Sorry, Your Vote Has Been: Lost, Hacked, Miscast, Recorded Twice

The Code Hits the Road
To be fair, the vendors hadn’t really lied about their systems; they had just neglected to mention that the machines could crash the same way a home PC does. But elections officials found this out soon enough. In 2002, ES&S’s popular iVotronic machines didn’t register 436 ballots in a North Carolina election, and the same machines failed to record more than 100 votes in this year’s Florida congressional race. In the morning hours of a primary election this past March, voters were turned away from 55 percent of voting sites in San Diego because of battery problems with Diebold machines. (The machines were back online within a few hours, but it’s impossible to know what proportion of the stymied would-be voters ultimately returned to cast a vote.) And in a New Jersey election in June, the vote-tabulation computer could not read data from smartcards that had recorded votes cast on Sequoia AVC Edge machines. When workers tried to read data off the cards, the system showed zeros.


Last year two computer scientists—Avi Rubin of Johns Hopkins University and Dan Wallach of Rice University—investigated the proprietary software code that runs Diebold’s best-selling AccuVote-TS machine, which had been naively posted to an insecure FTP site and subsequently
disseminated on the Web.


Rubin and Wallach found that there were no safety mechanisms in the software to prevent people from casting unlimited votes. Shocked, they wrote that the e-voting machine was “far below the most minimal security standards.” Later a state-funded Maryland study revealed that Diebold software was designed to run on a version of
Windows that was out of date and therefore extremely
vulnerable to security breaches. Earlier attempts to upgrade the machines to a newer version of Windows 2000 caused the Diebold software to crash.


What officials would have discovered if they had consulted experts like Rubin and Wallach earlier is that “computer security” involves more than keeping machines in a locked room (although it means that too). Software is deemed secure when it can keep doing its job correctly even when users feed it unexpected information or it’s under attack from a hacker or virus. Computer security specialists comb through line after line of code, checking for dangerous glitches—anything from poorly written commands that cause the machine to stop recording votes when it reaches a certain number, to an error that just makes the machine crash randomly.


In addition to being made reliable, software has to be protected from being altered by malicious hackers. What if somebody plugged another device into the e-voting machine and reprogrammed it to shift election results? In a truly secure system, it’s very difficult for someone to make changes without being detected.




Because none of the major vendors of e-voting machines release their code for security testing, states and counties are forced to trust vendors’ own assessments of their machines’ reliability. But the DRE companies have the same problem their clients do: cash flow. There’s not a fortune to be made in voting machines. The primary customers depend on government money, and even with HAVA, that’s in short supply. Independent security audits are notoriously expensive—auditing a single make of machine might run into the hundreds of thousands of dollars—and without customers or a federal mandate demanding them, the return on this kind of investment hasn’t been worth it.


To spare that expense, some have suggested that voting machine code be made “open source”—that is, available to anyone who wants to check it. (The theory behind open source is that the more people who test the code, the better it gets. OpenBSD, an open-source computer operating system, is widely agreed to be one of the more secure operating systems in the world and is used by several government organizations, including NASA.) So far, none of the major vendors has agreed to release its code to the public for fear of competitors stealing trade secrets.


Bev Harris, a voting rights advocate and an early critic of DREs, suggests that the current state of software insecurity has left us with a “black box” scenario: “You send your vote into a machine, but you don’t know what’s happened to it.”