The Right Touch

R. A. Hettinga rah at shipwright.com
Fri Sep 26 17:56:29 EDT 2003 

<http://www.forbes.com/forbes/2003/1013/050_print.html>

Forbes




OutFront 
The Right Touch 
Elizabeth Corcoran, 10.13.03 


We're spending billions for new voting machines that may not be any better than punch cards 
Three weeks before California was set to vote on Governor Gray Davis' recall, a federal appeals court postponed the election because of worries about flawed punch-card voting systems. The technology that could replace it may not be any better. 

Touch-screen voting systems, which look like automated teller machines, are easy to use, but they make recounts next to impossible--because, unlike ATMs, they produce no independent paper trail. That worries experts who insist they can be hacked, just like any computer. "It's very, very hard to make these machines secure," says David Dill, a computer science professor at Stanford who has studied computer voting. 

The companies that make the new voting systems are steaming at these accusations. "They're suggesting something magically happens between what you see on the screen and what's stored in the machine,"says Thomas Swidarski, president of Diebold Election Systems. 

Voting technology became big business following Florida's swinging-chad fiasco in 2000. Last year Congress voted to dish out $3.8 billion to the states to upgrade voting booths and train poll workers. The dollars are going to a handful of firms, including Diebold, Sequoia Voting Systems and Election Systems & Software. Diebold, the $2 billion (revenues) maker of safes and automated teller machines, has placed 47,000 voting machines, which cost as much as $3,500 apiece, in Georgia, Maryland, California, Virginia, Texas and Indiana. Ohio is reviewing a half-dozen bids to equip 11,614 precincts. One-third of California voters are supposed to be using touch screens to vote in March (most of the rest will be optically scanned). A state commission is still reviewing whether to recommend adding receipts to the machines. 

Touch-screen voting machines don't have keyboards, Internet connections or even ports that hackers could exploit. Votes are stored in duplicate, in a removable card locked inside the voting machine and in built-in semiconductor memory. The only way in is through the smart cards handed out at the polls. The system is supposed to be idiot-proof--voters cannot pick too many candidates. 

But what about security? In late July Johns Hopkins computer scientist Avi D. Rubin released a paper criticizing computer code discovered on the Internet that was an excerpt of the programming in Diebold's touch-screen machines. Rubin argued the cryptographic protection was so poor that a hacker could easily make illegal smart cards and register multiple votes. The paper prompted Maryland to delay awarding a $56 million contract for 11,000 machines to Diebold. 

Diebold countered that the code was out of date and out of context. Election workers, for instance, help combat fraud by taking precautions such as matching the number of card users to the votes registered. Diebold also issued a press release outing Rubin as an adviser to an Internet election technology company, VoteHere. He has since quit. 

But Diebold earned itself a black eye when its chairman, Walden O'Dell, sent a fundraising letter in August to Ohio Republicans, pledging that he is "committed to helping Ohio deliver its electoral votes to the president next year." 

Accidents happen. Officials in Florida's Miami-Dade County are weighing the cost and benefits of retrofitting 7,200 voting machines with printers after voters there had trouble with touch-screen systems built by ES&Sfor the 2002 elections. Some voters reported that the machines registered a vote for a different candidate than the one they picked. 

Undetectable problems worry computer scientists even more. "Software could shape the outcome of a surprise election--and we'll never know," says Dill. 



Sidebars 
Stacking The Deck 
-



-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list