An electronic voting system designed by Diebold Elections Systems of North Canton, Ohio, gets a tryout as it arrives at the Lucas County Board of Elections. Besides those delivered last week, 445 more are expected to arrive by the end of the month.
Hires / Blade Enlarge
An electronic voting system that will be used in Lucas County in September is highly vulnerable to fraud, computer security experts warned in a study released yesterday.
The study found “significant security flaws” with the system designed by Diebold Elections Systems of North Canton, Ohio.
The first of hundreds of the voting machines - which let voters use a touch screen or a optical scan tabulating machine - arrived last week at the Lucas County Board of Elections. An additional 445 are expected by the end of the month.
The elections board told its executive director, Joe Kidd, in June to begin negotiating a two-stage deal with Diebold for the machines. The first phase will cover the temporary lease of voting equipment for local elections in September, November, and March. The second deal will involve buying a new generation of machines for permanent use.
The county would pay for the temporary lease. The federal and state governments are expected to pick up the entire tab for the permanent machines, which is projected to approach $4 million.
The system is vulnerable to unscrupulous voters as well as “insiders such as poll workers, software developers, and even janitors,” who could cast multiple votes without a trace, the study said. It said the voting system is “far below even the most minimal security standards applicable in other contexts.”
The study was the first review of the software by independent researchers.
Aviel Rubin of Johns Hopkins University in Baltimore, a lead researcher on the study, said there is no quick fix for the software. “You would have to start over,” he said.
Mr. Kidd was shocked when told by The Blade last night about the study but expressed confidence in Diebold.
“One of the reasons we chose Diebold as our vendor was because of their history and background in security,” he said. “Security in elections is a two-prong process. One is the technology itself, and the other is the election procedure.”
He said it would be “very difficult” for someone to manipulate ballots because voters will still have to sign a registry before using the machine.
“Even if they were able to [alter the number of votes], the chances that it would get by the Board of Elections would be slim to none,” Mr. Kidd said.
Mike Jacobsen, a spokesman for Diebold, declined to comment in detail until company officials had more time to review the study. But he said Diebold's systems “pass rigorous certification tests at the federal and state governmental levels.”
“However, we welcome the opportunity to work with credible organizations, including Johns Hopkins, to continue to improve and strengthen the security of our systems,” he said.
Mr. Jacobsen said the software analyzed in the study was about a year old, and problems with it may have been fixed.
For the study, three researchers from the Johns Hopkins Information Security Institute and a computer scientist at Rice University analyzed tens of thousands of lines of programming code.
Mark Radke, a Diebold official who has been dealing with Lucas County, was unavailable for comment last night.
Rebecca Mercuri, an independent consultant who specializes in studying electronic vote tabulation, said the report raises questions about the security of electronic voting systems. But widespread manipulation of the system described in the study was “highly unlikely,” she said.
“There would have to be a massive violation, systematically, of a huge amount of protocols, for this to take place,” Ms. Mercuri said.
Last year, about 33,000 Diebold voting stations were used in elections in Maryland, Georgia, California, Kansas, and other locations, the company said.
Diebold agreed this month to provide Maryland up to $55.6 million in voting technology, expanding the use of touch screens from four counties to the entire state.
Mr. Rubin said he will urge state officials not to use the system.
The report is also critical of a “smart card” used in the system. An ATM-like card given to each voter is designed to make sure that voter casts a single ballot. But the researchers said a voter could easily bring a programmed counterfeit card to the polls and use it to cast multiple votes.
Any computer enthusiast could create a bogus card, the report said.
Lucas County's 225 voting sites, each of which contains between two and four precincts, will get one touch-screen and one optical-scan tabulating machine apiece, Mr. Kidd said. Voters will be able to vote on either machine.
The study is significant as cities and states consider computer screen voting as an alternative to the antiquated systems that caused problems in the 2000 presidential election.
Elections officials nationwide have been asked to select new electronic voting systems by Sept. 1 to replace punch cards and antiquated lever machines. The measure is an effort to move toward modernization, mandated by a federal election-reform bill President Bush signed into law last year.