lever by Marta Steele
In a lively and provocative panel discussion on May 16 at George Washington University (GWU) in Washington, DC, a panel of experts addressed and spoke with a roomful of experts on the trials and tribulations of the prospect that two-thirds of the states are planning to implement Internet voting (which I will call I-voting, to distinguish it from the more generic term e-voting) in the critical election year of 2012.
Moderated by GWU's Dr. Lance Hoffman, director of the Cyber Security Policy and Research Institute (CSPRI, also cosponsor), the panel included attorney Matt Masterson, the Deputy Elections Administrator for the Ohio Secretary of State and member of the Elections Assistance Commission's guidelines committee; J. Alex Halderman, assistant professor of computer science and engineering at the University of Michigan; and Dr. Costis Toregas, assistant director of the CSPRI.
Sponsoring the panel, which attracted participants from as
far away as Florida and California, was the GWU-based CSPRI, founded to promote
interdisciplinary research on problems related to computer security and
The event was co-sponsored by the grassroots group Verified
Voting, founded in 2002 by cyber experts and computer scientists as well as
concerned citizens, and now headed by Pam Smith, who addressed the group at the
beginning and end.
Said Smith, there are all sorts of systems transmitting
votes over the Internet. Among them are two laudable endeavors: emailing
ballots overseas to be printed up and faxed or mailed back, and online
registration, once the glitches are addressed, especially those produced by
It is the ease with which the Internet can be hacked into [and
a 100 percent probability of that, Halderman added later] that should hinder
the proliferation of I-voting before its time--that is, before breakthroughs
accomplish what seems today to be impossible, the security and integrity of our
votes. (Today one hundred percent of I-voting invites fraud, said Halderman
later.) When the needed breakthroughs are made, which may not be for decades, we
Until then, transparency and security are best accomplished
through hand-counted paper ballots (hcpb). There was some applause from the
group, though differences of opinion were evident.
Halderman, the first panelist to speak, noted that
electronic voting in this country is the product of vendors with minimal input
from computer scientists, who comprise a sizable majority of activist groups
inveighing against such machinery, and who succeeded in sharply reducing the
number of direct-recording electronic voting machines (DREs) to one-third of
all used; the other two-thirds are optical scanners (opscans), with a
smattering of hcpb used in New Hampshire and far too few other places.
The UMI professor worked with the well-publicized Princeton
University computer scientists who hacked into Diebold TSx machinery in 2006 in
less than a minute. To our amusement, he admitted that the machine used was
authentic, donated anonymously by someone who met them in a dark alley behind a
hotel in New York City, who handed them the "goods" in a black leather
Diebold, hugely sensitive about all the negative publicity
it had already attracted, had made it difficult to obtain its machinery more
With one infected memory card, said Halderman, all of the
voting machinery in the state could be virused. In New Jersey all voting is
done on DREs.
These findings were corroborated by the famous Top-to-Bottom
study ordered in California by the newly elected secretary of state Debra
Bowen, a project in which Halderman participated.
The Princetonians next turned to Sequoia AVC Advantage DREs,
used by most counties in New Jersey. By successfully running the oldest version
of the computer game Pacman through it, the group proved that these machines
were also easily hackable when used for their primary purpose, voting.
I-voting presents whole new sets of challenges, continued
Halderman. Before the 2010 general election, a mock election was held, with the
public invited to hack it if they could. The format was open source--that is,
the source code was publicized. Voters, given a personal i.d., saved it and
voted. But the complicated source code was inevitably found to contain a bug--single
quotation marks had mistakenly been used where double quotes were needed. And
thus the machinery was invaded.
The real election had been scheduled a week later.
Halderman's team invaded subtly, adding a UMI football fighting song where a
"thank-you" page had previously ended the process for the public. The glitch
was discovered two days before the event, which was quickly called off.