This kind of crap kind of makes you wonder who’s pulling the strings on the guys pulling the strings on the board of directors of Diebold.

40+% of eligible voters do not vote in national elections. That shows me that a substantial portion of our citizenship has little or no interest in who runs our country, so rigging or fixing of elections is really a non-issue.

Imagine this: A Trojan Horse unleashes thousands of illegitimate votes and disappears without a trace, election commissioners bypass laws, uninvestigated computer glitches and easily picked locks in voting systems, no federal oversight holding e-voting vendors accountable?yes folks, elections can be stolen.
Since the 2000 Presidential election, problems stemming from the use of electronic voting machines have called into question the foundation of American democracy?the US voting system. At the forefront of concerns are security issues surrounding the use of Direct Recording Electronics [DREs], better known as touch screen computer voting machines, and their lack of a paper trail in the form of an auditable paper ballot. Widely reported irregularities from voting districts around the US have alarmed many and opened claims of stolen elections. Some even doubt the legitimacy of the outcome of recent US elections. A team of top computer scientists has been working diligently to resolve the many underlying design problems in the e-voting system that leave it open to cheating. Stalled by the federal government, and with doubts about e-voting continuing to spread, these scientists have instead turned to state governments and the National Science Foundation for help.

“Maryland, where I live, uses Diebold DREs, which are an ideal opportunity for cheating,” said Dr. Avi Rubin, Technical Director, Information Security Institute, Johns Hopkins University. “In fact, you couldn’t come up with a better opportunity for cheating. There’s no ability to audit or recount, and the entire process takes place inside the computer, which is not transparent.”

In May 2004, Rubin co-authored an analysis of electronic voting systems, raising concerns about lack of security, for the Institute of Electrical and Electronics Engineers (IEEE), the world’s largest professional organization for technical standards. He also served in 2004 as a poll worker and election judge in Baltimore County, Maryland, where he lives. These and other experiences have only served to raise his concerns about the possibility for cheating via the use of electronic voting machines.

Efforts to Secure E-voting Stalled
Apprehension about the lack of security in Diebold’s DREs and other touch screen computer voting machines spurred David Dill, a Stanford University computer science professor, to establish the Verified Voting Foundation in November 2004. According to Dill, when federal legislators tried to create a law that would address e-voting security problems, it was “blocked by a committee chairman, so we focused on state legislation.”

Since then, the group has been advising states on e-voting security problems and the need, at a bare minimum, for a verified voting paper audit trail.

Earlier this year, Congressman Rush Holt (D-NJ) submitted a bill, The Voter Confidence and Increased Accessibility Act of 2005 (HR 550), to the House Administration Committee. The bill requires a paper audit trail at the federal level. But Holt has not been able to get the chairman of the committee, Congressman Robert Ney (R-OH), to schedule a hearing on it all year long.

“Congressman Ney will not schedule a hearing on the bill, so it remains in limbo,” confirmed Pat Eddington, Holt’s press secretary.

Even the bi-partisan federal Carter-Baker Commission Report could not nudge Ney. Set up to review the entire electoral process and co-chaired by former president Jimmy Carter and former Secretary of State James Baker, the report strongly endorses the need for a paper audit trail. (Congressman Ney’s office did not return repeated calls.)

In lieu of the refusal of some at the federal level of government to address the issues surrounding the legitimacy of electronic voting procedures and work toward safeguarding American elections, Verified Voting turned to state governments. Since its founding, Verified Voting has helped 26 states establish state legislation that requires a paper audit trail in e-voting machines, and 14 states have requirements pending, according to verifiedvoting.org.

However, paper receipts only begin to address the complexity of electronic voting problems. The most serious concern among computer scientists studying the problems is the “Trojan Horse,” a computer code that can be programmed to hide inside voting software, emerge in less than one second to change an election, then destroy itself immediately afterwards, going undetected.

“Anyone who has access to the software?an insider?could easily insert a Trojan Horse into the software,” said Barbara Simons, a past president of the Association for Computing Machinery and a retired IBM researcher who is co-authoring a book on the risks of computerized voting. The problem is that the Trojan Horse cannot be detected unless the software is inspected continuously?as in every second?for its presence.

No Oversight of E-voting Legitimacy
Three-voting vendors?Diebold, Election Systems and Software (ESS), and Sequoia?dominate the market. Since e-voting is unprecedented in the history of elections and law tends to lag behind technology development, there is no federal oversight body holding these companies accountable for the security and reliability of their electronic voting systems. Their machines are supposedly tested by independent testing authorities. “But it turns out that the vendors pay the independent testing authorities and the vendors keep the results confidential,” said Simons. “So you have a huge conflict of interest right there.”

