RealTime IT News

House Leader to Meet With Vote Machine Reformers

Vernon Ehlers, chairman of the House Administration Committee, is meeting today with critics of paperless electronic voting, internetnews.com has learned.

Ehlers is meeting with representatives of Common Cause and other reform groups this afternoon, ostensibly to prepare for a hearing he has called on security flaws in electronic voting machines and the verification of vote results on September 28, said a person familiar with the situation.

Ehlers' office would not confirm this meeting by press time.

Election watchdogs and computer scientists have been highly critical of the use of touch-screen electronic machines that cannot be audited using a paper trail.

They claim that there is no way to detect whether votes cast on those machines have been tampered with unless a verifiable paper trail can be produced.

Electronic voting machines do include paper trail capabilities where required by state or local laws, but critics argue that the Federal government should require a paper trail for all such machines.

Ehlers, a Michigan Republican, noted during a hearing on election systems this summer that he was disturbed by possible security flaws in these types of machines.

His concern could have only deepened yesterday with the revelations contained in a new Princeton University study.

A study published yesterday by the Center for Information Technology Policy at Princeton University reported "serious" security flaws in a touch-screen voting machine made by Diebold Election Systems.

The report concluded that a political operative could easily infect a Diebold AccuVote-TS voting machine with malicious software and steal votes with little or no risk of detection.

The study authors demonstrated an actual attack on an electronic voting machine currently in use.

Diebold AccuVote machines are the most widely-deployed touch screen electronic voting platform in the United States, the company confirmed.

The machines will be used in at least 357 counties, representing approximately 10 percent of registered voters across the country.

According to the study, anyone with just one minute of access to a voting machine can introduce malware that can modify all of the records, audit logs and counters kept by the voting machine, so that even careful forensic examination of these records will find nothing amiss.

The report also claims that such a malicious virus can spread from machine to machine during normal pre- and post-election activity.

Diebold director of marketing Mark Radke disputed many of the assertions in this report.

According to Radke, the study authors used an older version of the Diebold machine that doesn't take into account new security enhancements, such as encryption and digitally signed memory cards.

He also said that a virus would not be able to spread from machine to machine because the devices are not networked.

"They don't understand the architecture of the systems," Radke told internetnews.com.

However, Edward Felten, director of the Center for Information Technology Policy and professor of computer science at Princeton, said that the study does not assume that the machines are networked.

He also claimed that the new safeguards still don't ensure security.

"Just because they use a digital signature, just because they use encryption, that's a check-box approach that doesn't pass muster in any security analysis," he said.

Felten also noted that encryption doesn't prevent an attack of the kind used in the study because the encryption key is present in the machine.

"The malicious software has the full run of the computer. It has access to everything," he said.

Felten added his name to the growing list of computer experts arguing in favor of a paper trail.

"The paper trail is the strongest safeguard that's available," he said.

Diebold machines do include paper trail capabilities where required by applicable law.