by Pia Bertelli and Linda Morrison
Election Security is a hot topic these days, and on October 16, LWV Wellesley hosted California computer scientist Dr. Barbara Simons at the Wellesley Free library for a very informative presentation regarding voting cyber security: threats and solutions.
Dr. Simons is currently the board chair for Verified Voting, a member of the LWV San Francisco, and is retired from IBM Research and former President of the Association for Computing Machinery (ACM).
Verified Voting is a non-partisan, non-profit organization that advocates for legislation and regulation promoting accuracy, transparency and verifiability of elections. Verified Voting has concluded that computer voting without verifiable paper back up is “faith-based” voting.
Besides the possibility of Internet hacking, malware in voting software or spy chips imbedded directly into a voting machine, there are many questionable practices adding to the question of election security. Many states have no paper back up to machine voting, recounts of paper ballots are not done by a bi-partisan group, ballots are rejected without notification or review. Many states have laws inhibiting recounts. Even more troubling, voting software companies have refused requests for recounts citing their “proprietary information” Simons offered several examples of questionable voting situations and some solutions.
Georgia, most recently in the news, has had a history of election security issues. In 2002, last minute software patches were made to the Diebold DRE machine’s software just before the election. There was no independent oversight of the software or time to test it. Two incumbents ahead in the polls lost (Cleland, Senate and Barnes, Governor). The system was paperless and provided no opportunity to check the results.
In 2003, there was an independent study of the software, which found gaping security holes: a single key to encrypt all data on every storage device was embedded in the program text: F2654hD4. In 2006, a Princeton team showed how to implant a virus via removable memory. The key to lock the memory card slot was like a hotel bar key – easily picked. See the video of how to remotely hack these machines on www.verifiedvotingfoundation.org. The same machines are still used in GA today, despite a lawsuit calling for marked paper ballots.
Many people believe that voting machines are not vulnerable to hacks if they are not connected to the Internet. This idea is false, as at some point in the counting process, the web or internet may well be involved. Only a few key places need to be hacked in order to change the course of an election. Without a paper trail it is impossible to know if what someone enters onto a screen is what the memory records. The hardware could have a spy chip embedded in it, or it could simply be faulty.
In Carteret County, South Carolina 2004, 4500 votes were lost because the memory on some machines filled up, but did not display an error message so people kept voting on them. More people checked in/out than actual votes entered. The voters above the cut off were never counted. There was no paper trail so the vote could not be verified. As a remedy to this problem, South Carolina called for a Verified Paper Audit Trail but unfortunately, used a thermal continuous roll paper. Thermal paper printing has big problems with disappearing data.
In Virginia, Winvote machines were determined to be the “worse voting machine ever”, even over the Diebold DRE. The machines used wireless technology. When people came in with their iPhones, the machines tried to talk to the iPhones. It was a paperless system so it is unknown how the wireless interfered with the voting results. Other insecurities were an unchangeable encryption key “abcde”, no security updates since 2007 and the password was “admin”. The machines used since early 2000s were decertified after the recent VA midterms. Parties that request a recount are required to pay for it. “Verified Voting” strongly recommends using “post election audits” with hand counts of randomly selected precincts, and other safeguards
Legislation in the House, proposed by a bi-partisan group, called for some of these measures, but it got watered down, and there was never any version in the Senate.
- Broken Ballots: Does your ballot count?, Dr. Barbara Bluestein Simons
- Video – “Stealing America, Vote by Vote (2004 & 2006 election)
Further thoughts: Who “certifies” voting systems? Could the national association of Secretaries of State set standards for voting systems? Or at least publish the non-partisan data from verifedvoting.org?
Voting Security is a core LWV issue!