RealTime IT News

Fewer Glitches for Super Tuesday E-Voting

By Ron Miller

Electronic voting problems were scarce and anecdotal in Super Tuesday's coast-to-coast primaries involving 10 states, according to officials contacted by internetnews.com.

But just because the glitches were fewer than in prior computerized voting efforts was not enough to mollify critics who say security concerns cloud the immediate future of e-voting.

With electronic voting expected to account for almost half of all ballots cast in the upcoming presidential election, Tuesday's primaries provided the first widespread test of touch screen systems developed primarily by Diebold, Sequoia Voting Systems and Electronic Systems & Software.

Most complaints over e-voting reported Tuesday centered on human error and erratic enforcement of security standards by polling officials. Other voters in California, Maryland and Georgia were forced to use traditional ballots when the voting machines didn't boot up properly.

"The press is reporting [glitches], but we didn't have any direct calls here," Linda Lamone, Maryland's administrator of elections told internetnews.com. "All in all, it went as well as can be expected."

Lamone said Diebold equipment was used in 23 of the state's 24 counties with Baltimore City employing systems by Sequoia.

Kathy Tempesta, a customer support specialist from Ellicott City, Md., said her e-voting experience went smoothly.

"I checked in as normal, then the judge gave me a plastic card [like a hotel key card]," she said. "The judges had devices on strings around their necks that looked like little calculators. They stuck the card in, punched in some numbers from my forms into it, and then ejected it before they gave it to me."

After Tempesta voted, the voting machine ejected the plastic memory card and she returned it to the polling judges.

"I stuck the card into a reader attached to the voting machine and an instruction screen came up," she said. "I confess, I did read all of the instructions to make sure they were clear and I was very impressed. But I'm sure I could have figured it out if I had no instructions at all."

She also said she thought the system was secure. "I believe if people want to compromise the security of a system, they are going to do it, regardless of the system used. I didn't feel that this one was any more or less secure than others."

Avi Rubin, technical director of the Information Security Institute at Johns Hopkins and a leading critic of e-voting security, served as an election judge in Maryland.

"Votes were supposed to be submitted to the elections' authority by modem. In our precinct, the modem/phone line wasn't working, so a judge from each party took the memory cards and put them in a bag, then the two chief judges took them in car and took them to election officials," Rubin said.

"My observations was that some of the attacks I had considered were not that bad, but some were worse than I envisioned," Rubin said. "One of the things I had been talking about was problem of smart cards. We showed smart cards you could design one that could allow you to vote multiple times. In practice the judges can tell when someone was done voting and the voter couldn't put it in and vote again."

After a day of e-voting observations, Rubin's chief concern is the "accumulator machine. At the end of the day, they insert all the results from the other machines. This seemed like a vulnerable spot. Every machine has memory card that is collecting votes. You have to carry it over and put one at a time into the accumulator machine until you're done and that machine tallies the results."

He added, "The concern is that if I was writing malicious code. Here's one spot I could attack, wait until this process began and then change votes."

His experience as an election judge, however, led to a more fundamental concern.

Diebold spokesperson David Bear explained said the memory card is inside the machines behind a locked panel, which is protected by screen. "You can't get into them. Theorists can break in and pick the lock, but these people tested in a vacuum, not a real world setting. Their intent was to break in. Intent of voters was to go in and vote. What you'll hear from most election officials is that in the real world, it's not practical to break in."

Bear's assurances didn't comfort David Knopf, president of Knopf Online, a San Francisco-based consulting firm.

"If San Francisco used paperless, touch-screen voting machines -- or any electronic voting machines that run on Microsoft Windows -- I would insist on voting by absentee ballot," Knopf said. "As a computer specialist, I do not consider the current crop of touch screen machines sufficiently secure, tamper-proof, or trustworthy and would under no circumstances use one if another alternative were available."

Washington DC editor Roy Mark contributed to this story