E-Voting Machines Pose Election Threat, Professor Says

A Princeton professor says computer viruses can easily be installed in an e-voting machine to change vote totals.
The red flag raised by a princeton prof last week about vulnerabilities in electronic voting machines may be no more than a warning about a several-generations-old machine unlikely to be used in any real election. But there were real-world glitches in e-voting systems in last week's primaries. With more than 60 million voters expected to use such systems in this fall's elections, the warnings are all worth taking seriously.

Edward Felten, a professor of computer science and public affairs, raised a minor stir last week by revealing that he and two grad students were able to install a computer virus in a touch-screen e-voting machine. With several months of work, the students created malicious software code programmed to steal votes undetected by modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates.

Once the curtain is pulled, anything can happen

Once the curtain is pulled, anything can happen
The students claim they could install the malicious code on the machine's memory in less than a minute, though it requires picking a lock on a door that covers the machine's memory card and power button and replacing the memory card with an infected one. Once the new memory card was installed, it infected the machine itself.

But the machine Felten tested, a Diebold AccuVote-TS system, is more than two generations old, and Diebold says it's not aware of it being used anywhere in the country. Diebold's newer systems have digitally signed memory cards, and each system includes an audit security tag with an ID number. If the tag appears tampered with, the system isn't used, says Mark Radke, director of marketing at Diebold Electronic Systems.

Felten acknowledges he used an older system but still raises the concern that a determined, intelligent hacker can figure out ways to violate such equipment. "Once you pull the curtain in the voting booth, anything's possible," he says.

In the fall election, 66.6 million voters are expected to use e-voting equipment, consulting firm Election Data Services says. Last week's primaries had their glitches--though most were less high tech or nefarious than Felten envisions. During primary elections in wealthy Montgomery County, Md., election workers didn't get access cards to operate the Diebold voting machines for the county's 238 precincts on time, leaving people to use paper ballots that, in many cases, ran out quickly. Some voters were asked to return later in the day. The mess has county executive Doug Duncan calling for the firings of local elections officials and for a quick investigation by the state board of elections to prevent a November repeat.

As far as preventing tampering, though, the state of Maryland uses a newer version of Diebold's AccuVote-TS system that includes stronger encryption than what Felten used, and the state also takes other safety measures, including conducting criminal background checks on all election workers and limiting who has access to the equipment.

Paper's Not Perfect

Many skeptics contend the best way to protect vote integrity is to back it up with a paper trail, such as systems that let voters verify a paper record of their selections before leaving the voting booth. Some e-voting equipment vendors, including Sequoia Voting Systems, specialize in such voter-verifiable paper trail systems, which are required in 27 states.

But e-voting systems backed up by paper aren't foolproof, either. Ohio's Cuyahoga County recently found that 10% of backup paper records generated by touch-screen voting machines were uncountable, caused mostly by improperly installed paper or paper jams.

"Often, the people volunteering on Election Day aren't as tech-savvy as you or I, and they may not be well-trained," says Michelle Shafer, Sequoia's VP of communications and external affairs. "Elections aren't only about the technology, they're about people and processes." All three--people, processes, and technology--will need to be up to snuff for the 67 million-voter test this fall.

Editor's Choice
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
John Abel, Technical Director, Google Cloud
Cynthia Harvey, Freelance Journalist, InformationWeek
Christopher Gilchrist, Principal Analyst, Forrester
Cynthia Harvey, Freelance Journalist, InformationWeek