In addition, said Simons, “There is no requirement to make any problems public or even to reveal them to election officials because this information is proprietary for the vendors. Also, the testers are only required to test for things on a list and aren’t required to test for things that aren’t on the list. If you are going to subvert software, you are not going to do something that will be found by a checklist. So it’s easy to insert a Trojan Horse into the software because the testing won’t find it. And even if they did find it, there are no requirements to report it.” Vendors are the ones who decide what goes on the list and what doesn’t.

The privatization of the US voting process means the public lacks access to, or the ability to inspect, election software, as well as information about or even the names of the computer programmers who created it. Private companies and e-voting vendors flatly state that their election systems must be kept confidential as exclusive property right products, and therefore refuse to release their software source code for inspection by independent third parties. They claim that to do so would violate their right to copyright secrecy and would open the door to rivals who could steal their products. But some wonder what else vendors might be trying to hide. For instance, according to information reported on http://www.blackboxvoting.org, a non-partisan, nonprofit consumer protection group that is conducting fraud audits on the 2004 elections, Diebold, one of the e-voting vendors, hired ex-felons, who were convicted in Canada of computer fraud, to program election systems software.

“I don’t want to malign ex-felons,” said Simons, “but you want to know the names of the people who are programming the machines that will be recording and counting our votes.” On the other hand, it is not uncommon for major companies to hire, as programmers, former hackers who have proven themselves to be advanced enough to hack into even the most sophisticated and safeguarded systems. In some cases, to successfully gain entry into an ultra-secured system can guarantee a hacker a job.

E-voting machine companies like Diebold are, in essence, funded to the tune of $3.9 billion by a 2002 federal law, entitled the Help America Vote Act (HAVA) which appropriates these funds as only an initial amount to the states to purchase e-voting for all national elections. States are required to phase out punch-card ballots and other systems that seemingly were problematic in the 2002 presidential election in Florida and to standardize on electronic voting systems for national elections by January 1, 2006. The problem is that this does not give the states enough time to deal with the complexity of electronic voting systems. And HAVA does not require e-voting companies to provide the kind of good security in those systems that would prevent chances of cheating.

Concerns about the many anomalies in the November 2004 election and about the gross lack of security in touch screen computer voting machines, spurred Dr. Rubin to apply for funding from the National Science Foundation to research solutions to the problems. In August 2005, the NSF’s Cyber Trust program responded by awarding Rubin and his team of computer science researchers $7.5 million to investigate ways to build trustworthy e-voting systems. Rubin is now the director of the NSF project ACCURATE (A Center for Correct, Usable, Reliable, Auditable and Transparent Elections). ACCURATE involves six institutions that will collaborate to investigate how public policy and technology can safeguard e-voting nationwide.

“The NSF recognized that this is a problem of tremendous significance to the country,” said Rubin. “It’s a deep-rooted, scientific problem.”

The funded researchers are Prof. Avi Rubin, Drs. Drew Dean and Peter Neumann of SRI International; Prof. Doug Jones of the University of Iowa; Profs. Dan Wallach and Michael Byrne of Rice University; Profs. Deirdre Mulligan and David Wagner of the University of California at Berkeley; and Profs. Dan Boneh and David Dill at Stanford University, along with numerous affiliates.

However, scientists and academics can only partly address the complexity of e-voting problems, leaving many of the battles to be fought at the state legislative level.

Bypassing the Law
One especially salient example (as recorded on http://www.verifiedvoting.org), shows that in response to numerous and varied voting system malfunctions that occurred in the November 2004 elections, North Carolina passed tougher requirements for election systems in its Public Confidence in Elections Act in early 2005. Under the new law, manufacturers must place in escrow the source code, the blueprint that runs the software, and “all software that is relevant to functionality, setup, configuration, and operation of the voting system” as well as a list of all computer programmers responsible for creating the software.

However, implementation of this law has been stymied by an interesting turn of events fueling the belief of some e-voting critics that Board of Election officials are too partisan for a job that requires objectivity, or who feel that election commissioners have relationships with e-voting vendors that seem far too cozy. The events in North Carolina involve Diebold?the e-voting vendor whose bid was selected by North Carolina’s Board of Elections?and the very same Board of Elections.

Diebold responded to the new requirements by asking to be exempt from them, but a North Carolina Superior Court judge refused to grant the exemption. After losing in court, Diebold withdrew from their bid to provide elections systems in November 2005. However, in a surprising turnaround in December 2005, the North Carolina Board of Elections certified Diebold Elections Systems to sell electronic voting equipment in the state, despite Diebold’s admissions that it could not comply with the state’s election law.

