VotersUnite.Org
is NOT!
associated with
votersunite.com
|
Voting machines won't be retested, state officials say TALLAHASSEE - Top computer scientists and voting experts said Thursday that Florida must re-examine the way it tests voting machines and needs to verify claims by a Tallahassee elections official who said hackers could alter some computerized election results. But acting Florida Secretary of State David Mann, whose office oversees the state elections department, said Thursday that he has such ''confidence'' in his agency's certification process that he has no intention of doing any double-checking right now. At the center of the controversy: Leon County's elections chief, Ion Sancho, a nonpartisan maverick who's determined to avoid the 2000 Florida elections' debacle that led lawmakers to mandate the very computerized voting systems he is now questioning. Over the past six months, Sancho gave two computer hackers access to his optical-scan voting machines, in which voters cast fill-in-the-blank ballots. Attacking different parts of the system from the inside, the hackers said they were able to easily bypass security codes, make losing candidates win, add or subtract voters and do it without leaving a trace. On Tuesday, Sancho officially dumped the voting machine system made by Diebold Elections Systems in favor of another made by Election Systems & Software. ES&S also manufactures Miami-Dade and Broward's ATM-like touch-screen voting machines, which experts say also could be vulnerable to attacks from advanced insider-hackers. A Diebold spokesman said Sancho's test was bogus. Including Monroe, 29 counties use Diebold's touch-screen and opti-scan machines. The reports from the Leon County hackers, especially the most recent from Finnish computer scientist Harri Hursti, raised red flags in the small world of computer-security and voting experts. ''The most important thing is that these claims not be ignored,'' said Ronald L. Rivest, a Massachusetts Institute of Technology scientist who's known among colleagues as one of the world's most influential computer cryptographers. ''These claims by Hursti look credible. If the claims he makes are correct, it's a rather large loophole,'' said Rivest, adding that he has not examined Hursti's results in depth. ``They are technical claims and they can be examined.'' SECURITY STANDARDS Rivest sits on the federal Elections Assistance Commission's technical guidelines committee, which is attempting to adopt better security standards for electronic voting machines. He said previous standards ''were quite light on security,'' but though the new standards are stricter, ``we have a ways to go.'' Rivest said state approval of voting machines are generally ``worth a grain of salt. A skeptical attitude about security claims is a good idea.'' But Mann was more sanguine about the way the state approves voting machines and the security measures that supervisors of elections employ to ensure every vote counts. ''I'm confident in the certification procedures that we went through with this department. When used within the context of a normal election and the security procedures that all supervisors follow . . . we're confident that that equipment operates correctly and gives accurate results,'' Mann said. He added he knew little of Sancho's tests and said his agency ''would love to sit down with him.'' Mann said he would wait for Sancho to invite his office. Sancho said he called Mann's office Wednesday and received no response. He plans to send a letter officially notifying the Secretary of State of his findings. Echoing Diebold, Mann said the only item he was ''concerned'' about was ''when, or if, a supervisor releases codes and accessibility to the system that he's responsible for running.'' Sancho, who has frequently clashed with the agency that operates just down the road from his office, said he never gave away codes and that such statements smacked of ``shooting the messenger.'' Mann also said he found some ''good news'' in Sancho's hacker tests: ``When those individuals tried to hack from the outside, they couldn't get in.'' Sancho said he gave the hackers inside access to see if an operative could easily change votes. Sancho met the computer experts through a group called BlackBoxVoting.org, which has questioned the integrity of electronic voting systems, particularly Diebold's. The first hacker, Herbert Thompson, was able to break into the central calculator and disguise 60,000 hidden votes for a candidate. Thompson, a computer-security expert and professor at the Florida Institute of Technology, said he was surprised by how easy it was to outwit the system. Next up was Hursti. Rather than attack the central calculator, he manipulated data on a small memory card that election workers into each vote machine in the morning. The memory card, which records votes, is fed into the calculator at day's end. Computer experts say Diebold's system was prone to easy attack for three reasons: Some of its computer code was mistakenly posted on the Internet for about five years, and it uses Windows-based programming that's well-known, as is the technology underpinning the memory cards, which resemble the cards on digital cameras. Diebold spokesman David Bear said the tests weren't fair because they didn't simulate real-world conditions. ''If I gave you the keys to my house and I turned off the alarm and told you when I wasn't going to be home, I don't doubt you can get into my house,'' Bear said. ``The fact is, no one has been able to do this in an election, and no one will.'' NEED FOR VIGILANCE But Doug Jones, a computer-security expert from the University of Iowa, said everyone needs to be vigilant. Jones was hired by Miami-Dade County two years ago to help fix an auditing function on its touch-screen machines. Jones said that Miami-Dade and Broward also use memory cards similar to the ones manipulated by Hursti, but they're tougher to access and appear to have a harder-to-crack code. In each county, elections workers start up each voting machine by ing a cartridge that communicates with the memory card and, at day's end, records all the votes. If someone were to get access to these cartridges, figure out the code and then slip them past the counties' multiple security layers, the election results could be electronically rigged, Jones said. ''That's not likely right now. But that could happen five years down the road,'' Jones said. Echoing other experts in the elections field, Jones said the key to avoiding fraud is to have tight security and multiple reports showing how many ballots were cast and where. Like Sancho, Jones and other computer experts said touch-screen voting machines should be equipped with a paper receipt that could be used to verify vote counts. Right now, Florida law makes recounts difficult and doesn't allow for receipts on touch-screen machines. Still, Jones credited Florida's secretary of state's office for its ''above-average'' efforts to certify voting machines. But he said the attitude that Florida needs no improvement could invite disaster. ''Rigging elections is an age-old problem and is a threat to our very democracy,'' he said. ``Just that threat alone should be a call to action for the state.'' |
Previous Page
2004 to 2009
Previous
Features
Accessibility Issues
Cost Comparisons
Handouts
Copyright © 2004-2010 VotersUnite!