Many people are very concerned over the so-called "Hursti Hack" and increasing numbers of computer scientists are speaking out to express their concern on various Diebold AccuVote-TS security issues. Johns Hopkins University computer science professor Avi Rubin published a very good security analysis of Diebold voting software two years ago and the Voting Systems Technology Assessment Advisory Board (VSTAAB) with the assistance of the University of California, Berkeley also issued a good security analysis this year.
The hot topic currently in the news is the "chain-of-custody " issue. Voting machines are moved often just before and after Election Day and then stored for long periods of time between elections, often with little, if any, security oversight. Many worry that election officials wouldn't know if hackers had installed malicious programs on the machines during these unguarded periods. Blackboxvoting.org recently issued a redacted version of its "chain-of-custody report, after first stripping details that could help hackers. That report says someone with significant knowledge of computer code could install malicious programs on voting machines in a matter of minutes during transport and storage.
The proposed fix involves reinstalling the proper software just before each election, preferably in a public setting, and then locking, sealing and guarding the machines to prevent tampering before voting begins. Presumably that would require the reformatting of each voting machine, which is a standard Intel-based PC, hard drive to guarantee each machine is cleaned of any possible malicious code infection. Next, the standard Microsoft Windows operating system must be reinstalled followed by the reinstallation of Diebold's AccuVote-TS voting application on each of Diebold's voting machines. Times dozens of voting machines in every voting jurisdiction in every state, that 's a big job! It would require a small army of competent computer technicians for each election! No wonder most election officials are throwing bucket after bucket of cold water on that proposed fix! Most voting jurisdictions will never have the money or competent manpower for that significant amount of work at every election cycle. That's not to say it shouldn't be done, because it really should!!
I must say, the voting jurisdiction where I volunteer as a "poll worker " has secure chain-of-custody procedures, very good poll worker training and an excellent track record with Diebold's AccuVote-TS. In this voting jurisdiction, procedures to manage the AccuVote-TS system are tight enough that the "Hursti Hack" and most of the other headline security issues to date generally are not of great concern. That said, I know this is probably not the case in every, or even most, voting jurisdictions in every state.
Focusing on the voting machine "chain-of-custody " issue may be like worrying someone will break down your relatively secure back door to rob your house while ignoring the fact that your house has no front door at all and is open to the world. There may be a more accessible and innocent-looking security issue in the AccuVote-TS machine that some concerned computer scientists have disregarded because they have not observed an actual election with these machines. The Diebold system 's use of "smart-cards " provides an open door for any voter or poll work to commit vote fraud. Johns Hopkins University computer science professor Avi Rubin discusses "smart-card " issues in his voting machine security analysis ( http://avirubin.com/vote.pdf ) report.
What are smart-cards?
Smart-cards look like a credit card, but have an imbedded computer chip with data storage memory. Smart-cards and smart-card read/write devices are widely used in industry and government. The technology 's specifications are commonly available as are the cards themselves and card programming guides. It is the smart-card, as used by the Microsoft Windows PC based AccuVote-TS voting system, that offers an opportunity for a motivated person or group of people with some technical skill to commit voter fraud.
A smart-card read/write device on the Windows-based AccuVote machine is just another standard Windows controlled PC device, just like a PC 's hard drive or phone modem connecting it to the Internet. Anyone smart enough to hack a virus into Windows through an Internet browser or email could likely hack a virus or other code into Windows and/or the AccuVote-TS voting application itself through a smart-card read/write device with a specially prepared smart-card.
Why are smart-cards used for Diebold AccuVote-TS voting system?
The Diebold AccuVote-TS voting application is a "smart-card" activated, multilingual touch screen voting system that records votes on a removable internal flash memory card. As yet this Microsoft Windows PC based application does not produce a paper "ballot " receipt that voters can verify and deposit in a ballot-box for later "recount " verification of election results. If a voting machine 's flash memory is corrupted during an election then the election vote count is also corrupted on that machine.
In the AccuVote-TS voting procedure smart-cards are encoded with a "virtual" election ballot and given to each voter as they enter the polling place. Poll workers individually encode the smart-cards with the appropriate "ballot style " according each voter 's precinct number, political party and language after confirming the voter is properly registered to vote. The card is encoded via an AccuVote-TS machine and its standard smart-card read/write unit or small calculator-sized card-encoding device. The smart-card "virtual ballot" then defines the candidates and propositions for which the voter may cast their vote.
The voter then takes the smart-card to a Touch Screen voting machine and inserts it into the machine 's smart-card read/write device. The machine reads the smart-card and displays the voter 's election ballot image on its Touch Screen to allow voting. The voter then touches the check boxes by the candidate names to make their selections. Headphones for computer generated voice instructions and keypads are available for visually-impaired voters to privately cast their vote on the AccuVote-TS machine too. Before the ballots are finally recorded to the flash memory card the voter is given a final chance to review and change their selections.
When satisfied, the voter completes the voting process by touching the "cast ballot " button. When the cast ballot button is touched the vote is recorded on the flash memory card in the machine. The voting machine then writes a "voted " code on the smart-card, to ensure that it can only be used to vote once, and ejects it out of the card reader with a loud clunk. The voter then returns the smart-card to a poll worker who then re-encodes it with a virtual ballot for the next voter in line. Keep in mind that voters have physical possession of these smart-cards in private at the voting machine for up to several minutes.
When the polls close, a poll worker or election administrator uses a smart-card to put each machine into a post election mode where it no longer record votes. At this point, the administrator may instruct each machine to read its flash memory, where votes have been recorded, to tabulate and write a vote count summary on a cash register-like tape.
Depending on the local voting jurisdiction 's procedures the "virtual ballot box " flash memory cards are removed from each machine at the polling place and taken to a central tabulation facility or the voting machines are taken to the tabulation facility where the memory cards are removed. At the tabulation facility vote counts are read from each memory card and written into a central computer database where precinct votes are tabulated and aggregated. Some voting jurisdictions also allow the administrator to link the AccuVote-TS machine to phone jack to use the machines dial-up modem to transmit its vote data to the central tabulation facility. The flash memory card data and any printouts from the voting machines then become part of the official record of the election.
1 | 2