Electronic-voting firm reveals hacker break-in

By Monica Soto Ouchi
Seattle Times technology reporter

Bellevue-based VoteHere, which sells software designed to make electronic voting more secure, said yesterday a hacker it thinks was politically motivated broke into its computer system and stole nonsensitive internal documents.

The break-in occurred in October but was only publicly acknowledged yesterday by Chief Executive Jim Adler.

The incident occurred after the hacker exploited a vulnerability in the company's corporate software. VoteHere was "a couple days behind" updating a security patch, spokeswoman Stacey Fields said.

VoteHere said it identified the hacker within 24 hours of the break-in and that it believes the person is affiliated with anti-electronic voting organizations.

The Washington Cyber Crime Task Force — an affiliation of FBI, U.S. Secret Service and local law enforcement — is investigating.

No one has been arrested, Fields said.

The breach comes amid growing concern about the security and reliability of electronic voting.

Bev Harris, who runs a small Renton public-relations firm, helped energize citizens and computer scientists concerned with the potential for election fraud after earlier this year discovering an open, unprotected Web site that revealed source code for Diebold voting machines.

The most vocal opponents have called for electronic-voting systems to be backed up by voter-verifiable paper audit trails, a move adopted by California's secretary of state.

VoteHere sells two electronic-voting products. One, encryption-security software for electronic-voting machines, detects when ballots are compromised by adding, deleting or changing a vote.

The other is Internet voting software for private and public elections.

Adler said the hacker didn't access sensitive materials because the company's business model rests upon releasing its source code for all to see.

VoteHere deploys the same encryption technology used to keep credit-card data private during online transactions. The secret is the "key data," a 10-digit number that unlocks the information.

"We're a bunch of cryptographers that decided all the algorithms must be public for the system to be trustworthy," Adler said.

"There's no secret in any of this."

VoteHere released some of its source code earlier this year to be scrutinized by VerifiedVoting.org, a grass-roots organization pressing for accountability in election systems.

David Dill, the group's founder and a Stanford University computer-science professor, said he has yet to find a volunteer with the expertise to verify the company's systems.

"What I think we need, before I'm confident in a system like VoteHere, is a near consensus among experts in cryptography and election administration that the system is trustworthy," Dill said.

"At this point, people haven't looked at it enough to gain a consensus."

Monica Soto Ouchi: 206-515-5632 or msoto@seattletimes.com