SALON

Wednesday, Sep 13, 2006 11:00 PM UTC

Hack the vote? No problem

Diebold, the e-voting-machine maker, has long sworn its systems are secure. Not so, says a new Princeton study. Converting votes from one candidate to another is simple.

By

Topics: 2006 Elections

Hack the vote? No problem

Having reported extensively on the security concerns that surround the use of electronic voting machines, I anxiously awaited the results of a new study of a Diebold touch-screen voting system, conducted by Princeton University. The Princeton computer scientists obtained the Diebold system with cooperation from VelvetRevolution, an umbrella organization of more than 100 election integrity groups, which I co-founded a few months after the 2004 election. We acquired the Diebold system from an independent source and handed it over to university scientists so that, for the first time, they could analyze the hardware, software and firmware of the controversial voting system. Such an independent study had never been allowed by either Diebold or elections officials.

The results of that study, released this morning, are troubling, to say the least. They confirm many of the concerns often expressed by computer scientists and security experts, as well as election integrity activists, that electronic voting — and indeed our elections — may now be exceedingly vulnerable to the malicious whims of a single individual.

The study reveals that a computer virus can be implanted on an electronic voting machine that, in turn, could result in votes flipped for opposing candidates. According to the study, a vote for George Washington could be easily converted to a vote for Benedict Arnold, and neither the voter, nor the election officials administering the election, would ever know what happened. The virus could also be written to spread from one machine to the next and the malfeasance would likely never be discovered, the scientists said. The study was released along with a videotape demonstration.

“We’ve demonstrated that malicious code can spread like a virus from one voting machine to another, which means that a bad guy who can get access to a few machines — or only one — can infect one machine, which could infect another, stealing a few votes on each in order to steal an entire election,” said the study’s team leader, Edward W. Felten, professor of computer science and public affairs at Princeton.

The Princeton study is the first extensive investigation of the Diebold AccuVote DRE (Direct Recording Electronic) system, which is employed in Maryland, Florida, Georgia and many other states. Such touch-screen voting systems made by Diebold will be in use in nearly 40 states in this November’s elections.

Felten and a small group of Princeton computer scientists implanted a nearly undetectable virus in a Diebold voting system. They managed to alter a voter’s ballot — after it had already been confirmed and cast — and flip a vote to a candidate other than the one the voter had intended. As Felten explained, “We’ve also found how malicious code could also modify its own tracks [afterward] and remain virtually undetectable by elections officials. It wouldn’t be found in the standard tests performed either before or after an election.”

The Princeton report shows that a virus could be inserted onto a Diebold voting system by a single individual “with just one or two minutes of unsupervised access to either the voting machine or the memory card,” which is used with the system to store ballot definitions and vote tabulations.

The question of unsupervised access to voting systems has long been at the core of the debate over the use and security of electronic voting machines. That debate reached a boiling point in California’s June election, when programmed, election-ready Diebold voting machines were discovered to have been sent home overnight with poll workers on so-called sleepovers, in the days and weeks prior to the election, by San Diego County’s registrar of voters. Poll workers in the county, and many others around the country, are given voting machines by elections directors to keep at home prior to the election. They are then deployed on election morning at polling sites. The vulnerabilities to hacking, however, in the newer electronic voting systems have made that practice a topic of great concern. Earlier this year the federal certification body for e-voting systems issued a memorandum requiring greater security for such systems.

As a result of the security breaches via the voting machine “sleepovers” in San Diego County, the special election between Francine Busby and Brian Bilbray for the House seat of jailed Rep. Randy “Duke” Cunningham was contested by voting rights advocates. The legal suit charged that unrestricted access to the machines by poll workers compromised the election and violated both state and federal law.

David Jefferson, a lead voting systems technology advisor for the California secretary of state and a computer scientist at Livermore National Laboratory, told “The PBS News Hour” just after California’s primary election, “You can affect multiple machines from a single attack; that’s what makes it so dangerous.”

Jefferson’s comment was based on a

Investigative journalist and broadcaster Brad Friedman is the creator and publisher of The BRAD Blog. He has contributed to Mother Jones, The Guardian, Truthout, Huffington Post, The Trial Lawyer magazine and Editor & Publisher. More Brad Friedman.

Next Article

Related Stories

More Related Stories

Featured Slide Shows

The week in 10 pics

close X
  • Share on Twitter
  • Share on Facebook
  • Thumbnails
  • Fullscreen
  • 1 of 11
  • Lisa Montgomery embraces her nephew Thursday after a tornado tore apart her home in Cleburne, Texas. The twister killed six people and destroyed entire swaths of the North Texas town.
    Credit: AP/LM Otero

  • Jack McMahon, the defense attorney for abortion doctor Kermit Gosnell, speaks outside the Criminal Justice Center in Philadelphia Tuesday. His client was convicted of killing three babies in his clinic, and will serve multiple life sentences.
    Credit: AP/Matt Rourke

  • A photo taken Monday captures Vice President Joe Biden's response to a Milwaukee second-grader's innovative proposal to end America's epidemic of gun violence. This guy!
    Credit: AP/Jenny Aicher

  • Sen. Rand Paul, R-Ky., flanked by a grouper-eyed Michele Bachmann, addresses the IRS' admission that it targeted Tea Party groups in advance of the 2012 election. In an op-ed for CNN Thursday, the Kentucky senator slammed the president for his faux outrage.
    Credit: AP/Molly Riley

  • Ousted IRS chief Steven Miller is sworn in on Capitol Hill Friday. Miller testified before the House Ways and Means Committee on the extra scrutiny the agency gave conservative groups applying for tax-exempt status.
    Credit: AP/J. Scott Applewhite

  • Attorney General Eric Holder pauses as he testifies on Capitol Hill before the House Judiciary Committee Wednesday. Holder is under fire, among other things, for the Justice Department's gathering of phone records at the Associated Press.
    Credit: AP/Carolyn Kaster

  • O.J. Simpson sits during an evidentiary hearing at Clark County District Court in Las Vegas, Nev., Thursday. Simpson, who is currently serving a nine-to-33-year sentence in state prison for armed robbery and kidnapping, is using a writ of habeas corpus to seek a new trial.
    Credit: AP/Las Vegas Review-Journal/Jeff Scheid

  • Major Tom to ground control: On Sunday astronaut Chris Hadfield recorded the first music video from space, a cover of David Bowie's "Space Oddity."
    Credit: AP/NASA/Chris Hadfield

  • When it rains it pours. President Barack Obama speaks during a news conference Thursday with Turkish Prime Minister Recep Tayyip Erdogan, inexplicably inspiring an #umbrellagate Twitter meme.
    Credit: AP/Jacquelyn Martin

  • A smoke plume rises high above a road block at the intersection of County A and Ross Road east of Solon Springs, Wis., Tuesday. No injuries were reported, but the the wildfire caused evacuations across northwestern Wisconsin.
    Credit: AP/The Duluth News-Tribune/Clint Austin

  • Recent Slide Shows

  • Share on Twitter
  • Share on Facebook
  • Thumbnails
  • Fullscreen
  • 1 of 11

Related Videos

Comments

 34 Comments

Comment Preview

Your name will appear as username

You may use these HTML tags and attributes: <a href=""> <b> <em> <strong> <i> <blockquote>

follow salon

Most Read

Popular on Reddit

links from salon.com

From Around the Web

Presented by Scribol
listener_new_rect The Listener: So long, Sookie Stackhouse

Recommendations