Electronic voting machines security risk

Computer-science researchers from Johns Hopkins University and Rice University are heaping criticism on electronic voting machines built by Diebold Election Systems, based on software code for the machine said to have been posted publicly to the Internet by an activist.

 
Avi Rubin, technical director of the Information Security Institute at John Hopkins, along with computer science doctoral students Adam Stubblefield and Toshi Kohno, say their research of the code from the Internet shows a voter could find it very easy to trick the Diebold Election Systems into accepting more than one ballot per voter.

Another researcher, Dan Wallach, assistant professor of computer science at Rice University, echoed the findings, which have been issued in a technical report, saying the country needs to have extensive independent security evaluation of all electronic voting machines on the market.

In response, Diebold indicated that the released code was not a current version of the voting machine's software.

"The work we've released is part of a dialog nationally we want to have," said Wallach, who reviewed the findings of the Johns Hopkins team's two-week security evaluation of the Diebold software code that had been posted to the Internet. "My opinion is that the code we looked at is deeply unsuitable for an election."

According to the university researchers, the tens of thousands lines of code for the Diebold Elections Systems voting machine obtained from the Internet had several serious and irremediable flaws.

For one thing, the electronic voting system could be easily exploited by an individual or group intent on tampering with election results. The researchers pointed to the smart card necessary to use the machine to cast a single ballot. The researchers said it would be easy to program a counterfeit card, hide it in a pocket and then use it inside the booth to cast multiple votes.

"A 15-year-old computer enthusiast could make these counterfeit cards in a garage and sell them," said Johns Hopkins' Rubin. Rubin has conducted other research in the area that makes him feel high-tech balloting should not be conducted in haste. "People are rushing too quickly to computerize our method of voting before we know how to do it securely," he stated.

Rice's Wallach noted that the Diebold system doesn't use encryption to conceal results and prevent tampering. Wallach added that he has similar concerns about voting machines marketed by Hart-Inter-Civic, but that the firm has rebuffed any overtures to do a security check on the machines without a nondisclosure agreement that would prevent any publicizing of spotted flaws.

The strained interaction between voting machine manufacturers and academic researchers with security expertise was apparent in the criticism of the Diebold code.

The Johns Hopkins researchers decided not to notify Diebold in advance of publicizing their evaluation. Instead, the Johns Hopkins research team deliberately released the findings publicly and discussed it with the media, triggering a response from Diebold.

Kohno said the research group "made a judgment call" that there was a "duty to notify" the public about the perceived flaws in the voting machines to hold the manufacturer of them accountable. For his part, Wallach said he had some worries that the manufacturer might issue a restraining order.