|
|
||
|
|
Prescription
for Disaster:
Frightening Flaws In
America's New Electronic Voting Machines
By Robert E. Martin
Thus far 37 States
have given the green light to new electronic voting machines
manufactured my three major companies that have strong ties to wealthy
Republicans, despite the fact that the machines have proven to insecure,
glitch prone, and open to hackers. Perhaps most disturbing, however, is that
in the race to correct the 2000 Florida Presidential debacle, legislators
may have opened themselves to creating a nightmare of epic proportions in
any democracy - untraceable election fraud.
Much of the research for this
piece came from an excellent and lengthy article in the current edition of
Vanity Fair by Michael Shnayerson that in turn led me to an
extensive search on the Internet that revealed dozens of articles and
hundreds of memos from software engineers that have been working and
developing the new machines.
In essence, this is a tale of
good intentions that became misdirected, of Congress being misled into
thinking the machines were ready when they were not, of election officials
wined & dined into favoring one brand of machine over another, and of
$3.9 billion showered on states throughout the union to purchase the
machines.
Background & Problems From the historical data archived on the Internet, for over a decade software designers have been working on developing DREs - direct recording election systems - that might replace numerous paper ballot systems and cumbersome lever machines. Overnight, the 2000-election chaos made them hot commodities.
Reformers & developers
pitched the idea of chad-free elections to Congress and on their promises
passed the Help America Vote Act on October 29, 2002, with its
altruistic vision of quick & secure voting in every polling place in
America.
However, several of the
scientists working on the machines became concerned about complex security
issues surrounding the technology, so they began voicing concerns to
journalists.
One journalist in particular,
however, Bev Harris, started examining the coverage of elections
throughout the U.S. where DRE's had been used and found what she felt was a
disturbing pattern of Republican upsets, as well as cases in which certain
brands of the machines had malfunctioned. While miscounts often occur in
elections, with the DRE's there was no paper trail employed to set the
counts correctly. And in the midterm elections of November 2002, the problem
seemed to spread.
One of the first states to
move to DRE's was the state of Georgia, which placed a $54 million order
for 22,000 new voting machines, the biggest single voting machine purchase
ever. For Harris, key Senate races aroused the most suspicion. In Georgia,
which became the first state to replace all its voting machines with DRE's,
tracking polls put Democratic incumbent Max Cleland five points ahead
of his Republican challenger, Saxby Chambliss, two days before the
election. Yet Chambliss won by 7 percent; a 12 point shift in 48
hours.
In Minnesota, Democrat
Walter Mondale also led in two of three polls on Election Day 2002, yet
Republican Norm Coleman ended up winning by 3 percent.
In Colorado, where DRE's were
mixed with optical scan systems, where polls showed a neck-to-neck race,
Republican Wayne Allard ended up winning by 5 percent.
With these outcomes the Senate majority tipped from one party to the other, shifting all committee chairmanships, with their power to set the nation's political agenda, into Republican hands.
Following this coincidental
trend, Harris started researching all she could on the Diebold
company, the vendor that sold the huge contract to Georgia. In the prior
year Diebold had acquired Global Election Systems (GES) and when she
did a Google search she accessed a website that contained an FTP link (file
transfer protocal) which is a leading system for sharing information on the
Internet.
This led her to a stunning
discovery - a large mass of program files used by Diebold to tie the
machines together and make them work properly. However, one folder was
called - strangely enough, "rob-georgia".
In her book Black Box
Voting: Ballot-Tampering in the 21st Century, Harris recounts how when
she downloaded the file she discovered instructions to replace the files in
the new Georgia voting system. After downloading everything she could on the
FTP site, Harris burned the information to CD, placed copies in a safe
deposit box, and started to read all that she could.
What she discovered is that
in its sales pitch to George, Dieblod declared its AccuVote-TS machine was
designed to be not only accurate but also secure. Its audit trail would
record 'any attempt to create, access, or delete information'. They told
the state that two separate companies, Wyle Laboratories, Inc. and
Ciber, Inc. would test the machines and ensure they met federal
standards.
However, this claim was not entirely true. From the FTP site Harris learned that Diebold machines could be accessed with a "supervisor smart card". Incredibly, she discovered that every one of those cards had the same password - llll - hard-coded into the system. Thus, anybody with a card could conceivably tamper with vote counts.
Most disturbing, however, is
that the central server, to which polling-place results are sent, employs a
database engine used by Microsoft Access.
In the volume of
correspondence found in my own Google search, several technicians talk about
how Microsoft Access is great for managing items that would be unwieldy to
do on paper, but how unwise it is to do so with serious applications because
the system is "so easily hacked."
Sure enough, with a couple of
clicks Harris was able to go through the 'backdoor' on the Microsoft Access
server and erase any 'audit trail' of her actions. The supervisor looking at
his screen on GEMS would see the new tally and have no idea a hacker had
doctored it.
After Harris posted the
Diebold files on her web site in February 2003, Diebold spokesman Joseph
Richardson denied that the company had put any patch on its 22,000
Georgia machines.
Then in September 2003, Harris received the mother lode. Someone leaked her 13,000 internal Diebold memos & e-mails.
In one of those memos, a
Diebold engineer named Ken Clark acknowledges to a colleague that
anyone could get into the central server through Microsoft Access and made
changes and erase tracks from the audit.
The Problem Accelerates So where has Congress been in the oversight of this pending crisis? In the Vanity Fair article, according to Doug Lewis who is head of the 'Election Center', back in the mid-1980s, states wanted standards for elections and asked the Federal Election Commission to draw them up. The FEC tried to get Congress interested, only Congress had no interested.
With no money or guidance
from Congress, the task fell to the National Association of State
Election Directors. From here it was determined that standards could not
be federal because the federal government couldn't enforce them and that the
best route would be for the states to adopt them.
So in essence, the program
was put together without any money, meaning officials had to rely on the
vendors to assure the system was secure. And the vendors basically relied
upon programmers to qualify the software on all electronic voting systems in
the country.
Diebold Election Systems
is a division of the billion-dollar Diebold corporation, an Ohio-based maker
of ATM's. Their chairman, Walden O'Dell, has raised at least $100,000
for the re-election campaign of George W. Bush. On June 30, 2003, the
helped organize a fun-raising party that netted $600,000 and was attended by
Vice-President Dick Cheney.
The company Global
Election Systems (GES) that Diebold purchased in 2002 is a Texas-based
firm. One director of GES, Michael K. Graye, was arrested in 1996 in
Canada on tax-fraud and money-laundering charges that involved $18
million.
After Harris' allegations
surfaced (to minimal national coverage), Diebold hired a pair of 'swat'
teams to debug and correct problems raised, however the failure rate still
would clock in at 15%.
After the Georgia mid-term
election results were certified, a new version of the software incorporating
'lessons learned' was installed as standard procedure, so if someone had
tampered with that election, the evidence was gone.
Last July, Maryland signed
contracts to pay $55 million to Diebold. Around this same time
computer scientists at Johns Hopkins University declared they had
poured over the program files that Bev Harris had downloaded and declared
"stunning security holes to be found in the system."
Recently Maryland hired
computer experts to try hacking into the Deibold machines and they succeeded
with alarming ease, changing votes both directly on the precinct machines
and remotely by modem.
Diebold's response was to
state that the notion that a hacker could turn a voter card into a
supervisor card and change vote tallies was "not a realistic scenario" and
that the software issues have been addressed.
What they don't say is that
none of these issues would have been addressed if Bev Harris hadn't
downloaded the program files that Johns Hopkins and others found to have
such gaping security holes.
As It Stands Today Despite the fact that Ohio's study of all four major vendors cited the same security risks that Maryland's did, Ohio has told its counties to buy. So far 40 of them have chosen Diebold. In Arizona Diebold has taken 12 counties. Nevada has shunned Diebold, but gone with a competitor, Sequoia.
With the frenzy spreading
across the country to move to DRE's, Congressman Rush Hold
(Democrat, New Jersey) and Senator Hillary Clinton (Democrat, New
York) have put forth bills in their respective houses of Congress to add a
"paper trail" to all touch-screen machines. Every voter would receive a
paper receipt of his vote, check to be sure it showed his intent, and then
put the receipt in a lockbox. If the number of votes at a county's various
polling places failed to match the county total; a paper recount could be
done.
So far 106 Democrats
and just 8 Republicans have signed on the House bill. In order for
the bill to pass prior to the election of 2004, Holt will have to get his
bill out of a committee ruled by Congressman Robert Ney, a Republican
from Ohio - Diebold's home state.
|
|
|
|
Enable frames | |
