From The New Standard via truthout.org :
More E-Voting Concerns Surface With State Primaries Underway
By Catherine Komp
The NewStandard
Saturday 17 June 2006
With another election season around the corner, activists are concerned that electronic voting machines supplied by a handful of American corporations are bug-ridden and easily tampered with, but the road to redress is rough and windy.
From serious security flaws that could allow hackers easy access to electronic voting systems, to routine computer malfunctions and undelivered software, state and local officials are one-by-one joining voter-access groups and computer scientists in questioning the reliability of the three major suppliers of electronic voting machines.
The latest security flaw to be uncovered affects thousands of Diebold touch-screen voting machines across the country. Computer scientist Michael Shamos, a professor at Carnegie Mellon University and one of the examiners that tested several companies' machines in Pennsylvania, described the defect as a "misfeature" originally designed by Diebold to let field technicians update machine software quickly.
But, he said, it also would permit someone to upload their own software onto a voting machine with the aim of tampering with election results. Shamos said the problem is the "biggest we've ever seen."
Pennsylvania's primary was Tuesday and Shamos said he would be at the polls monitoring the electronic tabulations.
Last week, voter-access group Black Box Voting (BBV) released the report of Finnish computer scientist Harri Hursti, who discovered the "back door" into Diebold touch-screen systems earlier this spring when examining machines in Emery County, Utah. Bruce Funk, an Emery County clerk of 23 years, had sought independent analysis of his county's machines after he discovered numerous problems and was unsatisfied with Diebold's response.
While this newly exposed security flaw is serious, Shamos said he is not at all surprised because Diebold has "a history of not paying attention to security."
"They just don't get it," Shamos told The NewStandard. "We've had many, many, many discussions. In fact, if you look at their public statements they've made in light of this revelation, it shows that they still don't get it."
While Diebold admits the system is faulty, the company is emphasizing that a human element is needed to compromise an election. Though TNS could not reach Diebold for an interview, spokesperson David Bear told the New York Times: "For there to be a problem here, you're basically assuming a premise where you have some evil and nefarious election officials who would sneak in and introduce a piece of software. I don't believe these evil elections people exist."
Shamos said the long-term fix is to force Diebold to overhaul its machines to make them more secure.
Upon the urgings of Shamos and other machine examiners, the Pennsylvania elections officials directed precincts to minimize security breaches by locking up machines until Election Day. Though these machines are used in numerous states, only California and Iowa, in addition to Pennsylvania, have addressed the problem. Some officials are implementing new administrative rules to compensate for the flaw, for example increasing security where machines are stored and reinstalling software immediately before the election.
John Hedgecoth, deputy secretary of state in Iowa, told TNS his office instructed elections officials in the state's 99 counties to upload a final version of the software into their machines just before Election Day and then seal the machine with the memory card in it. "So we are controlling both the software in the field with a final version that is decided upon by our elections division, and then we're securing the memory card against tampering on Election Day," he said.
Hedgecoth says the industry could be making better machines that are less vulnerable, but he does not believe governments are letting companies off the hook. "Asking a vendor to provide a system that is not susceptible to any conceivable technological attack is unrealistic and we have to recognize that, and I think those of us who work on the government side of this understand that," Hedgecoth said.
Some government officials have concerns other than just the poor construction of electronic voting machines. In preparation for West Virginia's primary earlier this month, Election Systems & Software (ES&S) failed to meet its deadline for delivering "programmable ballots" needed to administer the election in all 55 counties. According to Ben Beakes, chief of staff for Secretary of State Betty Ireland, six counties were not able to use the electronic machines they purchased because they could not test their machines before the May 9 election.
"It created an undue stress and anxiety on the clerks and county election officials throughout the state," Beakes said. "We venture to say that this was the toughest election to prepare for in many years… due to the fact that most counties were not able to adequately prepare and familiarize themselves with the new equipment used in the primary election."
In a complaint filed with the US Election Assistance Commission (EAC), Secretary Ireland accuses ES&S of "vast delays" and "broken promises." She also said the problems are not restricted to West Virginia. Acknowledging that the EAC "probably has no authority to investigate and penalize" the company, Ireland wrote that she has also contacted the state attorney general and the US Justice Department.
Sources interviewed by TNS for this story could not say who exactly is responsible for investigating e-voting companies when there are problems. Because each state has individualized contracts with the manufacturers, officials would likely need to address breaches of that contract with the state attorney general.
Some voters in Arizona, where primaries are not scheduled until September, are hoping a lawsuit will prevent the problems they are seeing in other states. Four plaintiffs have filed suit against Secretary of State Jan Brewer and numerous county officials to stop the implementation of touch-screen machines produced by Diebold and Sequoia Voting Systems, saying the state is wasting millions of dollars on machines that "are not trustworthy or transparent."
The lawsuit claims that both Diebold and Sequoia machines fail to meet state and federal regulations, including disability access standards and state certification. It also argues that despite federal Voluntary Voting System Standards which prohibit the use of "interpretable code" - a type of code that lead to the successful hacking tests conducted by Hursti - and despite knowing about the vulnerabilities of this code, Diebold has failed to change its voting systems.
The lawsuit was filed with the help of Voter Action, a nonprofit voting-access advocacy group, on the heels of similar suits in California, New York and New Mexico brought by the organization on behalf of voters. It cites problems with unusually high numbers of "undervotes" - cases in which a ballot does not record a vote - in the 2004 New Mexico elections on ballots supposedly cast on DRE machines. It also lists lost votes, switched votes and "phantom votes" as serious concerns documented during the same election in New Mexico.
Plaintiffs in Arizona want the state to drop the use of all touch-screen machines in favor of paper ballots that can be scanned and tabulated electronically, as was mandated by neighboring New Mexico's legislature. On the other side of the country, Maryland Governor Robert L. Ehrlich Jr., along with the entire Maryland House of Delegates, wants to suspend using the Diebold machines on which the state spent $90 million. Maryland's senate, however, failed to vote on the measure.
Holly Jacobson, co-director of Voter Action, believes paper balloting is the only verifiable way to ensure elections are accurate. In a press statement she said, "Our elections are too important to turn over to private corporations operating with no accountability and to electronic voting systems with a history of errors and security problems."
Wrap...
No comments:
Post a Comment