The Trouble With E-Ballots
It's a culture clash between the election world, which prizes reliability, and computer scientists, who obsess over security
By Steven Levy
Newsweek

June 28 issue - It's now official: Walden O'Dell is no longer raising funds for George W. Bush. Why should you care? That was Walden O'Dell's attitude last year, when he promised, in his role as rainmaker for Ohio's presidential re-election campaign, to deliver the state to the incumbent. To his surprise, he learned that lots of people did indeed care—once they realized that his day job was running Diebold, a company that makes electronic-voting devices used by millions of voters. So it was prudent for Diebold to adopt a new policy that banned its executives from outside political work, adopted months ago but formally announced just recently.

Unfortunately, Diebold hasn't conceded its bigger problem—that the current generation of computer-voting devices, the ones that many of us will use this November, are flawed by their inability to verify that the voter's choices are actually the ones that count in the final tallies.

In a visit last week to NEWSWEEK, O'Dell, whose company is under increasing pressure as more citizens learn about the details of touch-screen voting (the League of Women Voters just retracted its support of the technology), presented a spirited defense. Introducing himself as "Wally," and accompanied by experienced PR fire-putter-outers, he explained that Diebold, which makes billions in financial devices like bank ATMs, isn't in the voting game solely for lucre (though he'd like to see a profit down the line). It's about patriotism. "In November 2000 we couldn't elect a president," he says. "America had a problem. We could help."

If touch-screen devices with coherent interfaces replaced confusing systems like butterfly ballots, he explained, overvoting and unintentional undervoting could be virtually eliminated. The high-tech devices, equipped with audio readbacks, could also serve blind voters. So Diebold bought one of the pioneering companies in the field, and now its elections division is the leader among several firms selling touch-screen devices. It won contracts to supply all of Georgia and Maryland. O'Dell has a stack of documents and video testimonials attesting to the successful elections conducted by his machines (he didn't mention the March 2 debacle in California, where many polls opened late because the devices wouldn't boot correctly). "On our very worst day," he says, "we're 10 times better than what was out there before."

A less rosy perspective emerged last year after a report by Avi Rubin, a University of Maryland researcher who got hold of Diebold voting-machine code that was unintentionally exposed on the Internet. He found that the security in the machines was "amateurish" and easily hackable. His findings bolstered the contentions of a growing movement, spearheaded by computer scientists, that the machines are "black boxes" providing no assurance that the vote cast is the one reported, and could in theory be manipulated to swipe an election with total stealth. A "recount" in that case would rely on the same software that secretly swiped the votes to begin with, and simply verify the theft.

In a new feature, Steven Levy reviews fiction that makes a long trip bearable. This Time: ‘The Enemy’ by Lee Child
On one hand, this is a culture clash between the old-school election world, which prizes reliability and measures success by happy voters, and the computer scientists, who obsess on the dangers of a catastrophic election heist. O'Dell does admit "we made mistakes." But he chides the geeks for demanding a level of security that doesn't reflect the real world. And while he says he will happily outfit his units with technology for paper vote verification if required, he notes the possible glitches and inevitable expenses—as much as $1, 000 a unit. Clearly, he believes that no such paper trail is necessary, despite the fact that the prize of a stolen election is well worth the efforts of a well-funded, persistent and talented group of attackers. We're protected, he says, because the code in the devices is vetted by outside companies who certify the devices before they are used.

But the certification process, says California Secretary of State Kevin Shelley, is "very deficient." He charges that the companies hired to examine the software have a conflict of interest, as they work for the manufacturers. (Shelley, believing that Diebold misled the state during the process, has asked the attorney general to look into possible civil and criminal penalties. Diebold denies misconduct.) In any case, computer scientists like Rubin believe that the companies poring over the code would probably fail to discover any well-written secret subroutines that could steal votes.

O'Dell claims to be "agnostic" on the necessity of providing voters with evidence that their choices are the ones reflected in the count. But the possibility that a future president can attain office mounted on a Trojan horse isn't a philosophical issue: it's a threat to democracy. It's nice to know that Wally O'Dell is no longer working to elect one candidate in particular. It would be even nicer to know, beyond any doubt, that his voting machines weren't, either.