instead, 
contact your elected officials and the candidates and make sure they 
understand that paperless electronic voting must be replaced with 
systems that provide a voter-verified paper record that is manually 
audited – our democracy depends upon it.


Verified Voting Foundation
1550 Bryant St., Suite 855
San Francisco, CA 94103
415-487-2255 telephone
info at verifiedvoting.org

The Verified Voting Foundation is a 501(c)(3) nonprofit corporation; 
your contributions to the Foundation are tax-deductible to the extent 
provided by U.S. tax law. To donate online, visit 
http://verifiedvoting.org/donate --or if you prefer to mail a check, 
please send to Verified Voting at the address shown above.

More information about the E-voting mailing list