News & Politics > Investigative Report

Don’t Touch That Screen! What You May Not Know About Voting Machines
By Josh Robinson . Illustrations by Jacob Goble

At a time when the US is aggressively promoting democracy around the world in places like Afghanistan, Iraq, the Philippines, and Columbia, many observers are warning that democracy is under dire threat right here at home. In addition to scandalous campaign financing and oligarchic media coverage of political races, the technology used to record and tabulate votes in American elections has the potential to eliminate the intent of the citizenry from the process of selecting leaders. The issue is neither butterfly ballots nor pregnant chads, but the supposed solution to previous polling problems.

The debacle and public outrage surrounding Florida’s presidential ballot in 2000 resulted in the Help America Vote Act, a piece of legislation intended to resolve issues caused by old mechanical voting technology, including punch card machines. The Help America Vote Act provides $3.9 billion in funding for the states to purchase or upgrade voting machines. It does not, however, provide any oversight or regulation of how the money is to be spent. Most of it will go toward new electronic voting technology.

One concern about the rapid increase in electronic methods to record and count votes is the source of the technology used to tally the results. A small number of largely privately held corporations provide all hardware and software used in electronic voting. In addition to the potential for cost-cutting, profiteering, or malice leading to unreliable or insecure products, it appears that the major industry players have strong ties to the Republican party, creating the appearance of a conflict of interest.

The situation is “insane,” says Lynn Landes, a freelance investigative journalist who describes herself as “the foremost expert on [voting technology and security] in my profession.” “There is no reason for anyone to have any confidence in American democracy until the way we vote is fundamentally changed.” According to Landes, there is “absolutely” no chance for a fair election next year because of the serious flaws in voting equipment, especially electronic voting machines. “We’ve lost the right to vote for ourselves to a ‘conspiracy’ of the handful of corporations that manufacture voting machines, and their backers and supporters.” As this equipment is currently manufactured, says Landes, “there’s just no way to verify” the outcome of an election, because, “nobody can see through walls.”

As Landes sees it, the only legal vote is one marked directly by the voter. She says that there are non-mechanical ways for the disabled to directly mark their ballots while maintaining their privacy.

Dr. Rebecca Mercuri, a professor at Bryn Mwyr College, has developed a method for creating an auditable paper trail with electronic voting machines. Dubbed the “Mercuri Method,” it involves all machines creating and storing a clearly legible paper ballot, which the voter would view and verify before completing the voting process.

To Landes, however, this is not enough. If you use any type of machine to record your vote, Landes says, “you are not voting. The machine votes for you.”

CORPORATE OWNERSHIP OF VOTING MACHINES
Two corporations provide the equipment used to count as much as 80 percent of votes in the US: Election Systems and Software (ES&S) and Diebold Voting Systems. There is one other major player, Sequoia Voting Systems, Inc., and one up-and-comer to watch, Science Applications International Corporation (SAIC).
Neither the Federal Elections Committee nor the Department of Justice regulates these companies or their products, so it did not come as a surprise when a recent study by researchers from Johns Hopkins and Rice universities found serious flaws in software used to operate touch-screen voting machines made by Diebold. Diebold, the second-largest electronic voting manufacturer, claims its equipment is used to count 33-35 percent of votes tabulated by optical scanners or touch-screen machines in the US.

The software studied by the researchers, which is believed to be the proprietary source code used in Diebold’s AccuVote-TS voting terminal, contained numerous potential security problems, in addition to easily exploited shortcomings in the hardware it runs. Compounding all this, the code, which Diebold refuses to allow the public to audit, was discovered unencrypted on a publicly accessible Diebold Internet FTP (file transfer protocol) site.

This discovery, which voting technology expert Bev Harris, author of the book Black Box Voting, first reported, apparently occurred in January. On July 23, 2003, Aviel D. Rubin of Johns Hopkins and Dan S. Wallach, a professor at Rice University who researches computer voting security, along with Johns Hopkins graduate students Tadayoshi Kohno and Adam Stubblefield, released a detailed analysis of the code entitled “Analysis of an Electronic Voting System.”

