Study Shows Vulnerability of Voting Machines
SCOTT SIMON, host:
This week Maryland Governor Robert Ehrlich said that the state scrap electronic voting machines and go back to paper ballots. In last week's primary elections in that state, the machines lost. Some of the machines failed to communicate with one another, others rebooted for no apparent reason.
The maker of the voting machines is a company called Diebold, and their primary results were an embarrassment for the company. And now more bad news. The Center for Information Technology Policy at Princeton University has released a study on the security of the machine, and the results are not encouraging.
Edward Felton joins us from Princeton. He's one of the authors, as well as the director of Princeton's Center for Information Technology Policy. Thanks so much for being with us.
Professor EDWARD FELTON (Princeton University): It's my pleasure.
SIMON: And what are the major conclusions of your study, sir?
Prof. FELTON: What we found is that these voting machines are susceptible to computer viruses that can steal votes from one candidate and give them to another. So the bottom line is that a malicious person who can get access to one of the voting machines for as little as one minute can potentially steal a large number of votes in a real election.
SIMON: So this is even though these machines are not networked, to use that term of art.
Prof. FELTON: That's right. The machines are not connected together by a network, but there are removable memory cards, which you could think of being kind of like floppy disks on a personal computer, which do get moved from machine to machine, and that's how the virus can spread from one place to another.
SIMON: Would there be any legitimate reason for someone to swap memory cards with other machines?
Prof. FELTON: Yes. Memory cards are moved from one machine to another as a part of normal pre-election and post-election activities. For example, before an election, the list of candidates and the list of races and so on are all written onto memory cards and those memory cards are then distributed out to the voting machines. And after an election, the votes are stored on the memory cards and the memory cards are then brought together into a central location in order to accumulate the votes.
And in both of those processes there are memory cards moved from place to place and the virus can spread.
SIMON: Diebold, we should note, says of your study - they called your study, quote, "unrealistic and inaccurate," and says that the machine you studied - and here's a quote now - "has security software that was two generations old and, to our knowledge, is not used anywhere in the country." Is that true?
Prof. FELTON: The equipment that we studied is the same equipment that was used in Maryland. And although the software has undergone two minor revisions since we studied it, we don't believe that any of the changes Diebold has made or any of the changes they point to would affect the conclusions of our study. So we think it's very likely that the latest machines and the latest software, as used in Maryland this week, still is vulnerable to this kind of virus.
SIMON: Why not just use what they're using now? I mean you say two minor changes have been made. They say that's two generations ago.
Prof. FELTON: Well, they won't give us access to the current version and they won't allow state officials to give us access.
SIMON: Diebold also says that normal security procedures were ignored, that there wasn't the numbered security tape; 18 enclosure screws and numbered security tags were destroyed or missing, so that researchers could get inside the unit. Is that true?
Prof. FELTON: No. That's not accurate. Our study took account to all of those things, and we discuss all of those things in our research report. The bottom line is that none of these mechanisms that Diebold points to would actually stop the kind of virus attack that we described.
SIMON: You ran only the Diebold machine through its paces. What about the ones manufactured by Electronic Systems and Software that are also widely used?
Prof. FELTON: Well, it's true. The Diebold machine was the only that we could get access to, to study. We think there's reason for concern about any electronic voting system which is purely paperless. We think the important safeguard that is in place in some places and not in others in the U.S. is a voter-verified paper audit trail.
SIMON: Which would entail what at this point?
Prof. FELTON: After you have told the machine what your vote is, the machine prints out a paper record that shows your vote and you could look at it and say, yes, that's what I meant to do. And then that paper record is kept at the polling place or by election officials, so if there's any question afterward about what happened, they can go and count the paper ballots and compare it to the electronic record.
SIMON: I wonder about this. There must be scores of millions of people that get money out of an automatic teller machine every day. If we can do that all around the world, why can't we design a safe and honest system by which people can vote electronically?
Prof. FELTON: I think we can. And I think, just like the ATM, one of the important safeguards is to have a paper record that gets generated. But having said that, voting is harder in some respects. The secrecy of the ballot is a very important requirement, and it's not a requirement that you have with the ATM. The bank knows exactly what you did. But it's important that the government and the election officials not know how you voted.
And the other thing I think that makes the election problem more difficult is we just don't have as much experience. In the case of ATMs, there's a long history of many banks using ATMs in different ways. And in the early days of ATM there was reportedly more fraud than there is now.
I think when it comes to voting we'll eventually learn what safeguards we need and we'll eventually do a better job.
SIMON: Edward Felton, the author of a security analysis study of the Diebold electronic voting system, along with Ariel Feldman and J. Alex Halderman, joining us from Princeton, New Jersey. Mr. Felton, thanks very much.
Prof. FELTON: My pleasure.