Utah's OK with voting machines
By Josh Loftin, Deseret Morning News
June 3, 2006

      A report detailing numerous security flaws in the electronic voting machines that will be used in this year's Utah elections has been met with a yawn from state elections officials, despite increasing national attention to the problems.

      "Yeah, and ... ?" said Joe Demma, the chief of staff for Lt. Gov. Gary Herbert, whose office supervises elections in Utah, when asked for his response to the report from nonprofit voting accuracy organization Black Box Voting. The report was released in May and stems from voting machine tests the group did in Emery County earlier this year.

      "It's like learning that if you put a match to paper, the paper will burn. It's not new information," Demma said.

      The security flaws Black Box Voting found in Diebold voting equipment range from physical, such as plugs that can be easily kicked out of sockets, to technical, such as the boot loader that "seems to enable a malicious person to compromise the equipment." Other vulnerabilities include:

 
       ? The embedded versions of Windows CE could allow individual files, and possibly the operating system, to be altered.

      ? The machine casings can be removed with a Phillips screwdriver, allowing access to PC card slots and memory cards.

      ? Memory card slots might be usable to install wireless networking capabilities, potentially allowing hacking of the machine without physical access.

      ? An unmarked button that is "completely accessible for all voters in the standard voting booth" could allow a manual reset of the machine.

      While some of the reported flaws, such as the wireless access capability, are "simply wrong," according to Demma, there are some potential holes that the state knew existed. To manipulate the machines, however, would require access that "you could never get unless you were a county official or Diebold worker." And because of the paper trails the machines generate, it would take corruption from officials on both ends of the election process to actually rig an election.

      In other words, the potential for a stolen election is in the hands of elected county clerks, just as it would be with any type of ballot. The only difference, Demma said, is that the redundancies built into the machines "have raised the bar" for election security.

      "These county clerks, if they were nefarious, could potentially corrupt the election," he said. "But that's assuming there are bad county clerks, and we don't think that's the case."

      The testing that spawned the report was done at the request of embattled Emery County Clerk-Auditor Bruce Funk in mid-March, after he discovered memory discrepancies on the electronic machines delivered to him by Diebold Elections System.

      While Diebold and Utah election officials have been highly critical of Funk's actions, which may cost him his job, and the Black Box Voting report, the problems have attracted national attention because many states, like Utah, will be using these machines in upcoming primary and general elections. Some states, such as Pennsylvania, have even gone so far as to insist that all of the problems be corrected before the machines are used.

      Bev Harris, the founder of Black Box Voting, said that the problems found in Emery County have brought into focus what she considers a fundamental problem with the electronic voting machines: the inherent trust of Diebold, a private company, and elected officials.

      "When we had paper ballots counted by hand, it didn't always work," Harris said. "But it was never assumed that you had to just trust the election officials. We never had an elections system based on trust but one based on verification."

      She is disappointed that Utah elections officials have not responded to the report "by asking questions or forming committees" but instead have attacked the people who pointed out the problems.

      "His (Herbert's) job is not to protect Diebold, it is to protect the voters of Utah," she said.

      Diebold spokesman David Bear said that the details in the report are distorted as potential problems, when those details are really built-in tools to allow updating of the machines and programming for elections.

      "They took a functionality and couched it as a vulnerability," he said.

      Like Demma, he does not deny that the machines could be corrupted by somebody intentionally fixing or ruining an election but said that they are much more secure than punch card ballots and practically eliminate the possibility of voter error.

      "There's almost a belief that technology has created these issues," he said. "But if anything, these machines will help protect against these issues better . . . you've got to separate the what-if scenarios from the facts, and the facts are that these machines have been used for 10 to 15 years successfully in other places."