The use of smartcards is one of the key cited areas of vulnerability in the system they studied. Their report states that the programmers did not encrypt the communications between the card and reader, and goes on to detail the many ways a hacker could easily counterfeit voter-identifying smartcards.

The simplest method of tampering with election results through the use of smartcards would involve creating fake voting cards that can be authenticated once to activate the voting process. Possessing multiple cards would give the attacker the ability to vote as many times as he or she had cards, and creating the cards would be simple and inexpensive.

The cards themselves can be purchased over the Internet for little more than three dollars apiece, as can smartcard reader/writers, which are priced at approximately $100. Stepping into the privacy of a voting booth, an individual with fraudulent intentions could easily scan his or her valid voting card at the precinct, make a few new ones to cast additional votes on the spot, then go home and make many, many copies for further fraudulent voting by others on the same day.

This is possible because the voting terminal communicates with any smartcard inserted into it in unencrypted cleartext, allowing anyone who inserts a fake smartcard and records the bytes sent to it can instantly learn the password and subsequently create additional voting cards which voting terminals will view as legitimate.

According to the report, even if one lacks the knowledge or equipment to record the unencrypted password sent from the terminal each time a smartcard is inserted—whether valid or not—if the password sent from the terminal does not match that programmed onto the card, the code is set to use the smartcard manufacturer’s default password. This allows anyone with access to a legitimate voter card and other smartcards with their passwords set to default to create counterfeit voter cards even without the ability to intercept the communications between voting terminals and smartcards.

Using fake voter cards to cast bogus votes would likely not be detected, as unique voter serial numbers are only recorded in the event that a voter decides not to cast a ballot after signing in at the polling place and receiving a card. Thus, the terminals will not count the number of actual voters or distinguish between real and fake votes.

FAR FROM TAMPER-PROOF
Two other types of cards exist: “ender” cards and “administrator” cards. Ender cards are used to shut off voting terminals at poll closing. They can be copied, creating the potential for other types of attacks, including shutting down polling early.

Administrator cards give poll workers additional access to the machines. They are additionally protected by a four-digit PIN. Unfortunately, as with the eight-digit password used by the voter cards, this PIN is communicated without encryption, allowing anyone with access to an administrator card to create fake ones. Also, people who understand the protocol used to communicate between the card and the terminal could create their own cards with any desired PIN, without having actual access to a real administrator card.

Another, more effective attack route via insecure data storage would require more access than a voter would have during a brief period in the privacy of the voting booth, but could be used by those with inside access to wreak havoc with election results.

Anyone with access to one of the machines could simply change the computer’s system registry file and change its ID to correspond with that of another machine. In addition, they could change the number of votes recorded in its FEC-mandated “Protected Counter” to differ from that tallied for the election overall, possibly casting doubt on election results.

Researchers claim a lack of encryption on the ballot definition file on the terminal also poses a threat to election integrity. Users with access to this file could change party affiliations, ballot order, names, and gain almost enough information to impersonate a voting terminal from any Internet-connected computer. Even when encryption is used, such as on the vote records and the audit logs, it is not done securely.

One of the widest avenues of infiltration into an election system is via the Internet. “The Diebold voting machines cannot work in isolation. They must be able to both receive a ballot definition file as input and report voting results as output,” says the Johns Hopkins report. This could allow hackers to change ballot definitions en masse, delay or prevent the start of an election, alter results, or attack voting machines directly.

CONFLICTS OF INTEREST
Regardless of the cause of the security holes in Diebold’s software, a close look at the political affiliations of the individuals behind the few corporations who hold sway over American democracy provides at least the appearance of bias and conflict of interest. Over and over, a look at the figures behind the corporations reveals connections to the intelligence community and the right wing of the Republican Party.

Election Systems and Software (ES&S) is the largest voting machine company. According to its own Web site, it provided machines that counted “56 percent of the US national vote for the past four presidential elections.” ES&S came into being in 1999 when American Information Systems (AIS) bought Business Records Corporation, and the trail of ES&S’s right-wing connections dates from before its birth.

