Washington Post: Debating the Bugs of High-Tech Voting

From: Arthur Keller <voting_at_kellers_dot_org>
Date: Tue May 30 2006 - 16:17:43 CDT

http://www.washingtonpost.com/wp-dyn/content/article/2006/05/29/AR2006052900816.html

Debating the Bugs of High-Tech Voting
Test of Software in Machines Renews Security Concerns
By Zachary A. Goldfarb
Special to The Washington Post
Tuesday, May 30, 2006; A15

The already-cantankerous debate over high-tech
voting machines, which have been installed in
great numbers in recent years, is growing more
intense and convoluted as primaries get underway
and the midterm election nears.
A coalition of voting rights activists and
prominent computer scientists argues that some of
the machines are not sufficiently secure against
tampering and could result in disputed elections,
while voting machine vendors and many election
officials say that view is exaggerated.
The latest dispute occurred several weeks ago
after it was discovered at a test in Utah that
someone with a reasonable knowledge of computer
code could gain access to and tamper with the
system software on a popular brand of voting
machine manufactured by Diebold Election Systems.
The developments prompted California and
Pennsylvania to send urgent warnings to counties
that use Diebold's touch-screen voting systems to
take additional steps to secure them.
But the vastly differing assessments of the
severity of the problem offered by computer
scientists, Diebold and election officials made
clear that four years after Congress passed a law
to improve the reliability of elections,
Americans still lack definitive word on whether
the nation's voting machines are secure.
In California, David Jefferson, a computer
scientist at Lawrence Livermore National
Laboratory who consults with the state on its
elections, said he was "stunned when he found
out" about the vulnerability identified in the
Utah test and agreed with the "frequently
expressed opinion that this is the worst
vulnerability that we have ever seen."
But Diebold spokesman David Bear said it was a
"functionality" that company engineers had built
into the voting machines so their software could
be easily updated, and it only becomes an
vulnerability if an unauthorized person gains
unfettered access to the machine, and there are
safeguards against that happening.
State officials tried to strike a middle ground.
"There certainly are potential security
vulnerabilities that have arisen," said Jennifer
Kerns, a spokeswoman for California's secretary
of state. "But you have to be realistic about it:
When you're administrating elections, there's a
very low risk of any" tampering.
By passing the 2002 Help America Vote Act and
spending more than $2 billion to upgrade voting
machines nationwide, Congress hoped to avoid this
kind of exchange. HAVA was a response to the
contested 2000 presidential election in Florida,
which had brought the use of old punch-card
voting machines into focus.
The newer technology, such as touch-screen and
optical scan systems, held the promise of making
voting more secure, transparent and accessible.
But as the new technology was implemented, voting
rights activists raised questions about whether
vendors had paid enough attention to security.
Activists pushed for the use of technology that
still provided a paper record.
Many of the criticisms of voting technology were
originally dismissed as exaggerations promulgated
by partisans displeased with election results.
But the criticisms have been viewed with
increasing gravity as prominent computer
scientists have rallied behind them. Although it
has not been shown that an election was
compromised by a security flaw, several elections
since 2000, including in this year's primaries,
have experienced problems with the technology
that have delayed results.
The federal Election Assistance Commission, which
was created to help states implement HAVA's
wide-ranging requirements, says it is in the
midst of strengthening the process of federal
certification for election systems. States and
localities also have their own procedures.
But voter groups have been unimpressed. They have
pursued legal action to try to stop states from
using the equipment, including in Arizona,
California and New Mexico. Activists are also
considering suits in Colorado, Florida, Missouri
and Pennsylvania.
Unlike many colleagues in his field, Michael I.
Shamos, a computer science professor at Carnegie
Mellon University who has worked on election
issues for about 20 years, has not generally been
seen as a friend of the activists.
In 2004, they assailed Maryland's decision to buy
Diebold touch-screen machines and asked a court
to stop the state from using them. Shamos
testified that with a few additional steps, the
machines could be used without problem, and the
court agreed.
Now, Shamos wonders. He is confident in his
testimony and believes most security holes can be
plugged. But he wonders whether Diebold cares
enough about security and the sanctity of
elections.
"There's a broader philosophical question that's
been worrying me more and more lately," Shamos
said. "What are these companies really doing?
They don't seem to have embraced the seriousness
with which people in this country take their
elections. It's been kind of an adversarial thing
where companies want to make profits, and they
just haven't spent enough time and energy
designing secure systems."
Bear says that is not true, and he repeats a
frequent refrain about why the security concerns
are overblown: "It's based on the premise that
you have some nefarious or evil election official
that's willing to commit a felony and break the
law."
To which Shamos responds: "You don't want the
success or failure of an election to be based on
the individual."
2006 The Washington Post Company

-- 
-------------------------------------------------------------------------------
Arthur M. Keller, Ph.D., 3881 Corina Way, Palo Alto, CA  94303-4507
tel +1(650)424-0202, fax +1(650)424-0424

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss

==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Wed May 31 23:17:07 2006

This archive was generated by hypermail 2.1.8 : Wed May 31 2006 - 23:17:07 CDT