Digg this story   Add to del.icio.us  
Scientists say unreliable software exposes California recall to fraud
Rachel Konrad, The Associated Press 2003-08-14

As if California officials don't have enough to worry about ahead of the bewildering gubernatorial recall vote Oct. 7, computer scientists say shoddy balloting software could bungle the results and expose the election to fraud.

Their worst-case scenario is the accidental deletion or malicious falsification of ballots from the 1.42 million Californians who could vote on electronic touch-screen machines. These voters comprise 9.3 percent of the state's 15.3 million registered voters.

The software experts also warn that, if any candidate contests the election, a meaningful recount would prove impossible because four counties -- including two of the largest _ don't provide paper backups to the electronic machines. The other counties still use punch-card machines, optical scanners or other systems that provide physical evidence of votes.

"We should put in the safeguards as soon as possible -- especially in an election that's going to be so complicated and difficult," said David Dill, a computer science professor at Stanford University.

The campaign to get printers and paper receipts included with electronic voting machines gained momentum in July, when a team from Johns Hopkins and Rice universities issued a report criticizing the 33,000 electronic machines already in use nationally that are made by Diebold Election Systems.

Diebold, based in North Canton, Ohio, produced a 27-page rebuttal, accusing researchers of a "multitude of false conclusions." Dozens of elections officials have vouched for the security of Diebold systems since the July 23 report.

Given the prevalence of computerized systems, the criticism is irresponsible, said Mischelle Townsend, registrar of voters in Riverside County, which has 4,250 touch-screens for 650,000 voters.

"The scientists are undermining people's confidence in democracy," Townsend said. "None of the critics is giving any credence to the extensive system of checks and balances that we employ internally."

But even some advocates of electronic voting, including the Leadership Conference on Civil Rights, are backing off their praise in the study's wake. And in Maryland, which has plans to buy $55.6 million worth of Diebold machines, the governor commissioned a private consultant to investigate possible security flaws.

A team led by Avi Rubin, technical director of the Information Security Institute at Johns Hopkins, examined the machines' source code, which a Diebold worker anonymously published on the Internet earlier this year. His conclusion: Any clever 15-year-old could rig Diebold's system, which is based on Microsoft Windows, and vote multiple times.

Rubin also found that "1111" was Diebold's default password identification number for microchip-embedded "smartcards" that voting administrators used -- a simple PIN that any hacker might try before moving onto more sophisticated attacks. Rubin added that the lack of a paper trail would make a legitimate re-count impossible.

Silicon Valley scientists say California's convoluted recall election, with 135 candidates on the ballot, could bolster their argument.

Peter G. Neumann, principal scientist at SRI International in Menlo Park, said touchscreens require voters to scroll through more than a dozen screens to look at all candidates. He questioned why such systems lack a search command and said it was "ridiculous" that voting machines in Riverside, Alameda, Plumas and Shasta counties -- principally made by Diebold and Sequoia Voting Systems -- would leave no paper trail.

Vendors and elections officials in California say no system is perfect.

A survey by CalTech and MIT found 6 percent of votes cast nationwide in the 2000 presidential election may not have been counted because of problems with antiquated systems. Punch-card machines -- which will be used by 44 percent of California voters on Oct. 7 -- are the subject of a federal challenge to the election by the American Civil Liberties Union, which says they have twice the error rate of other systems.

Brian O'Connor, vice president of sales for Oakland-based Sequoia, said computerized systems, which allow ballots to be updated until just before polls open, are more flexible and cost-efficient than mechanical systems.

"What do you do when a candidate dies or pulls out of race couple days before the election?" O'Connor asked. "In a computerized system, you can make that change on the fly."

    Digg this story   Add to del.icio.us  
Comments Mode:


Privacy Statement
Copyright 2010, SecurityFocus