By Seth Hallem

While Joe the Plumber has become an unlikely figure this election season, let’s hope we don’t end up talking about Harry the Hacker.

It could happen. When America goes to the polls on Nov. 4, voting machines in several key states will be surprisingly vulnerable to security and accuracy concerns.

Harry the Hacker – perhaps he’s a crazy geek or a poll worker with an ax to grind – could change election results by, say, monkeying around with the software code in voting machines or injecting a virus into a server used to count ballots.

I know because my company makes a software tool that has been used by officials in Florida and elsewhere to assess critical security flaws in electronic voting systems.

The experience has left me convinced that many states are unprepared to properly safeguard the accuracy of election returns. The risk of compromised results is unacceptably high.

The “voting industry” – the companies that produce voting systems and the government agencies that buy them – is largely unregulated when it comes to the security and reliability of the software underpinning electronic voting.

Contrast that with, say, the U.S. Food and Drug Administration, which demands thorough accounting of the development of software behind medical devices. Or with federal and state initiatives to place new requirements on businesses to protect personally-identifiable information such as credit card numbers.

Electronic voting machines use millions of lines of software code – similar to what’s in your Blackberry or iPhone – but often are astonishingly easy for a hacker to penetrate.

Florida’s statewide review of e-voting technology earlier this year found that a glitch in optical-scan software made by Diebold Election Systems (now called Premier Election Solutions) could allow a hacker to introduce an “unofficial” memory card into a terminal before an election. Such a card can be preprogrammed to essentially swap the electronically tabulated votes of two candidates or reroute all of one candidate's votes to a different candidate.

In any system running on millions of lines of source code, vulnerabilities are almost a given. What’s necessary is adoption of best practices to minimize or eliminate those exposures up front.

The U.S. Constitution and federal law place many presidential election responsibilities on the states. But the states, while aiming to modernize voting systems, have done a poor job insulating the technology behind these systems -- because of cost or simple lack of sophistication.
A study released in mid-October that gauged election preparedness in all 50 states concluded that while many “have made dramatic improvements in their voting systems… there is still much work to be done to ensure that every voter will get to vote and every vote will be counted if something goes wrong with voting systems on Election Day.”

The report -- by the Brennan Center for Justice at New York University's School of Law, Common Cause and the Verified Voting Foundation – found that nine states (Alabama, Illinois, Kentucky, Maine, New Jersey, South Carolina, Texas, Utah and Virginia) lack sufficient provisions to make sure that every vote is counted, and only once.

Because I am going to be away from California on Election Day, I’m voting by absentee ballot this year. In San Francisco we generally use a paper ballot with an optical reader. I find California’s to be one of the safer systems, although Florida’s study showed that the opportunity to manipulate the optical readers exists, too.

What’s good about the California system is that there is a paper trail in case things go wrong.

No state should allow voting electronically without some

You do not have flash or javascript support.

Average (2 votes)

Reply