E-voting critic calls on hackers to expose flaws

By Robert Lemos
CNET News.com
July 29, 2004, 12:22 PM PT

 Add your opinion

Forward in  Format for  Sign up for 

LAS VEGASElectronic voting systems have major security problems and hackers should make it their mission to find the flaws, an e-voting critic told security researchers Thursday.

Speaking at the Black Hat Security Briefings here, Rebecca Mercuri, a fellow at a Harvard-affiliated research center and a noted e-voting critic called the current voting process a statistical game of shells, one that e-voting machine makers are playing for profits.

"The data is not being collected in any meaningful way," she said. "Citizens should demand full accountability in election data at the precinct, county and state levels."

 

To hold voting machine makers to their promises of security, hackers should try to circumvent the systems and reveal their problems, she said. She pointed to a $10,000 reward promised by e-voting proponent Michael Shamos, a computer scientist at Carnegie Mellon University, as additional incentive.

Mercuri wants voting machine makers to stop being secretive about their security, or lack thereof, and stop legal pursuits of students and researchers that attempt to analyze their source code. She has formally called for two voting-system technology makersmachine maker Advanced Voting Solutions and verification system make VoteHereto open up their systems as part of a contest.

The call to arms is the latest move in a debate between researchers who believe that the U.S. election system has too many security holes, and those who believe the system works well as a whole. The latest salvo in the debate has focused on electronic voting machines, known more formally as direct recording electronic, or DRE, machines.

Bev Harris, a well-known voting-security activist, joined Mercuri in the presentation, stressing that the system needs to be fixed, and soon.

"What we have is poorly designed software that isn't tested properly, and they don't use the tested software anyway," she said. "And we have bad operating procedures, and we don't follow them anyway. And afterward, everyone covers their ass."

Others should also be worried, Harris said. Computer scientists and politicians should not be the only ones who are part of the debate. Opinions should also be sought from experts in other disciplines. The fear of election fraud should have election officials talking to accountants, for example.

"We had a computer scientist talk about why there is a good reason to have three sets of books in a voting machine," she said. "But an accountant would know that there is only one reason for a double or triple set of books, and that is fraud."

Mercuri also showed data that indicated that the latest touch-screen voting machines don't perform significantly better in elections. While a Diebold touch-screen DRE machine had the lowest error rate in the California election over the issue of whether their should be a recall, it had the third-highest error rate for candidate votes, she said.

The acceptance of such errors as "part of the process" has to stop, she said.

"With the error rate we are seeing in elections, in any other scientific discipline, you would have a 'do over,'" she said. "In voting, you just keep counting until you get the result you want."