, The Associated Press 2003-07-25
An electronic voting system used in some states as an alternative to the troublesome punch-card ballots is highly vulnerable to fraud, computer security experts warned in a study released Thursday.The study found "significant security flaws" with the system designed by Diebold Election Systems. The system was vulnerable to unscrupulous voters as well as "insiders such as poll workers, software developers and even janitors," who could cast multiple votes without a trace, the study said.
The system allows ballots to be cast on a 15-inch touchscreen.
The study was the first review of the software by independent researchers.
Avi Rubin of Johns Hopkins University, a lead researcher on the study, said there is no quick fix for the software.
"You would have to start over," he said.
Mike Jacobsen, a spokesman for North Canton, Ohio-based Diebold, declined to comment in detail until company officials had more time to review the study. But he said the company's systems "pass rigorous certification tests at the federal and state governmental levels."
"However, we welcome the opportunity to work with credible organizations, including Johns Hopkins, to continue to improve and strengthen the security of our systems," Jacobsen said.
Jacobsen also said the software analyzed in the study was about a year old, and problems with it may have been fixed.
The researchers were critical of a "smart card" used in the system. An ATM-like card given to each voter is designed to make sure that voter casts only one ballot. But the researchers said a voter could easily bring a specially programmed counterfeit card to the polls and use it to cast multiple votes.
Bogus cards could be made by a 15-year-old computer enthusiast, researchers said.
Rubin said a glaring weakness in the system is a lack of a verifiable audit trail that could be used to double-check voting results.
"I think they need to have paper trails, and I don't think these kinds of machines should be used for voting," he said.
The researchers concluded that the system was vulnerable to a group or foreign government wanting to influence an election, or to poll workers who wanted to alter ballots.
The results are significant as cities and states consider computer screen voting as an alternative to the antiquated systems that caused problems during the 2000 presidential election.
Last year, about 33,000 Diebold voting stations were used in elections in Maryland, Georgia, California and Kansas and other locations, according to the company.
Diebold reached an agreement this month with Maryland to provide up to $55.6 million in voting technology, expanding the use of touch screens from four counties to the rest of the state.
Rubin said he planned to urge state officials not to use the system.
"You guys just bought something that doesn't work," Rubin said he planned to tell Maryland election officials. "Go get a refund."
The findings were based on a July study of the computer code used in the voting system. The code was posted anonymously on the Internet earlier this year.
For the study, three researchers from the Johns Hopkins Information Security Institute and a computer scientist at Rice University analyzed tens of thousands of lines of programming code.
Rebecca Mercuri, an independent consultant who specializes in studying electronic vote tabulation, said the report raises questions about the security of electronic voting systems. But widespread manipulation of the system described in the study was "highly unlikely," she said.
"There would have to be a massive violation, systematically, of a huge amount of protocols, for this to take place," Mercuri said.