Sunday, September 5, 2004

The New Ballot

Remember that thing with Florida? It had something to do with a hanging chad?

Making every effort to head-off a similar disaster in Georgia, Cathy Cox's Department of State mobilized quickly after the 2000 election, ordering and installing new digital voting machines. The aim was to remove human error and inconsistency from the polling process - to streamline elections and improve the accuracy and infallibility of results.

According to Diebold, the manufacturers of Georgia's election systems, over 75,000 electronic voting stations are being used in locations across the United States. Many of them, including Georgia's 22,000 machines, have already seen action in 2002's gubernatorial and congressional elections.

Diebold's AccuVote-TS™ system, used by Georgia and several other states, is an electronic ballot box featuring a 13-inch portrait format LCD screen inclined at about 45 degrees. A voter accesses the system by inserting a memory card provided by election workers.

Unlike ATM cards, which are read by swiping magnetic strips past a reader, these memory cards contain writable chips that need to be inserted into the Diebold machine for the duration of the polling session. This is, of course, assuming you can find the appropriate slot: It's hidden beneath and behind the screen on the right-hand side. While not a catastrophic design flaw, the card slot's location has proven hard to find and use; according to several reports and independent audits, may users accidentally insert their cards into the gap below the card slot, or don't understand that they should leave the card inserted during the polling process.

You then enter the Windows CE-based user interface and begin voting. Available in more than nine different languages per election, the terminal features a "magnify" function that enlarges the text for improved visibility and voice-guidance technology for the visually impaired. Overall, this interface is very straightforward: touch the box next to your choice and a big red X appears next to it. Changing your choice is also easy: touch the choice again to deselect it or touch another choice to switch your vote. Entering a write-in candidate is also easy using the in-line touch-screen keyboard.

Graphically, however, this voting process leaves much to be desired. The red X's indicating your selection might serve the voter better were they a more affirmative green or blue. And while the touch-select area for each electable candidate and issue are comfortably large, candidates, parties, and incumbencies well marked, the three-column format can become visually complicated when a second staggered row is added beneath. But, assuming you get through the voting process, the Diebold system nicely summarizes your entire ballot, allowing you to check the accuracy of your session.

This is where the new electronic voting process gets a little more complicated.

Your voting card, inserted into the machine throughout the polling process, is now the digital record of your vote. Unfortunately, the memory cards used in Georgia and elsewhere have no data encryption - indeed, they all have the same password (1111 in the November 2002 election). According to a former Diebold's production deployment manager in Georgia, those cards could be easily modified and used to manually change election results.

The night of the November 2002 election, sixty-seven of the memory cards used in Fulton County disappeared - the cards were left in the voting machines by forgetful poll station workers and were recovered. Had they not been recovered, the election results could have been altered in just a few hours by anyone with a memory card reader and a PC.

When the Diebold system was first used in Georgia, for the 2002 November elections, there were a tremendous number of problems that went largely unreported to the public. For instance, when the machines arrived from Diebold, every single one failed quality-assurance checks, a fifth of these judged unusable. Additionally, when Diebold's programmers wanted to update the voting-system software, they sent Georgia election officials software patches via the company's insecure File Transfer Protocol (FTP) website. These patches are easily installed using the same forgeable memory cards voters use to record their votes.

Federal certifying labs are responsible for guaranteeing that the program code is non-partisan and fair. Unfortunately, Diebold's program code is proprietary and unauditable. As are most of its patches. Likewise, the voting system in Georgia runs on Windows CE, an operating system extremely vulnerable to programmers and infiltration.

And if this doesn't have you concerned about your upcoming vote, consider this: In 2002, a group of kids discovered Diebold's unsecured FTP site and began linking to it. Google eventually listed the FTP site prominently, leading writers, publishers, activists, reporters, and hackers to the site. By analyzing nearly every line of the Diebold and Windows source code available, many ways have been found to change vote totals.

Researchers at Johns Hopkins and Rice University posted the code in New Zealand for download. Subsequently, Avi Rubin of Johns Hopkins and three other scientists produced a devastating twenty-three-page report on the Diebold software. Two more damaging technical studies followed in Ohio. A "Red Team" exercise, at RABA Technologies' headquarters in Maryland, was staged to break the Diebold code - the technical director and four of the eight computer scientists on the team formerly of National Security Agency. Their conclusion: "A voter can be deceived into thinking he is voting for one candidate when, in fact, the software is recording the vote for another candidate." A security vulnerability "allows a remote attacker to get complete control of the machine." And one can "automatically upload malicious software" that will "modify or delete elections."

How does Diebold respond to these accusations? Their site features many rebuttals, and their software has been frequently patched (though the content of the patches remains unknown). Indeed, Diebold's explanation on their website, linked from "Every Vote counts - click on the Eagle to find out more" leads to a blank page.

According to a Lou Dobbs's quick poll on CNN, 85% of respondents want a paper trail to backup the nebulous electronic reporting - and several states have passed laws mandating this. Not Georgia. While Georgia may have been the first state in the union to install and operate an electronic voting system - a much touted achievement on Secretary of State Cathy Cox's government website - much remains to be done to fortify the accuracy of the system. Get out there and vote on Super Tuesday. May all our electronic votes be counted equally. fb

No comments: