Critics: E-voting problems still there

Electronic-voting machines remain vulnerable to attacks from people trying to steal elections and to glitches that incorrectly count votes, critics say as the U.S. prepares for a national election Tuesday.

Critics, including noted computer security experts, have conducted a series of tests in recent months showing how hackers could access e-voting machines. And earlier this year, during primary elections, there were reports of technical problems at e-voting machines in several states.

"On balance, I'd say things haven't gotten any better" since the 2004 elections, said Eugene Spafford, executive director of the Purdue University Center for Education and Research in Information Assurance and Security and chairman of the U.S. policy committee at the Association for Computing Machinery (ACM). "There's a significant concern about the potential for error."

This year, fellow ACM member Ed Felten, a professor of computer science and public affairs at Princeton University, released results of a series of experiments on popular e-voting machines sold by Diebold Election Systems and other vendors.

In an experiment published in September, Felten's team showed that using a hotel minibar-type key card they could open the access panel doors to the memory cards where vote results are stored on Diebold AccuVote-TS voting machines. The key cards, used on office furniture, electronic equipment and jukeboxes, are widely available from office supply stores and Internet retailers, Felten said on his blog.

Felten called the use of a fixed encryption key a "rookie mistake" in a Sept. 18 blog post. Often, security experts have a hard time explaining e-voting problems to the general public, but the key card access is an example "anybody, expert or not, can appreciate," he wrote.

Felten's colleague opened the memory access panel using a 15-year-old access card from a VAX computer, Felten said.

"This seemed like a freakish coincidence -- until we learned how common these keys are," he wrote. "We bought several keys from an office furniture key shop -- they open the voting machine too. We ordered another key on eBay from a jukebox supply shop."

The locks are close to useless, he continued. "The bad guys don’t care whether you use encryption; they care whether they can read and modify your data," Felten wrote. "Several people have asked whether this [blog] entry is a joke. Unfortunately, it is not a joke."

Felten details more e-voting security problems in his blog.

A Diebold representative didn't respond to a request for an interview, but the company issued a response to a study on Diebold vulnerabilities released Sept. 13 by Felten and two colleagues.

The e-voting machine Felten and his colleagues studies was two generations old and "to our knowledge, is not used anywhere in the country," Diebold said in the statement. The researchers removed security tape, enclosure screws and security tags to get inside the machine, Diebold said.

"A virus was introduced to a machine that is never attached to a network," Diebold said. "By any standard -- academic or common sense -- the study is unrealistic and inaccurate."