The Board was able to do so because its election commissioners?not judges or computer science experts?are the ones who have the ultimate authority to certify election systems in the state. Instead of rejecting the vendor’s applications and issuing a new call for bids that complied with the law, the Board of Elections certified all of the vendors’ systems. The Electronic Frontier Foundation (EEF), a nonprofit consumer advocacy group of technologists and lawyers formed in 1990 to protect digital rights in our increasingly networked world, took issue with the North Carolina Board of Elections, which certified the three elections systems companies: Diebold, Election Systems and Software, and Sequoia Voting Systems. Citing the Board’s action as an example of election commissioners having too much authority, Keith Long, EFF advisor to the Board, who was formerly employed by both Diebold and Sequoia, stated that none of the vendors meet the statutory requirement to place their system code in escrow.

“The Board of Elections has simply flouted the law,” said EFF staff attorney Matt Zimmerman in a release he issued on December 2, 2005. “In August, the state passed new rules that were designed to ensure transparency in the election process and the Board simply decided to take it upon itself to overrule the legislature. The Board’s job is to protect voters, not corporations who want to obtain multi-million dollar contracts with the state.”

An ESS spokeswoman stated that ESS computer systems are secure, owing to a back-up system. However, as Simons pointed out, that does not address the problem. “If the machine doesn’t record the votes correctly to begin with, it does not matter how many copies of that original incorrect recording you have.” ESS’ spokeswoman countered by assuring that the company’s systems are accurate.

How New York Measures Up
New York State amended its Election Reform and Modernization Act of 2005 to include a provision for escrow requirements, which all election systems vendors must comply with in order to have an e-voting system certified in the state. The provision requires programming, source code, and voting machine software to be placed in escrow with the state Board of Elections, and requires the election systems vendors to waive all rights to assert intellectual property or trade secret rights. The amendment also requires that elections systems be tested by independent experts under court supervision.

Putting software source code in escrow provides an opportunity to inspect the code when there are anomalies in the election. It is already difficult to track down malicious code like a Trojan Horse; however, as researcher Simons pointed out, “there’s no chance you will find it if you can’t look at it.”

New York also passed a series of bills, including a voter verified paper trail requirement that is an addition to HAVA, since the federal law does not require it.

But New York’s election law omits the requirement to turn over the names of all computer programmers who are responsible for creating the software code. Since programmers are the ones who would be able to create and insert a Trojan Horse code, they are the ones who could ultimately rig a national election. If you don’t know who the programmers are, you can’t find out who created the problem, or who asked them to do it. Not to mention that a Trojan Horse program is set up to erase evidence of itself once it has done its job.

“Having the software source code doesn’t guarantee that you will detect critical software bugs or malicious code,” said Simons. “Anyone with access to the election software of a major voting machine vendor can change the outcome of a national election and determine which party will control Congress. Election fraud can now be committed on a national, not just a local, basis.”

Yes Folks, the Election Can Be Stolen
With the old lever machine method of voting, election fraud could only be committed on a local, or possibly a regional basis without high risk of getting caught. But now it would take only one well-placed programmer creating malicious code to rig a national election. “How do you know what software is running on Election Day?” asked Simons. “You could easily add a last-minute software patch to do something on Election Day, [and that would] then immediately erase itself.”

Software bugs can also be programmed undetected. “Buggy software is an important problem in computer security,” said Stanford University’s Dill. “A huge number of problems we have are due to computer software buffer overflows, which overwrite computer functions to get control of the machine.” Computer buffer overflows are a standard way for Trojan Horses to take control of a computer and make changes to it, while leaving no evidence behind.

The GAO report concluded that national initiatives to improve voting systems lack plans for implementation or are not expected to be completed until after the 2006 election, stating: “Until these efforts are completed, there is a risk that many state and local jurisdictions will rely on voting systems that were not developed, operated, or managed in accordance with rigorous security and reliability standards.”
Reiterating the reality that there is no such thing as software without bugs, Dill explains, “Eliminating bugs from programs has been an unsolved problem since computers were invented. The problem grows harder every year, as the systems get more complicated. Anyone who says they can generate large software without bugs is not telling the truth. We don’t know yet how to make computer programs perfectly secure. That is why you always have to have independent reliable ways to check the results. The election can be stolen, nobody can tell, and it’s easy to do.”

Another opportunity for election fraud is in software patches, which are the routine fixes to software bugs that work the same way a repair patch is put on a flat tire. A programmer can deliver a patch to a bug that is an election rig instead of a fix and, again, it would not be detected unless it was inspected.

