John Hopkins University electronic voting expert discuss how faulty electronic voting machines could jeopardize the accuracy of future elections. [Includes transcript]
A new report from the state of Ohio has found that electronic voting machines from the four biggest companies in the field have serious security flaws. The companies say the problems can be addressed but experts have raised questions if that is true.
- * Aviel Rubin*, professor at Johns Hopkins University and co-author of the report "Analysis of an Electronic Voting System" the initial study of security flaws in voting machine software.
This is a rush transcript. Copy may not be in its final form.
AMY GOODMAN: Welcome to Democracy Now!.
AVIEL RUBIN: Hi, good morning.
AMY GOODMAN: It’s good to have you with us. Can you explain what the significance of the latest report is?
AVIEL RUBIN: Sure. And let me give you a little bit of background. After our report came out, the state of Maryland commissioned a study of their own from a company called SAIC that was analyzing Diebold systems. And Ohio came out and said they would rather not have SAIC look at it. They perceived some kind of a conflict with SAIC so they found their own people to review. I have read the studies that came out from Ohio. And while they did find serious flaws in the machines they looked at, I did not feel that the studies were very well done. In fact, I — it appears from a read of the study that the people who performed the study didn’t really know that much about security.
AMY GOODMAN: The latest Ohio study, can you name the four companies, and talk about their relationship to those in power?
AVIEL RUBIN: Okay. I — the companies are ES & S, Diebold, and Sequoia. I don’t remember the fourth and I don’t have the studies in front of me. I am not that familiar with all of the political relationships between these companies and the various other parties and I’d rather comment on technical issues.
AMY GOODMAN: All right. Go ahead. Can you talk about what the flaws specifically are? How — when if you vote on a computer system, —how that vote can be tampered with?
AVIEL RUBIN: Okay, so, the Ohio study found a very small subset of the problems that I believe exist with these machines. I had the opportunity myself to look at the Diebold code for these machines. One of the things that we found, that they found as well, was, for example, an administrator has a card that they use to get access to the machine, which is more access than a voter gets. And that access allows them to basically have full control over the machine. The pin that’s used — like you think of your ATM pin, that unlocks the administrator card was just 1111, which is probably not a very good choice for a pin. But there are much more serious flaws. For example, the vote tallies that are stored on the machine are encrypted. It’s like a scrambling that’s done to protect it from tampering. But unfortunately in the Diebold machines they use a function to do that that’s been broken, which means that people know how to defeat it, and so it doesn’t provide the kind of security that it’s supposed to.
One of the reasons why I’m critical of the Ohio studies is that they simply said that the DES was used to encrypt and therefore, there’s no risk. Anybody that takes even a first course in security, like the ones that I teach at Johns Hopkins, would know that the DES about five years ago was cracked, and that that doesn’t mean there’s no risk. In fact, it provides absolutely no protection. And there are functions out there, like one called AES, that could have been used that would have mitigated this problem. The people that wrote the Ohio study did not seem to be aware of that.
One thing that disturbs me is that they are now using the study almost as a victory for the voting machine companies saying, "Hey, we each had about 15 flaws with our machines, and those are easy to fix." It’s like, set a very low bar, claim victory, and move on. And in my opinion, if they fix all of the things in the Ohio reports, they’re still going to have some very insecure voting machines.
Other things that we found, for example, the Diebold machines were that the smart cards that are used to ensure that each person only votes once did not utilize any cryptography or any protections. So in a sense, they’re not taking advantage of the fact that they have a smart card. It could be used just like a mag stripe, or something else. And we showed in our report how you could manufacture your own card and allow multiple votes because the restriction of one vote per person would be defeated.
AMY GOODMAN: Voting machine companies have come under fire on many fronts. Students have set up websites, with copies of Diebold’s internal email messages, that they say show the company has not adequately addressed flaws in its system. Diebold was going to sue some Indymedia centers for posting some of its code on the site, but they have backed off. Why have they changed, do you think?