AIS was founded in 1979 as Data Mark by brothers Bob and Todd Urosevich. At present, Bob Urosevich is president of Diebold, while brother Todd remains a VP of ES&S. They received funding from holding company H.F. Ahmansen Co., which has connections to the far-right-wing Council for National Policy and the Chalcedon Institute, which advocates imposing Biblical law over all the Earth.

Senator Chuck Hagel (R-NE) resigned as Chairman of the Board of AIS in 1995 and as president of McCarthy & Company (which is still part owner of ES&S) in 1996. Before this time, Hagel oversaw the manufacture of the machines, which would later be used to elect him to the Senate twice.

Diebold as a corporation and a collection of individuals seem almost unanimously to support the GOP, and this support starts at the top. Tech industry Web site silliconvalley.com reported in September that Diebold Election Systems CEO Walden O’Dell wrote invitations to a $1,000-a-plate Ohio Republican Party fundraiser. The letter expressed his commitment “to helping Ohio deliver its electoral votes to the president next year.” He wrote the letter the day before the Ohio secretary of state was to certify Diebold as one of three firms eligible to compete for the state’s electronic voting contract. The company itself and numerous other members of the board of directors have also contributed generously to Republican campaigns and PAC for years, according to the Institute for Southern Studies.

Sequoia Voting Systems, Inc. has a history of scandal and more recent ties with the intelligence community. In 1995, the Securities and Exchange Commission filed suit against the company and Edwin J. Hudson, Jr. In November of that year, Louis F. Oberdorfer of the US District Court for the District of Columbia ruled against Hudson, finding that he and three other Sequoia salesmen “engaged in a fraudulent scheme to inflate the revenue and pre-tax income reported by Sequoia,” according to an SEC litigation release.

In 1999, a bribery case broke in Louisiana in which Sequoia employees were implicated and, in at least one case, convicted. The scandal arose from Republican Senate candidate Woody Jenkins’s investigation into his 1996 loss to Democrat Mary Landrieu, which led to federal charges related to the bribing of election officials. Sequoia regional sales executive Pasquale Ricci (who also owns Independent Voting Machine Services) received a sentence of one year of home incarceration for his role in the paying of $8 million in bribes to Louisiana Elections Commissioner Jerry Fowler (who received a sentence of over 50 months in federal prison). Sequoia Pacific’s Regional Manager Phil Foster was also indicted, due to his “recruitment of his own brother-in-law…to help launder the kickbacks,” according to Assistant District Attorney Sandra Reber. Foster’s brother-in-law, Donald Philpot, owns Election Services, Inc. (See www.ecotalk.org for more information on the Sequoia scandal.)

More recently, Sequoia has established ties to another company, VoteHere of Bellevue, Washington. VoteHere’s area of expertise is Internet voting. According to its official Web site, its chairman is Admiral Bill Owens, who has served as Vice Chairman of the Joint Chiefs of Staff, commander of the US Sixth Fleet, and senior military assistant to Secretaries of Defense Frank Carlucci and Dick Cheney. Dr. Robert Gates, who served as Director of the Central Intelligence Agency for more than a year, sits on VoteHere’s board of directors.

Strangely, VoteHere also has ties to one of the authors of “Analysis of an Electronic Voting System,” which details the security flaws present in code for a voting machine manufactured by VoteHere competitor Diebold. Aviel Rubin of Johns Hopkins recently resigned from the technical advisory board at VoteHere after this relationship came to light. According to co-author Dan Wallach, tech boards comprise experts who have been offered potentially worthless stock options in exchange for free advice. Rubin returned his options, which had not been exercised, and which were not fully vested.

E-voting newcomer Science Application International Corporation is a huge military contractor with close ties to VoteHere. In fact, Admiral Owens used to be president, chief operating officer, and vice chairman of SAIC. Last month, SAIC announced that it had hired Kenneth C. Dahlberg as its new CEO. Previously, Dahlberg had been an executive vice-president at General Dynamics, the huge military contractor. Also on the board is another ex-CIA director, Bobby Ray Inman.