“There’s a tendency for people to regard computers as the epitome of accuracy,” said Dill, highlighting the fact that the lack of security in the source code is fundamentally a human problem. “This is why computer scientists have gotten involved?because they understand the limitations of technology.”

Dill and other computer science professionals have been trying to educate people about the current, serious limitations of using computers for voting. “People just don’t believe it when we say computer voting machines are insecure since they don’t understand how deeply complicated software can be. Because these are computers, you need much more security with them than you do with old-fashioned paper-based systems,” he explained.

“The hardest people to convince are those who have signed multi-million dollar contracts to buy e-voting machines before they were made secure,” added Dill, alluding to election officials who thought they were buying the latest, greatest technology in the DRE or touch screen machines and therefore later become defensive when computer scientists inform them that their purchase is unreliable and insecure. “They are understandably reluctant to admit that they made a mistake.”

And some complain that the January 1, 2006 HAVA standardization requirement, and the vagaries within the law that omit major areas of concern, has set unrealistic goals for election officials and backed them into a corner. Given the complexity of these machines, it can be argued that officials need more time for discovery and resolution to the problems.

“If we find out after the purchase of these machines that they are not secure and Congress is given evidence that they are not secure, will they make a new set of regulations, which will cost X millions of dollars?” asked Lee Daghlian, public information officer of the NYS Board of Elections.

Cozy Relationships and Huge Profits
However, zooming in on the election commission business also reveals a close-knit community. As in the example mentioned earlier in which North Carolina’s Board of Elections went ahead and certified Diebold systems despite the Superior Court judge’s ruling, many see the close relationships between election commissioners and election systems vendors as overstepping certain ethical boundary lines. Huge profits are to be made by election-system vendors and they court election officials accordingly. “They wine them and dine them,” said Dill. “Election officials have known the election systems vendors longer than they’ve known the computer scientists. And there’s a revolving door. A good career path for an election official is to go work for a vendor.”

In October 2005, the General Accounting Office (GAO), the nonpartisan independent investigative arm of the federal government, issued an illuminating report that raised a multitude of concerns about electronic voting security and reliability. The report found that cast ballots, ballot definition files in the voting software, memory cards, and computer audit files all could be modified. Election systems had easily picked locks and power switches that were exposed and unprotected.

The GAO report showed that voting-machine vendors have weak security practices, including the failure to conduct background checks on programmers and system developers and a failure to establish clear chain-of-custody procedures for handling voting software. It also found that voting system failures have already occurred during elections, identifying a number of cases in California, for instance, where a county presented voters with an incorrect electronic ballot, which meant they could not vote in certain races. And in Pennsylvania, where a county made a ballot error on an electronic voting system that resulted in the county’s undervote percentage?that is when a candidate is given fewer votes that he or she actually won?reaching 80 percent in some precincts. And in North Carolina, where electronic voting machines continued to accept votes after their memories were full, causing more than 4,000 votes to be lost.

And these are only a few examples out of thousands that were reported but not investigated.

In addition, the GAO discovered that standards for electronic voting adopted in 2002 by the Federal Election Commission contain vague and incomplete security provisions for commercial products and inadequate documentation requirements; and that tests currently performed by independent testing authorities and state and local election officials do not adequately assess electronic voting system security and reliability.

The GAO report concluded that national initiatives to improve voting systems lack plans for implementation or are not expected to be completed until after the 2006 election, stating: “Until these efforts are completed, there is a risk that many state and local jurisdictions will rely on voting systems that were not developed, operated, or managed in accordance with rigorous security and reliability standards?potentially affecting the reliability of future elections and voter confidence in the accuracy of the vote count.”

In response to the release of the GAO report, members of the House Committee on Government Reform issued a statement that highlighted a long list of voting system vulnerabilities, also reported by Dill’s Verified Voting Foundation. But the reality behind the GAO laundry list is that electronic election systems are grossly inadequate and that vendors are not being held accountable by election commissioners to provide security in their election systems or, as in the case of the North Carolina Board of Elections, even to comply with the law.

Not to mention, “They have none of the security levels that computer scientists have been asking for,” added Simons.

If election systems vendors are not required both by law and by state election commissioners to place their software source code in escrow, then voters will have no way of knowing whether the software contains malicious, election-rigging code or not.

But as the technical director of Johns Hopkins’ Information Security Institute, Dr. Avi Rubin believes it is only a matter of time before the vendors are forced by legislators to give it up. “I think they will be forced by law to share their source code. But they will do it kicking and screaming.”

Despite the steadfast work of the leading computer science experts and grassroots activists, it seems the problem of election rigging is still not taken seriously enough. That means it is still easy to rig an election via e-voting in the United States, and it will continue to be easy until election fraud is considered a priority.