Voting-Machine Makers To Fight Security Criticism

[InfoSec News <isn () c4i org>]

http://www.washingtonpost.com/wp-dyn/articles/A47436-2003Dec8.html

By Jonathan Krim
Washington Post Staff Writer
December 9, 2003

Electronic-voting-machine companies announced yesterday that they are 
banding together to counter mounting concerns about whether their 
machines are secure enough to withstand tampering by hackers.

Although less than 20 percent of the nation's counties use electronic 
voting machines, their use is growing in the wake of the problems with 
punch-card ballots in Florida that threw the 2000 presidential 
election into turmoil. Last year Congress passed the Help America Vote 
Act, which provides funds for states and localities to modernize their 
election systems.

But several academic and cyber-security experts argue that the new 
machines, which let voters make their choices on video screens, have 
disturbing security flaws.

In July, researchers at Johns Hopkins University and Rice University 
identified potential security holes that would allow vote tampering in 
systems made by industry leader Diebold Election Systems Inc. 

That report led Maryland state officials to delay purchasing $55 
million in systems from Diebold, although Gov. Robert L. Ehrlich Jr. 
(R) ultimately decided to move ahead. 

Critics argue that at minimum, the machines should be equipped to 
provide companion paper records of the votes as a check against simple 
malfunctions, someone commandeering the operating systems and voting 
multiple times, or causing others' votes to be lost.

Last month California said it would require a paper verification 
system. 

The leading voting-machine companies, which argue that their systems 
are safe, have yet to put forward any proposals on addressing the 
concerns. But under the umbrella leadership of the Information 
Technology Association of America, the industry hopes to foster 
conversation that includes security experts, academics, local 
elections officials, and the National Institute of Standards and 
Technology, the federal agency overseeing technical standards.

"This is an an inflection point in the history of voting in this 
country," said Harris N. Miller, president of the IT association and a 
former Democratic Party chairman in Fairfax County. "There's a certain 
amount of controversy . . . the companies have decided they want to 
deal with that controversy positively."

Bill Stotesbery, vice president of Hart InterCivic Inc., which has 
25,000 machines in use in Virginia and several other states, said the 
electronic voting systems are not connected to the Internet, which 
would be a prime avenue for hackers.

He said his company and others have the capability to provide printed 
verification of an individual's vote, which would at least allow the 
voter to determine whether the machine properly recorded his or her 
choices.

But he said that many local jurisdictions have not yet demanded such a 
capability, nor have they prescribed technical standards. Paper 
printers could add $500 to the cost of each machine.

But the Johns Hopkins study, and others, said the systems could be 
compromised by preprogrammed "smart cards" that each voter uses to 
activate the machines, or other tampering.

Security experts also worry about mischievous insiders at the 
voting-machine companies. That fear was fanned when Walden W. O'Dell, 
chief executive of Diebold Inc., told Republicans in an Aug. 14 
fundraising letter that he is "committed to helping Ohio deliver its 
electoral votes to the president."

The company also has angered critics by suing two Swarthmore College 
students who posted on the Internet internal Diebold memos indicating 
the company's awareness of security flaws.

A Diebold spokesman said the firm has dropped the legal action.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.