Despite a history of scandal, including pleading guilty to 10 federal felonies after a 1990 indictment related to management of a Superfund site, settling a lawsuit alleging it falsified security system tests it conducted for the Department of the Treasury, and paying $1.3 million in fines after conceding that it falsified environmental tests at toxic waste sites, SAIC is currently partnering with other contractors, such as Northrop Grumman, to train the new Iraqi Army.

Regardless of security concerns and ownership issues, experts, including Mercuri and Landes, claim that the fact of the matter is that electronic voting machines violate federal law, supreme court precedent, and the US Constitution itself. Other federal legislation, most notably the Digital Millennium Copyright Act, hampers citizens’ ability to audit election results. The DMCA is itself the subject of criticism on constitutional grounds.

Freelance journalist Lynn Landes has written that Articles I and II of the US Constitution are violated by the use of electronic voting machines because “once the machine is in the polling booth, critical parts of the voting process become unobservable.” More specifically, Landes cites three 1960s Supreme Court cases that prohibit the kind of technology being manufactured by ES&S, Diebold, et al. under the federal Voting Rights Act.

In addition to constitutional and federal laws possibly violated by the use of computer technology to tabulate votes, Dr. Rebecca Mercuri of Bryn Mawr College pointed out at least one federal law which could have improved the situation but fails to. In testimony before the US House of Representatives Committee on Science Subcommittee on Environment, Technology, & Standards in 2001, Mercuri pointed out the Computer Security Act of 1987. This act, which mandates “established standards for secure system certification,” exempts the very Congress which passed it from its provisions. Because Congress is not covered by the CSA, “they have never certified the accuracy and integrity of any computer-based voting systems used in federal elections,” Mercuri testified, concluding that, “this loophole must be changed.”

Another new piece of legislation, the Digital Millennium Communication Act (DMCA) has caused a chilling effect in regard to investigating the inner workings of electronic voting machines. In a story which broke at press time, DMCA has been invoked to prosecute those who would expose the machines to public scrutiny.

The authors of the “Analysis of an Electronic Voting Machine,” Wallach and Rubin, had access to much more of the source code from Diebold’s publicly accessible FTP site, but chose not to examine it. As stated in their report, they “only analyzed source code that could be directly observed and copied…without further effort.”

Many other files on the site were compressed using PKZip, a commonly available program with easily defeatable password protection. Nonetheless, Wallach and Rubin wrote, “We decided to limit our research to only the files that were publicly available without any further effort, in part due to concerns about possible liability under the anti-circumvention provisions of the Digital Millennium Copyright Act.”

More recently their trepidation has proven prescient. On October 10, Diebold lawyer Ralph E. Jocke e-mailed Seattle-based Internet service provider speakeasy.net and the Independent Media Center, a global association of local volunteer news organizations, claiming that Diebold’s copyright had been violated by the IMC’s Web site, indymedia.org. The lawsuit stems from a cache of internal e-mails downloaded from a Diebold server and posted to Indymedia’s Web site by an Internet user. The e-mails reveal inside knowledge that the company’s systems are flawed, and could be damaging to Diebold in other ways. But their use in a news report constitutes Fair Use according to a lawyer familiar with the case who would not speak on the record.

Diebold’s counsel sees things differently. “The material and activities at the online location(s),” Jocke wrote, “infringe Diebold’s copyrights in the Diebold Property because the Diebold Property was copied and posted to the online location(s), and is being publicly displayed at and distributed from the online location(s), without Diebold’s consent.” Or, in short, Diebold’s copyright on internal e-mails with little or no value was violated (under the DMCA) because the material was leaked to a news organization, which published it.

Later, the e-mail suggests Diebold could seek “injunctive relief to prevent further infringing activity” or sue for “costs and damages caused by the infringement of Diebold’s copyright.”

The current administration insists that terrorism is the biggest threat in the history of democracy, and that exporting our democracy around the world, by force if necessary, is the only way to fight it. This ignores the potential for democracy here at home to disappear behind a curtain of technology and trade secrets. Unfortunately, even a rigged democracy names the leaders whose responsibility it is to repair it.

For further information, call (845) 687-2435.