U.S. Presidential Election Can Be Hacked
PC World:
This year, the U.S. will pick a new president using electronic voting machines that can be hacked, security experts said Thursday at the RSA Conference in San Francisco.
As the November election approaches, the question before officials is not how to fix known bugs in their e-voting systems, but rather, how best to check them for fraud, said David Wagner, an associate professor with the University of California, Berkeley’s computer science department.
Wagner was part of the team that audited California’s voting systems during the state’s review of electronic voting, and the problems his team found affect counties across the U.S. “The three systems we looked at are three of the most widely used around the nation,” he said during an e-voting panel discussion at the show. “They’re going to be using them in the 2008 elections; they’re still going to have the same vulnerabilities we found.”
With images of Florida’s laborious 2000 presidential recount in their minds, county officials have spent billions over the past eight years on electronic voting systems. These systems are supposed to take the guesswork out of vote-counting. The problem is that they are insecure, and now states are being forced to make do with buggy equipment, panel members agreed. “We have spent billions of dollars on equipment,” Wagner said. “We don’t have another several billion dollars.”
The California audit examined systems from Diebold Elections Systems, Hart InterCivic and Sequoia Voting Systems, ultimately permitting their use in 2008, but only under certain conditions. In testing, Wagner and his team found that they could introduce a computer virus to any of the three systems, which would then spread throughout the county and ultimately skew the vote count.
This year most California voters will use paper ballots, which give officials a way to audit their machine-counted tallies for irregularities, but not all states have that option. About a quarter of the votes cast in the upcoming election will be on electronic voting equipment with no paper trail, Wagner said. And even the states that keep paper records are not necessarily checking their results. Only about a third of all states have records that are regularly audited.
That’s too bad, he said, because the ability to check whether your voting system has been hacked is of paramount importance. “Security is not the most important thing,” he said. “What’s more important for elections is auditability.”
Voting system vendors are in much the same position as Microsoft was around 1998 — on the defensive and closed to most security researchers, Wagner said.
Recently, Princeton computer science professor Ed Felten was threatened with legal action after New Jersey counties asked him to review Sequoia AVC Advantage voting machines.
There is so much mistrust between the two communities, it is hard for them to communicate, said Alec Yasinsac, an associate professor at Florida State University. “It’s very hard for the academics to approach the vendors,” he said. Vendors worry that if they talk to security researchers, it might be tantamount to admitting that they have bugs.
“I think voting system vendors today are where Microsoft was 10 years ago,” Wagner said.
Microsoft has since made an about-face and embraced the security research community it once spurned. Many of the company’s harshest security critics now work for the software vendor.
Two years ago, Hugh Thompson found a way to doctor election results in the database used by Diebold’s GEMS Central Tabulator, but on Thursday he said he would like to help the vendors improve their products and make electronic voting trustworthy. “We’re not in it for just ripping them apart,” he said. “We want something that’s good.”
Be respectful of others and their opinions. Inflammatory remarks and inane leftist drivel will be deleted. It ain’t about free speech, remember you’re in a private domain. My website, my prerogative.
If you can't handle using your real email address, don't bother posting a comment.
“It is enough that the people know there was an election. The people who cast the votes decide nothing. The people who count the votes decide everything.”
-Joseph Stalin
I had a discussion over this issue several years ago with a lefty. Typical, belief in a big all powerful system over human nature. I am comfortable with a purple finger and paper ballots. At least a paper ballot that you have to mark with a pen. If it’s close and goes to a hand count, you can see each vote made by a human.
Too simple and idea for the pinheads I guess.
April 12th, 2008 at 4:28 amIf people do not decide elections, then armed citizens will!
April 12th, 2008 at 5:42 amIf it can be hacked it will be, and it’s fairly obvious to anyone who’s paid attention to the activities of politically active hackers that they are overwhelmingly leftist and entitlement minded.
April 12th, 2008 at 6:58 amThere is no system on earth that cant be hacked. literally.. the Pentagon gets hacked on almost a daily basis. what the hell were we thinking by going to electronic ballots? do we think these machines protect themselves better than the Pentagons system?
April 12th, 2008 at 7:25 amOr perhaps they were intended to be hacked…
is that idea so far-fetched?
April 12th, 2008 at 9:01 amBrian is right on the money. Implemented to give total control to govt. instead of the people.
April 12th, 2008 at 9:09 am[…] ED wrote an interesting post today onHere’s a quick excerptThere is no system on earth that cant be hacked. literally.. the Pentagon gets hacked on almost a daily basis. what the hell were we thinking by going to electronic ballots? do we think these machines protect themselves better than the … […]
April 12th, 2008 at 9:10 amwait, what, why do voting machines have to be connected to the internet? or am i missing the understanding of hacking in this context? Either way good thing your telling everyone that they can be hacked…derrrrrr
April 12th, 2008 at 9:56 amSeriously? No shit, it’s been 20 years since I’ve written any code, but a voting ballot could be done–along with the aggregate results for a polling place–in however many candidates there are plus 10 lines. Maybe 20 lines. Of Basic. There’s nothing technologically difficult about “Pick one of the following three. Pick two of the following six. Choose Yes or No for the following 13 ballot initiatives,” etfuckingcetera. The only ways that a legitimate voting machine could be hacked is to put it on an open (even “secure”) network or not control access to the data. Diebold may be evil for making this shit more complicated than it needs to be, but any nefarious shit here is by design, not mistake.
April 12th, 2008 at 9:32 pm