- The Washington Times - Thursday, July 24, 2003

BALTIMORE — An electronic voting system used in some states and marketed across the nation is so flawed that it could be manipulated easily, computer security researchers concluded in a study released yesterday.

The study found “significant security flaws” with the system designed by Diebold Election Systems. The system was vulnerable to unscrupulous voters, as well as “insiders such as poll workers, software developers and even janitors,” who could cast multiple votes without a trace, the study reported.

The system allows ballots to be cast on a 15-inch touch-screen monitor.

“I don’t think it can be done right now this way,” said Avi Rubin of Johns Hopkins University, a lead researcher on the study, which was the first review of the software by independent computer security researchers.

Mike Jacobsen, a spokesman for the North Canton, Ohio-based company, declined to comment in detail about the study until company officials had more time to review it. But he said the company’s systems “pass rigorous certification tests at the federal and state governmental levels.”

“However, we welcome the opportunity to work with credible organizations, including Johns Hopkins, to continue to improve and strengthen the security of our systems,” Mr. Jacobsen said.

Mr. Jacobsen also said the software analyzed in the study was about a year old, and problems with it may have been fixed.

But Mr. Rubin said a secure electronic system would require a different methodology and there was no quick fix for the current software.

“You would have to start over,” he said.

Rebecca Mercuri, an independent consultant who specializes in studying electronic vote tabulation, said the report raises questions about the security of electronic voting systems. But widespread manipulation of the system described in the study was “highly unlikely,” she said.

“There would have to be a massive violation, systematically, of a huge amount of protocols, for this to take place,” Miss Mercuri said.

Mr. Rubin said a glaring weakness in the system is a lack of a verifiable audit trail that could be used to double-check voting results. “I think they need to have paper trails, and I don’t think these kinds of machines should be used for voting,” he said.

The study also concluded the system was vulnerable to a group or foreign government wanting to influence an election.

The findings were based on a July study of the computer code used in the voting system. The code was posted anonymously on the Internet.

The results are significant, Mr. Rubin said, as cities and states consider computer-screen voting as an alternative to punch-card ballots that governments decided to replace after problems during the 2000 presidential election.

Last year, about 33,000 Diebold voting stations were used in elections in Maryland, Georgia, California and Kansas and other locations.

Diebold reached an agreement this month with Maryland to provide up to $55.6 million in voting technology, expanding the use of touch screens from four counties to the rest of the state.

Mr. Rubin said he planned to urge state officials not to use the system.

“You guys just bought something that doesn’t work,” Mr. Rubin said he planned to tell Maryland election officials. “Go get a refund.”

For the study, three researchers from the Johns Hopkins Information Security Institute and a computer scientist at Rice University analyzed tens of thousands of lines of programming code.

The researchers were critical of a “smart card” used in the system. The card, similar to those used in automated teller machines, is designed to make sure that voter casts only one ballot. But the researchers said a voter easily could bring a specially programmed counterfeit card to the polls and use it to cast multiple votes.

Bogus cards could be made by a 15-year-old computer enthusiast and sold for various amounts of money depending on the number of votes it would enable a person to cast, researchers said.

The system also was susceptible to poll workers who wanted to alter ballots, the study concluded.

Copyright © 2018 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times is switching its third-party commenting system from Disqus to Spot.IM. You will need to either create an account with Spot.im or if you wish to use your Disqus account look under the Conversation for the link "Have a Disqus Account?". Please read our Comment Policy before commenting.

 

Click to Read More and View Comments

Click to Hide