How Safe Is Your Vote? 'Make Sure No One Steals Elections,' Kennedy Says
Reports of insecure voting machines have many worried.
By Gil Kaufman

For the first time in U.S. history, most voters will be touching a screen to cast their votes on November 7, rather than punching a card or filling in a form.

But concerns about the security of electronic voting machines continue to make headlines, and highly controversial results stemmed from the use of such technology in the last two presidential elections. So with just two weeks to go before the elections, we asked several experts, "Just how safe are our votes?"

"The concern raised by computer-security experts is that electronic voting machines are less secure, less reliable and less accurate than the paper-based systems before them," said Dan Seligson, editor of the nonpartisan Web site ElectionLine.org, which recently issued "Election Preview 2006: What's Changed, What Hasn't and Why," a 68-page study examining issues on a state-by-state basis. "In the conditions they created in the lab, they were able to break into a machine using malicious code without being detected, though no one has been caught trying to do that in an election yet. Whether you could do that on election day is questionable."

Not if you ask Robert F. Kennedy Jr., son of the assassinated 1968 presidential candidate, president of the environmental group Waterkeeper Alliance and author of "Will the Next Election Be Hacked?," a recent article in Rolling Stone that questions the security of electronic voting. "A study by Princeton University done three weeks ago showed that a Diebold voting machine could, in 60 seconds, be infected with a malicious code that could infect every other machine through the central tabulator in that county and fix an election," Kennedy said on Friday. "And the government's own Government Accountability Office found in their study that there are 120 vulnerabilities ? or ways to hack these machines ? some of which have been corrected. But even if all the problems were fixed, the GAO gave the machines a C-minus."

With three of every 10 voting jurisdictions in the U.S. using new voting technology, and with low-paid poll workers ? whose average age is above 70 ? scrambling to learn the sometimes confusing new technology and new voter-eligibility rules, questions linger over the safety of their use.

"These machines are not stored in a locked warehouse. They're taken home overnight by election officials in many cases, and it's been found that the locks on the machines can be picked in 10 seconds," Kennedy said. "If someone ed malicious code into one of the machines, it could infect the central tabulator where all the votes are counted at the end of the day, and that viral code could infect every other card that is put in that tabulator and change the result of an election. If you know the right counties ? and there are two counties [each] in Florida and Ohio that have decided the last two presidential elections ? you can control the presidential election."

Disturbing stories have already emerged in the run-up to this pivotal midterm congressional election ? one in which many races are dead heats and control of Congress hangs in the balance (see "With Control Of Congress At Stake, Attack Ads Hit New Lows"). ABC News reported that former Maryland Democratic legislator Cheryl Kagan opened her mail recently and found three computer discs and an anonymous letter saying that they contained the secret source code for vote-counting that could be used to alter the votes cast through Maryland's new electronic voting machines.

Though representatives of the machine's manufacturer, Diebold, said the codes are useless because election workers can set their own passwords, ABC obtained a report that said many of the original factory passwords are still being used on Diebold machines in Maryland, which could result in someone gaining access to the system and potentially skewing results. Diebold has also countered that the Princeton experiment used outdated machines and software, but malfunctions in primaries earlier this year have raised serious questions about the machines. One glitch caused some 100,000 votes to be added in a Texas race, and there were multiple reports of frozen screens in Maryland, where memory cards also were misplaced. In some states, officials are urging constituents to vote absentee to avoid any potential issues.

David Bear, a spokesperson for Diebold ? whose touch-screen machines will be used in more than half of the 50 states ? said many of the issues attributed to his company's machines are based on old or faulty information.

"They erroneously assumed these machines are like computers," Bear said of the computer scientists and hackers who claim they've cracked voting-machine codes. "They are only plugged into the wall for power; they are not computers [and] they're not plugged into the Internet. A lot of these 'security experts' that have passed judgment don't have an appreciation for the environment we're operating in. They're saying these are how these things would operate in a computer/Internet world, but we're not in a computer/Internet voting scenario." According to Bear, before elections the machines are kept behind a locked door with a secure piece of tape covering the slot where the memory card is ed.

Bear said in addition to being based on outdated software and equipment, many of the studies that have found Diebold's machines vulnerable were done in a scenario of "complete and unfettered access to the system over months in an environment that doesn't exist." He did, however, acknowledge that the machines would be more secure if each had a unique lock. "But that's not the point," he said, citing Georgia as an example of why unique locks are unfeasible. With 22,000 touch-screen machines, two keys would have to be made for each machine (one for the Democratic and one for the Republican election official), and if any of those keys went missing, voters would be disenfranchised because the machine would be unusable.

