Dare accepted on electronic voting machines

R. A. Hettinga rah at shipwright.com
Sat Aug 23 14:44:50 EDT 2003


[ The Atlanta Journal-Constitution: 8/23/03 ] 

Dare accepted on electronic voting machines 
Programmer says she can crack system 

The Atlanta Journal-Constitution 

In the end, Friday's two-hour discussion of whether computers should be the sole tabulators of Georgia voters' ballots came down to a challenge. 

Roxanne Jekot, a 51-year-old computer program developer from Cumming, said she and a few expert friends could crack Georgia's $54 million touch-screen voting system in a matter of minutes. 

Bring it on, said state election officials. 

"If something can beat the machine, we need to know that," said Brit Williams, a retired Kennesaw State University professor who helped design the state's touch-screen security system. He put the odds of corrupting the software undetected at 1 billion to one. 

The dare was made and accepted at the first of a series of seminars at Kennesaw State sponsored by Secretary of State Cathy Cox to defuse questions about the vulnerability of the statewide system she installed last year. 

Jekot said she could be ready as soon as next week. She said all she wants to do is point out weaknesses so that they can be fixed -- and declares she can put an unauthorized vote anywhere she wants. 

Election officials promised to provide a voting machine, and a computer server into which votes from the machine are fed. 

The November 2002 vote in Georgia went smoothly. But with a federally imposed deadline to revamp the voting systems in all other states now approaching, concern over the corruptibility of computer-based voting has spread across the nation. 

Last month, an associate professor of computer science at Johns Hopkins University released a study billed as the first independent review of electronic voting. It found the Diebold Election Systems used by Georgia to be vulnerable to tampering by unscrupulous voters, poll workers and software developers. 

Election officials in Georgia and other states dismissed it, saying it exaggerated the machines' exposure to hackers. 

Furor over the report was partly defused when the lead researcher acknowledged this week that he failed to disclose that he had stock options in VoteHere, a company that competes with Diebold in the voting-software market, and was a member of VoteHere's technical advisory board. 

But there remains a bill in Congress, introduced by U.S. Rep. Rush Holt (D-N.J.), to require that all voting machines produce a paper ballot that would be used as a back-up system in all elections. In any dispute, paper ballots would become the final arbiter. 

The seminar at KSU was a two-hour argument against the bill. Election officials argued that giving paper ballots the final say in an election would quickly render computer voting useless. 

Moreover, they said, paper ballots can be tampered with more easily than electronic ones, and they're harder to tabulate. 

Representatives from two U.S. senators and three members of Congress attended the seminar, but most of the questions were posed by Jekot, who describes herself as a political independent, and Hugh Esco, political coordinator of the Green Party of Georgia. 

"It's our position that machines are capable of showing whatever machines are programmed to show," Esco said. "I'm not a Luddite. I have a couple computers in the trunk and I know how to use them. But I know that I can't trust them with everything." 

Asked Williams, the computer security expert: "Are you saying there's no such thing as a secure and accurate computer? Do you fly on airplanes?" 

"Actually, I don't," Esco replied. 

R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list