Analysis Finds E-Voting Machines Vulnerable
By Andrea Stone, USA TODAY
WASHINGTON — Most of the electronic voting machines widely adopted since the disputed 2000 presidential election "pose a real danger to the integrity of national, state and local elections," a report out Tuesday concludes.
There are more than 120 security threats to the three most commonly purchased electronic voting systems, the study by the Brennan Center for Justice says. For what it calls the most comprehensive review of its kind, the New York City-based non-partisan think tank convened a task force of election officials, computer scientists and security experts to study e-voting vulnerabilities.
The study, which took more than a year to complete, examined optical scanners and touch-screen machines with and without paper trails. Together, the three systems account for 80% of the voting machines that will be used in this November's election.
While there have been no documented cases of these voting machines being hacked, Lawrence Norden, who chaired the task force and heads the Brennan Center's voting-technology assessment project, says there have been similar software attacks on computerized gambling slot machines.
"It is unrealistic to think this isn't something to worry about" in terms of future elections, he says.
The report comes during primary season amid growing concerns about potential errors and tampering. Lawsuits have been filed in at least six states to block the purchase or use of computerized machines.
Election officials in California and Pennsylvania recently issued urgent warnings to local polling supervisors about potential software problems in touch-screen voting machines after a test in Utah uncovered vulnerabilities in machines made by Diebold Election Systems.
North Canton, Ohio-based Diebold did not return calls for comment. The company, a major manufacturer of e-voting machines, said earlier this month that security flaws cited in its machines were theoretical and would be addressed this year.
The new threat analysis does not address specific machines or companies. Instead, it "confirms the suspicions about electronic voting machines that people may have had from individual reports" of problems, Norden says.
Among the findings:
• Using corrupt software to switch votes from one candidate to another is the easiest way to attack all three systems. A would-be hacker would have to overcome many hurdles to do this, the report says, but none "is insurmountable."
• The most vulnerable voting machines use wireless components open to attack by "virtually any member of the public with some knowledge and a personal digital assistant." Only New York, Minnesota and California ban wireless components.
• Even electronic systems that use voter-verified paper records are subject to attack unless they are regularly audited.
• Most states have not implemented election procedures or countermeasures to detect software attacks.
"There are plenty of vulnerabilities that can and should be fixed before the November election," says David Jefferson, a Lawrence Livermore National Laboratory computer scientist who served on the task force. "Whether they will or not remains to be seen."
The report said state election officials could improve voting-machine security if they conduct routine audits comparing voter- verified paper trails to the electronic record and ban wireless components in voting machines.
"A voting system that is not auditable contains the seeds of destruction for a democracy," says Rep. Rush Holt, D-N.J., a chief sponsor of a bill to improve electronic-voting security.
Posted 6/26/2006 10:05 PM ET