One of the benefits of the new machines, Bear said, is that they don't allow voters to "overvote" ? or vote for more than one candidate in the same race ? which happened in the contested 2000 presidential election between Bush and Al Gore and led to thousands of votes being disqualified. The machines also help avoid undervoting by asking each person to verify that they intended to skip voting on a certain issue or contest.

As for allegations that the voting system can be hacked, Bear said the claims were made by people who had either never seen the voting systems Diebold is currently using, or who had never seen them in an environment in which they are actually used. He explained that after voters' names are verified by a poll worker, they are handed a credit card-like device that has the information for the races in their precinct, and once the votes have been cast, the machine displays a summary screen that asks if the votes are correct. In the states where a paper receipt is available ? which is approximately half of them ? a receipt is printed out and then placed in a secure canister, which is collected along with the voting cards at the end of the day.

Bear said the Diebold cards cannot be altered, and because a vote is duplicated on an internal memory card as soon as it is cast, there are multiple ways to make sure the vote count is accurate. He added that each machine is tested in the presence of a Democratic and Republican election official before it is deployed.

However, Kennedy countered that in Florida, for instance, laws have been passed that do not allow recounts to use any data but those supplied by the machines, even if there are paper receipts to double-check by.

Bear remains unconvinced. "You would need so damn many people to be involved in any kind of attempt to corrupt the system that you could win just by getting them to vote," he said. "They'd all have to be in on it and work around so many pass codes ... it's so unlikely a scenario that I believe it's nonexistent. The best way to affect the election is to literally knock over the machines and deny people the ability to vote."

So where are all these stories about potential vote fraud coming from? "I think it's a lack of familiarity," he said. "When they introduced lever machines, there were all these conspiracy theories about how people would use them to steal elections ? the same kind of stories when they introduced punch cards and optical scanning."

While discounting the fear-of-new-technology argument, Kennedy warned that the worst fraud may not even come from the machines, but from people. "It will occur in the ways I outlined in my article about the 2004 election," Kennedy said of an earlier Rolling Stone piece called "Was the 2004 Election Stolen?" The article claimed, among other things, that it was the denial of the vote to poor, disenfranchised, black, young and Democratic voters that helped George W. Bush defeat John Kerry.

"The machines are misallocated in black neighborhoods; they do felon purges where they [eliminate] hundreds of thousands of names from voting roles. If [for example] you remove all the Robinsons or Jacksons, common black names ... and you remove anyone who has the same name as a felon, they will arrive at the voting booth and find their name not there and won't be able to vote," he said. "If Republicans control the process in the state, it would be very easy to target neighborhoods or precincts where there are large Democratic voter [numbers]. It could go either way. Democrats steal elections, too, if given the chance. We should make sure no one steals elections. We have 10,000-20,000 soldiers maimed or killed trying to establish democracy in Iraq and we're spending $2 trillion on that effort, so we should put the same amount of effort into democracy in Ohio and Florida."

Seligson said he was a poll worker in a recent primary in Washington, D.C., where he saw firsthand how electronic fraud could take place ? and it has him worried. Instead of the 11 poll workers who were scheduled to work, there were actually four, including two "old ladies" who signed people in and one precinct captain, which left Seligson alone to run the voting machines. "The notion that I could tell if someone took malicious code and put it on a card that looks like the ballot-activator card?" he said. "There's no way I could see that."

Despite his concerns, Seligson said he believes elections are "generally secure" and he isn't terribly concerned about people hacking the machines. "The potential payoff for changing votes on one machine is not equal to the amount of trouble you could get into," he said.

An equally big issue looming for voting-rights watchers is the new laws requiring voters to show ID, and for states to have a voter-registration database up and running by November 7. Seligson said young voters, who are accustomed to showing ID, will be least affected by these new rules (see "Decision 2006: If You Don't Vote, Older People Will Be Doing It For You"). "It's the elderly and people who are less in the mainstream that might suffer," he said. According to a recent Associated Press story, because some states have not set up their databases in time, some registered voters with every right to cast a ballot may be turned away because their names are not on the list.

No matter what the case, citizens bear a responsibility for making sure their own votes count. If you see anything unusual or troubling ? such as a name appearing on the screen that is different from the one you intended to vote for, or your name not appearing on a registration list ? Kennedy suggests that you call the bipartisan group monitoring the election at 1-866-Our-Vote.