A warning to voters in this election season: If your precinct is equipped with electronic voting machines, malicious...
people could easily tamper with your ballot.
That warning comes from Ed Felten, professor of computer science and public affairs at Princeton University, and two of his students, Ari Feldman and Alex Halderman. The trio just released a report on the security of e-voting technology, complete with a 10-minute video demonstrating some of the vulnerabilities they found. Felton focused on the research this week in his popular Freedom to Tinker blog.
The findings aren't pretty.
The research focuses specifically on the hardware and software of the Diebold AccuVote-TS voting machine, one of the most widely deployed electronic voting machines in the U.S. The authors note that in the November 2006 general election, the AccuVote-TS and its newer relative, the AccuVote-TSx, will be used in 357 counties representing nearly 10% of registered voters. About half these counties -- including all of Maryland and Georgia -- will use the AccuVote-TS model.
"For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code," they wrote. "Malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates."
An attacker could also create malicious code that "spreads automatically and silently from machine to machine" during normal election activities, they said. "Mitigating these threats will require changes to the voting machine's hardware and software and the adoption of more rigorous election procedures," they added.
Specifically, the researchers concluded:
This isn't the first time Diebold's machines have come under scrutiny from the information security community. In the run-up to the 2004 election, many experts feared that voting irregularities tied to machine glitches would throw the outcome of the election into chaos and force a replay of the 2000 election debacle.
That scenario never happened, but since then security activists have continued to cast doubt on the integrity of the machines. One of the biggest criticisms is that the machines leave no paper trail that can be used to double-check votes or be used as back-up in case the machines break down.
Felton's blog entry has attracted a fair amount of interest so far, with 13 responses as of Thursday morning. Most seem to share the researchers' concerns.
Doug Lay wrote that he "had the pleasure" of using a Diebold machine during the Maryland primary. "The polling station had no curtain, only a three-sided metal divider about 18 inches high," he wrote. "My station was angled away from the judges, but other stations in the room were directly facing the judges (and the waiting area) so that a voter would have only their own body to protect the privacy of their vote."
Another respondent who signed his/her name as enigma_foundry wrote, "I really worry about a disputed election, in which one group can make a claim of being cheated, that can not be completely checked out."
A respondent to the blog who signed his/her name as "mroonie" wrote that it's only a matter of time before voting will boil down to who can infect voting machines the fastest, with the most effective virus for collecting votes for one specific candidate. "I fear that even newer technologies that can learn to identify these 'virus votes' will be met with another onslaught of even newer hacking technologies to overpower them," the blogger wrote.
Diebold Inc.'s Diebold Election Systems of Allen, Texas isn't taking the scrutiny lying down. The company's marketing director, Mark Radke, accused Felten and his students of ignoring newer software and security measures that prevent the attacks outlined in the research.
"I'm concerned by the fact we weren't contacted to educate these people on where our current technology stands," he told The Associated Press. He also questioned why Felten hadn't submitted his paper for peer review, as is commonly done before publishing scientific research.