E-Voting Expert and Critic Urges E-Vote Hacking

As U.S. elections draw near, computer science experts and e-voting critics are making dire predictions about the outcome if paperless, closed-code touch-screen machines are used by Americans casting their ballots.

The criticism grew into a challenge at the Black Hat Security Conference in Las Vegas this week when Harvard fellow Rebecca Mercuri called on hackers to have a go at election system code and expose the flaws. There was even a $10,000 reward promised to anyone who could successfully circumvent a system and reveal the holes.

However, e-voting expert Barbara Simons told TechNewsWorld that hackers risk breaking the law, specifically the Digital Millennium Copyright Act, by digging into election system software code.

"I think it's an interesting proposal," Simons said of the Black Hat challenge. "It's really unfortunate we have a law in this country that can make it illegal to look at the code and research the bugs and other problems, and possibly malicious code, because of the DMCA," Simons said. "That's one of the reasons [research] hasn't happened more to begin with."

Systems Sold

Although election system vendors such as Diebold have fought to keep their code secret, researchers have repeatedly found flaws not only in the software, but also in the process of machine certification. Such issues caused a California e-voting panel to reject touch-screen machines from Diebold last May.

There have been a number of other instances of computer experts finding flaws. More troubling have been glitches and discrepancies in e-voting results, such as a high number of votes for Democrat Richard Gephardt in the Florida primaries even though he was not running there.

Not Too Late

Simons, who pointed out that Mercuri is calling for exposure of vulnerabilities and not to disrupt elections, said elections officials are the ones who should be demanding their own review of election system code and paper receipts.

Although she said many officials may be feeling the need to defend their purchasing decisions, they are not alone and it is not too late to add printers to machines and call for code reviews.

"What should be happening is election officials should be demanding elections machines makers make the software public on their own," she said.

Institutional Issues

Simons also blamed weak Federal Elections Commission standards on elections systems and flawed inspection processes that leave room for bugs and other problems.

"This is just not a way to deal with our democracy," Simons said. "Our votes are much more important than that."

Yet another problem is that machine makers urged many elections officials not to plan for backup plans, claiming the machines and their software were flawless, Simons said.

"They just said, 'You don't do recounts; these things are perfect,'" Simons said.

Patriots and Presidents

Simons said many computer experts are frustrated by their inability to look at closed code from election machine makers, and he added that they should not have to risk breaking the law to ensure systems are secure and accurate.

"A computer person who does the right thing is a patriot," Simons said. "But by exposing weaknesses, they may be in violation of the law."

Simons worried that the close presidential race could put pressure on e-voting, which will occur more than ever in the upcoming election, which could determine the outcome.

"It's very disconcerting," Simons said. "In a close state, if one of the major vendors has a serious bug, a problem in the software could change the outcome of the election, which is intolerable. If, because of these machines, there are questions about the winner, this is going to be real bad for democracy."

More Scrutiny

Verifiedvoting.org founder and Stanford University Professor David Dill said election equipment definitely needs more scrutiny from computer security experts.

Dill said although computer science experts have had a lot of success in stopping the purchase of new electronic voting machines lately, there are several barriers.

"We're fighting existing momentum towards buying e-voting machines, intense lobbying and PR by some vendors, and politicians who are loathe to admit they made mistakes," Dill told TechNewsWorld.

Dill said the most important things are transparency and making sure all election equipment is thoroughly tested, poll workers are adequately trained and the election is closely scrutinized.

"Another important step would be to avoid deploying new equipment this close to the election," Dill said. "Incredibly, South Carolina plans to buy and deploy ES&S Ivotronic machines in November. This should definitely be stopped," he said.