The Times Magazine has published an extensive article on problems with electronic voting. It's a net gain for the effort to restore verifiable public elections, and it's about time the issue got extensive treatment in big media.
Good as most of the Times piece is, it pushes a meme that needs to be smacked down immediately.
The meme: hacking of voting systems is not a great danger because there is no evidence of any attempts to hack machines. From page 10 of the online edition:
This is a great oddity in the debate over electronic voting. When state officials in California and Ohio explain why they’re moving away from touch-screen voting, they inevitably cite hacking as a chief concern. And the original, left-wing opposition to the machines in the 2004 election focused obsessively on Diebold’s C.E.O. proclaiming that he would help "Ohio deliver its electoral votes" for Bush. Those fears still dominate the headlines, but in the real world of those who conduct and observe voting machines, the realistic threat isn’t conspiracy. It’s unreliability, incompetence and sheer error."
One of the features of even good computer systems (and the present generation of computer-based voting equipment does not fall within that category) is that it is possible to hack them and leave little trace of the effort.
But don't take my word for it.
Let's start with a few gems from the report of the academic computer scientists who analyzed the equipment used in Ohio (and Ohio uses the same equipment as about 90% of the American electorate, by most accounts.)
This report was made public just over two weeks ago.
From page 21 (p. 39 of pdf):
Some attacks are
undetectable no matter what practices are followed. Others are
detectable in principle, but are unlikely to be detected by the routine
practices currently in place; they might be detected by an in-depth forensic
audit or a 100% recount, for example, but not by ordinary processes. Still
other attacks are both detectable and likely to be detected by the practices
and processes that are routinely followed. The potential harm caused by the
former two classes of attacks surpasses what one might expect by estimating
their likelihood of occurrence. The mere existence of vulnerabilities that make
likely-to-be-undetected attacks possible casts doubt on the validity of an
election (see Section 3.2.3). If an election system is subject to such attacks,
then we can never becertain that the election results were not corrupted by
undetected tampering. This opens every election up to question and undercuts
the finality and perceived fairness of elections. Therefore, we consider undetectable or likely-to-be-undetected attacks to be especially severe and an especially high priority.
p. 4(p. 22 of pdf)
The review teams were able to
subvert every voting system we were provided in ways that would often
lead to undetectable manipulation of election results. We were able to
develop this knowledge within a few weeks. However, most of the problems that
we found could have been identified with only limited access to voting
equipment. Thus, it is safe to assume that motivated attackers will quickly
identify – or already have
– these and many other issues in these systems. Any argument that suggests that the attacker will somehow be less capable or knowledgeable than the reviewer teams, or that they will not be able to reverse engineer
the systems to expose security flaws is not grounded in fact.
Regarding the Diebold equipment used so extensively throughout the US:
p. 122 (p. 140 of pdf):
The audit logs created by Premier [Diebold] voting equipment are therefore not sufficiently protected to provide trustworthy information for forensic analysis.
And from the computer scientists who reviewed Diebold source code for California:
p. 59 (p. 66 of pdf):
"Viruses and other malicious software could be designed to remove traces of their activities from the voting machines at the end of the election, so workers need to collect and preserve evidence even before they suspect an attack."
To bring it home, from the report of the Brennan Center for Justice Task Force on Voting System Security. Read about the task force here.
Tampered software must not leave
telltale signs of the attack in any Event or Audit Logs. There are a number of
ways the attack program could accomplish this goal, depending upon the nature
of the attack program and the software it targets:
■ Tampered user-interface software could display the wrong information to the
voter (meaning the voter believes his vote has been recorded accurately),
while recording the attack program choice in all other system events. In this
case, there would be no trace of the attack in the event log.111
■ Tampered Driver software for storage devices or tampered BIOS112 could
alter what is written to the storage devices.
All three voting systems [touchscreens without a paper trail, touchscreens with a paper trail, and optical ballot scanners] have significant security and reliability vulnerabilities, which pose a real danger to the integrity of national, state, and local elections.
So one has to agree that there is no evidence that machines have been hacked. But to extrapolate from that statement that the potential hacking is not a grave concern is just plain wrong.
What to do?
Start by paying attention to the upcoming e-voting primaries, starting in South Carolina, which uses the Ford Pinto of voting systems. Educate the candidates. South Carolina votes January 19 for the Republicans, and January 26 for the Democrats. It's a Hail Mary, but if candidates get enough heat, they might just ask South Carolina not to use its horrible statewide paperless system.
And tell your Senator to support S.2295.
And don't let up. Let's make 2008 the last year we have to worry about voting machines.