The Big Gamble on Electronic Voting

The New York Times has a long article by Randall Stross [registration required] in its business section today about the risks of electronic voting machines.

HANGING chads made it difficult to read voter intentions in 2000. Hotel minibar keys may do the same for the elections in November...

One brand of machine leads in market share by a sizable margin: the AccuVote, made by Diebold Election Systems. Two weeks ago, however, Diebold suffered one of the worst kinds of public embarrassment for a company that began in 1859 by making safes and vaults.

Edward W. Felten, a professor of computer science at Princeton, and his student collaborators conducted a demonstration with an AccuVote TS and noticed that the key to the machine’s memory card slot appeared to be similar to one that a staff member had at home.

When he brought the key into the office and tried it, the door protecting the AccuVote’s memory card slot swung open obligingly. Upon examination, the key turned out to be a standard industrial part used in simple locks for office furniture, computer cases, jukeboxes — and hotel minibars.

Once the memory card slot was accessible, how difficult would it be to introduce malicious software that could manipulate vote tallies? That is one of the questions that Professor Felten and two of his students, Ariel J. Feldman and J. Alex Haldeman, have been investigating...

Even before the researchers had made the serendipitous discovery about the minibar key, they had released a devastating critique of the AccuVote’s security. For computer scientists, they supplied a technical paper; for the general public, they prepared an accompanying video. Their short answer to the question of the practicality of vote theft with the AccuVote: easily accomplished...

I spoke last week with Professor Felten, who said he could not imagine how a newer version of the AccuVote’s software could protect itself against this kind of attack. But he also said he would welcome the opportunity to test it. I called Diebold to see if it would lend Princeton a machine.

Mark G. Radke, director for marketing at Diebold, said that the AccuVote machines were certified by state election officials and that no academic researcher would be permitted to test an AccuVote supplied by the company. “This is analogous to launching a nuclear missile,” he said enigmatically, adding that Diebold had to restrict “access to the buttons.”

I persisted. Suppose, I asked, that a test machine were placed in the custodial care of the United States Election Assistance Commission, a government agency. Mr. Radke demurred again, saying the company’s critics were so focused on software that they “have no appreciation of physical security” that protects the machines from intrusion...

This same point was featured prominently in the company’s press release that criticized the Princeton study, saying it “all but ignores physical security and election procedures.” It is a criticism that collides with the facts on Page 5 of the Princeton study, where the authors provide step-by-step details of how to install the malicious software in the AccuVote.

Even before the minibar lineage of the AccuVote key had been discovered, the researchers had learned that the lock was easily circumvented: one of them could consistently pick it in less than 10 seconds.

If skeptics cannot believe what they read about the ease of manipulating an election, they can watch the 10-minute online video: the AccuVote lock is picked, a memory card is inserted and the malicious software is loaded; the machine is rebooted, and within 60 seconds the machine is ready to throw the election in favor of any specified candidate...

Recently, there have been signs that states are having second thoughts about trusting their AccuVote equipment. Officials in California, Florida and Pennsylvania have been outspoken about their concerns. In Maryland earlier this year, the state House of Delegates voted 137 to 0 in favor of a bill to prohibit the use of its AccuVote machines because they were not equipped to generate a paper audit trail.

Previous post.