AVIEL RUBIN: Well, what happened was The Electronic Frontier Foundation got involved and took a very aggressive stance and actually sued Diebold for people’s right to post these things. And Diebold was getting so much negative publicity from these lawsuits and from the fact they were going after college students who were simply posting information that was already widely available on the internet. And I think that they decided, simply from a PR perspective, that they were better off not being so aggressive, considering that these memos were so widely available that they weren’t having much impact anyway.
AMY GOODMAN: What do you think now is the solution? What do you think for 2004 for the presidential election, what percentage of people are going to be voting on electronic voting machines?
AVIEL RUBIN: A very large number of people will be voting on electronic voting machines. Unfortunately, given the time constraints, there’s very little that we can do for 2004, because for example, in Maryland, there are many precincts that have thrown away all of their old voting equipment, and all they have are Diebold touch screen voting machines. So we’re at a point where they just say, either we just don’t have an election or we use the insecure machines. I think they’re going to use the insecure machines. I think the biggest bang for our buck in terms of improving things quickly, would be to add some sort of paper trail that voters could verify to the process. Even if you have an insecure machine, if the output of that machine is a paper ballot that the voter can look at and say, "Yeah, that’s how I voted," or "No, that’s not how I voted, let me vote again," that would allow at least for manual recounts. One of the bad things about the current crop of machines, despite the fact that they’re totally insecure is that once the election is over, there’s no way to validate the outcome. If they want to do a recount, they’ll have the computer perform the same computation and give the same results. That doesn’t provide any opportunity to discover errors that may have happened. There have also been examples recently and stories in the Washington Post and the Indianapolis paper of voting machines coming up with totally ridiculous outcomes. For example, in Indiana, there was a precinct with 19,000 registered voters. At the end of the election the computer said 144,000 people had voted. In reality, about 5,000 people had voted. One thing to take away from that, when you have such a large discrepancy, it’s noticed. But what happens if you have a small discrepancy? For example, 5,000 people vote and 15 of the votes accidentally count for the wrong candidate. And these kind of things do happen. That one doesn’t make headlines and nobody notices, but it could change the outcome of a small election. And so without any sort of voter verified paper all we have to do is take these machines at their word and we know and we see examples all the time they make mistakes.
AMY GOODMAN: You know, it’s interesting. The New York Times has aligned, and some critics also accuse, the companies of being tied to the Republican party. Yet, it’s not just an accusation of partisan critics. A recent article by Julie Carr Smith in the Cleveland Plain Dealer reports the head of Diebold is a top fund-raiser for President Bush’s re-election. In a recent fund raising letter, Diebold’s chief executive, Walden O´Dell, said he’s "committed to helping Ohio deliver its electoral votes to the president next year."
AVIEL RUBIN: Yeah, I think he probably regrets that more than anything he’s ever said because every media outlet has picked up on it, and it sure looks bad for them. But I — you know, I’m not a conspiracy theorist, and I don’t necessarily, without any proof that he was acting on his — you know, planning on changing the machines so that they would deliver those votes, I would tend to say, well, let’s just look at the serious problem that we have evidence for, which is that the code in the machines is really insecure, and written by people who don’t understand how to write secure code and let’s focus on that.
AMY GOODMAN: Well, Aviel Rubin, I want to thank you for being with us. Professor at Johns Hopkins University. What’s the weather like in Baltimore today?
AVIEL RUBIN: We got about six inches of snow so far. I was supposed to be teaching my class this morning, but they delayed the opening of Hopkins. That ends up canceling my class. It’s snowing very hard right now. It’s quite cold out.
AMY GOODMAN: Well, thanks for being with us. I actually look forward to being in Baltimore tomorrow night at 7:00. Hope to see listeners and viewers there— Baltimore Public Access TV and WPFW listeners. I’ll be at St. Peter Claver Church tomorrow tonight, 7 o’clock. It’s the first anniversary of the death of Phil Barrigan. Peter Claver Church is at 1546 N. Freemont Ave. You can go to our website at democracynow.org for more information.
You are listening to Democracy Now!. When we come back, we look at domestic terrorism, a story you may well not have heard of. Stay with us.