News
News
9/15/2006
03:30 PM
Connect Directly
RSS
E-Mail
50%
50%

E-Voting Machines Pose Election Threat, Professor Says

A Princeton professor says computer viruses can easily be installed in an e-voting machine to change vote totals.

The red flag raised by a princeton prof last week about vulnerabilities in electronic voting machines may be no more than a warning about a several-generations-old machine unlikely to be used in any real election. But there were real-world glitches in e-voting systems in last week's primaries. With more than 60 million voters expected to use such systems in this fall's elections, the warnings are all worth taking seriously.

Edward Felten, a professor of computer science and public affairs, raised a minor stir last week by revealing that he and two grad students were able to install a computer virus in a touch-screen e-voting machine. With several months of work, the students created malicious software code programmed to steal votes undetected by modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates.


Once the curtain is pulled, anything can happen

Once the curtain is pulled, anything can happen
The students claim they could install the malicious code on the machine's memory in less than a minute, though it requires picking a lock on a door that covers the machine's memory card and power button and replacing the memory card with an infected one. Once the new memory card was installed, it infected the machine itself.

But the machine Felten tested, a Diebold AccuVote-TS system, is more than two generations old, and Diebold says it's not aware of it being used anywhere in the country. Diebold's newer systems have digitally signed memory cards, and each system includes an audit security tag with an ID number. If the tag appears tampered with, the system isn't used, says Mark Radke, director of marketing at Diebold Electronic Systems.

Felten acknowledges he used an older system but still raises the concern that a determined, intelligent hacker can figure out ways to violate such equipment. "Once you pull the curtain in the voting booth, anything's possible," he says.

In the fall election, 66.6 million voters are expected to use e-voting equipment, consulting firm Election Data Services says. Last week's primaries had their glitches--though most were less high tech or nefarious than Felten envisions. During primary elections in wealthy Montgomery County, Md., election workers didn't get access cards to operate the Diebold voting machines for the county's 238 precincts on time, leaving people to use paper ballots that, in many cases, ran out quickly. Some voters were asked to return later in the day. The mess has county executive Doug Duncan calling for the firings of local elections officials and for a quick investigation by the state board of elections to prevent a November repeat.

As far as preventing tampering, though, the state of Maryland uses a newer version of Diebold's AccuVote-TS system that includes stronger encryption than what Felten used, and the state also takes other safety measures, including conducting criminal background checks on all election workers and limiting who has access to the equipment.

Paper's Not Perfect

Many skeptics contend the best way to protect vote integrity is to back it up with a paper trail, such as systems that let voters verify a paper record of their selections before leaving the voting booth. Some e-voting equipment vendors, including Sequoia Voting Systems, specialize in such voter-verifiable paper trail systems, which are required in 27 states.

But e-voting systems backed up by paper aren't foolproof, either. Ohio's Cuyahoga County recently found that 10% of backup paper records generated by touch-screen voting machines were uncountable, caused mostly by improperly installed paper or paper jams.

"Often, the people volunteering on Election Day aren't as tech-savvy as you or I, and they may not be well-trained," says Michelle Shafer, Sequoia's VP of communications and external affairs. "Elections aren't only about the technology, they're about people and processes." All three--people, processes, and technology--will need to be up to snuff for the 67 million-voter test this fall.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
The weekly wrap-up of the top stories from InformationWeek.com this week.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.