December 04, 2003

Statewide electronic voting delayed

From the Cleveland Plain Dealer...corroboration...

"Ohio's sweeping review of electronic voting
machines turned up so many potential security flaws in
the systems that the state's top elections offi cial
has called off deploying them in March."

Support our Troops, Show up for Democracy in 2004: Defeat Bush (again!)

http://www.cleveland.com/news/plaindealer/index.ssf?/base/news/1070447644182132.xml

Statewide electronic voting delayed

12/03/03

Julie Carr Smyth
Plain Dealer Bureau


Columbus - Ohio's sweeping review of electronic voting
machines turned up so many potential security flaws in
the systems that the state's top elections offi cial
has called off deploying them in March.

The detailed findings confirmed what academics,
computer scientists and voter advocates across the
country have said for months: Electronic voting
systems are prime targets for manipulation by anyone
from expert computer hackers to poll workers to
individual voters.

Secretary of State Ken Blackwell, who ordered the
review, said he and machine vendors are confident that
all 57 problems identified by investigators can be
fixed.

He said his decision to detail each security flaw in a
public report, and then to assure each one is
addressed, will provide vendors with a "Good Seal of
Security Approval" and build confidence in electronic
voting technology both in the state of Ohio and around
the United States.

"Their cooperation and collaboration in this process,
which I think was laudatory, actually wins them
competitive advantage in the marketplace," he said.

Blackwell said he will seek a waiver under the Help
America Vote Act to give Ohio until 2006 to implement
the technology.

He hopes, however, that many of the problems will be
addressed within as few as 60 days, allowing machines
to be in place by next August's special election.

"When the voters of Ohio begin casting ballots on
electronic devices, they will do so with full
knowledge that the integrity of their voting system
has been maintained, and that we have in place one of
the nation's finest, fraud-prevention systems,"
Blackwell said.

Blackwell's two-pronged review of the vendor's
security procedures, as well as their hardware and
software, was conducted by Raleigh, N.C.-based
InfoSentry and Compuware of Detroit. It cost $175,000.


Diebold Election Systems, the Ohio-based company that
has taken the most heat for potential flaws in the
security of its machines, was not singled out in the
review. The machines of the three other companies
selected during Ohio's extensive certification process
- Sequoia, Hart InterCivic, and Election Systems &
Software - were also found to carry risks.

Diebold led the pack in the number of serious flaws in
its systems, but the technology of the other companies
also was found to be riddled with problems.

The review confirmed a laundry list of security flaws
that some observers had tried to dismiss as merely
alarmist. Among the findings:

Voter "smart cards" inserted in the machines could be
deciphered or counterfeited and used to cast illegal
votes.

Poll supervisors' passwords could be easily guessed
and used to manipulate election results or end polling
early. Diebold, for example, has the same password -
1111 - nationwide, and investigators were able to
guess it in two minutes.

Election results could be unencrypted and intercepted
during transmission.

Many scenarios exist in which someone without the
proper authority could enter the systems - with the
flick of a switch or the use of a laptop PC - and
change results.

Voting-machine technology guru Bev Harris of
blackboxvoting.org praised Blackwell for releasing
such a comprehensive study. She said about two-thirds
of a similar review conducted on Diebold technology in
Maryland was blacked out before it was released.

"I think this is a really impressive act of
leadership," Harris said. She said opening the review
process to average citizens will go a long way to
improve voter confidence in the technology.

But she pointed out that Blackwell had already
certified all the machines now discovered to be risky.


"Obviously, the certification system for these
machines is broken," she said.

Six counties in Ohio already use machines studied in
the review: Lake, Mahoning, Franklin, Knox, Pickaway
and Ross. Blackwell said he is confident elections in
those counties have been fair, and he is not
interested in disrupting polling activities there.

Counties close to selecting a vendor must wait for a
follow-up review and any recertifications to take
place before picking their machines. While they wait,
Ohio counties will be able to buy optical-scan
machines that were not subject to the security review,
Blackwell said.

Michael Vu, Cuyahoga County's elections director, said
the county will proceed with its plans to buy
electronic voting machines by Jan. 15.

"We are going to follow the same game plan and make
sure that whatever [vendor] is selected answer and
have a solution to any risks that the secretary of
state has outlined," Vu said. Cuyahoga's elections
board is the largest in the state and wants to buy
6,000 machines. It has reviewed vendors for more than
a year and hopes to use the machines next year.

All four vendors embraced the security report and
indicated they are well on the way to addressing many
of the flaws. Blackwell said machine makers are as
interested as anyone in restoring voter confidence to
the new technology.

"There's a national will to update the voting
technology of this nation, but to do it in a
professional and secure way," he said.

Plain Dealer reporter Mark Naymik contributed to this
story.

To reach this Plain Dealer reporter:

jsmyth@plaind.com, 1-800-228-8272

Posted by richard at December 4, 2003 09:25 AM