A report released earlier this month details what experts say are the most serious electronic voting machine flaws ever documented. We speak with David Dill, a computer science professor at Stanford University and founder of VerifiedVoting.org as well as a former Utah county clerk who was forced out after having Diebold voting machines independently tested in his county. [includes rush transcript]
A report released earlier this month details what experts are saying are the most serious electronic voting machine flaws ever documented. The author of the report is Harri Hursti. He is a Finnish security expert who analyzed Diebold voting machines for an organization called Black Box Voting. Hursti wrote in the report that the defects in the machines could “cast a serious question over the integrity of the vote” and that “someone could attack the system to selectively disenfranchise groups of voters through denial of service.”
Though the report has received considerable attention, less known is about how the report came to light. Back in March, Bruce Funk, the County Clerk of Emery County, Utah, asked Black Box Voting to analyze Diebold machines the county was considering implementing. When the flaws were exposed, representatives from the Utah Lieutenant Governor’s office, state elections officials and the Attorney General’s office flew into Emery to meet with Funk. They were accompanied by representatives from Diebold who threatened the county with punitive actions for testing their equipment. Bruce Funk was forced to resign.
- Bruce Funk, former County Clerk of Emery County, Utah.
- Professor David Dill, professor of computer science at Stanford University and founder of VerifiedVoting.org.
AMY GOODMAN: Bruce Funk joins us now on the phone from Utah. He was the County Clerk of Emery County for 23 years before he was forced out. And joining us here at Stanford University is Professor David Dill. He’s professor of computer science here at Stanford, also founder and director of verifiedvoting.org, an organization pushing for states to implement voter-verified paper ballots. We welcome you both to Democracy Now! Professor Dill, let me begin with you. The significance of this report that came out?
PROF. DAVID DILL: Basically it says that people can install software on the Diebold machines if they have access to it and if they have the skills to modify the software. And those skills are widely available in our society. It’s difficult to protect machines, because they have to be delivered to polling places and are usually left there overnight before and after the election. Once bad software has been installed on a machine, it’s very difficult to know that that’s happened, and it’s very difficult to install known good software, because the bad software that’s already there can corrupt the new software that’s being installed.
AMY GOODMAN: And so, what do you mean by installing bad software? What would this software be?
PROF. DAVID DILL: Well, this is hypothetical, I’ll emphasis, but basically if you control the software on the machine, you control the machine. It’s like you’re inside doing whatever you want to do with obvious bad implications for the trustworthiness of the voting system.
AMY GOODMAN: What could the software do, for example?
PROF. DAVID DILL: Well, somebody could change votes in the software. They could change them during the election as the votes are being cast, after the election. They could change the way the user interface works, so it’s more confusing in subtle ways. They could cause the machine to crash at inconvenient times. Basically anything you could program a computer to do could be done.
AMY GOODMAN: And have we seen this anywhere?
PROF. DAVID DILL: Not that I know of. I think the most frightening thing about electronic voting, in general, is that you can’t tell whether something like this has happened. People have said that there’s no documented case of electronic voting machines being hacked. That’s true, so far as I know. The frightening thing is that there’s no way to know if they have been hacked, so how do we know if the results of our elections are accurate?
AMY GOODMAN: Bruce Funk, can you tell us what happened to you? Tell us what happened in Utah, what you were looking for, why you commissioned an investigation of the machines.
BRUCE FUNK: The reason I requested the investigation was that they started out with the sales rep whose — the western regional sales representative for Diebold, Dana LaTour, said to elected officials from Utah in a meeting in St. George in 2005 of November that on election day, “some of you are going to hate my guts,” and that was the first keywords that disturbed me. Then, when I asked their top technician here in the state of Utah, I said, “What did she mean by that?” he said that on election day we’re going to have some problems, we’re just going to have to work through them. Well, that was my first suspect that something could possibly go wrong, and I wanted to know what?
But the initial thing that led me to getting a hold of Black Box Voting was that when I re-examined the machine, I found a number of them with insufficient backup memory, some as little as four megabytes, whereas a normal machine had anywhere from 27 to 29 megabytes. And so, this is what prompted me to get a hold of Black Box Voting, because the Diebold people weren’t giving me any answers. The state officials responsible for elections had no experience with elections or the machines either. And so that’s why I sought out advice there. And so I had watched the election happenings for nearly a year, and so at that time I was very familiar with a number of the organizations out there, and I felt that Black Box Voting was the very reputable one, and they would have the possibility of furnishing experts who could exam the machine and tell me exactly what was going on with, particularly at the time, the backup memory. And so, that’s kind of how it started.
As a result of that, Black Box Voting had to let some initial findings out, because there were some hazards there, plugs that were easily knocked out of their sockets and exposing wires, and as a result, Diebold, their legal counsel, representatives, the state, who has bought into this program for so tightly —- I can’t figure out what the reasons are. Their election office represented from lieutenant governors and their legal counsel held a special meeting with the Emery County Commission, their legal counsel, and they met together, and as a result of that meeting, I was left on the outside, but when I did have a chance to join them, and -—
AMY GOODMAN: You were forced out of your job as County Clerk of Emery County?
BRUCE FUNK: Yes. And that’s what it ultimately led to, is they — somewhere in that meeting, something was worked out that if they could terminate me as the election official of Emery County, then they would recertify the machines. And so they changed my locks, effective April 1, and locked me out of my office.
AMY GOODMAN: How long had you been in your job?
BRUCE FUNK: 23 years.
AMY GOODMAN: Professor Dill, what do you think of the significance of this?
PROF. DAVID DILL: Well, I think Bruce Funk is the only person who’s really done his job. We are constantly re-assured about the processes to certify these machines at the federal level. Several different states have supposedly inspected them. Several studies have been commissioned. And this was the only point where the security flaw was really revealed to the public, through the efforts of a private organization and one county clerk. There’s a real shoot-the-messenger mentality here. I think we’ve got a very bad situation if when the people who do their jobs really well are punished for doing so, especially at the behest of a vendor who was embarrassed by that person discovering a flaw in their product.
AMY GOODMAN: And explain what exactly the flaw was.
PROF. DAVID DILL: I’ve really been asked not to go into great detail about this, not that I could. I could speculate about it, but a number of computer scientists who are experts on this have asked other people not to speculate in great detail about what could be going on, because the flaw is sufficiently dangerous, they don’t want the knowledge out there widely. The most detailed report is available at the Black Box Voting website, and what it describes is basically several different levels at which different kinds of software can be installed in the machine, and normally what you would expect is at least a password that is not widely known, that would have to be given in order to prevent the software from being installed, and apparently the machines don’t even have that requirement. So if you put the files in the right place, and they have certain simple properties, the machine will happily install them.
AMY GOODMAN: Why isn’t there more outrage about this?
PROF. DAVID DILL: I think — well, it’s gotten actually a fair amount of national news coverage compared to a lot of e-voting problems. I think that there are a lot of people who would be embarrassed if this were more widely known, and I think that they would prefer that it not be discussed in great deal. It has, however, gotten a lot of national news coverage. I do want people to think about this in the right way. This is a bad security problem, but if you step back a little bit, it’s not a lot different from what we had before we knew about this problem, which is that you have a bunch of machines that basically you don’t know what they’re doing, you don’t know whether they’re recording the votes accurately, and there’s no way to check during the election or after the fact. So this is one of what’s going to be an infinite series of security crises.
AMY GOODMAN: Let me read to you from a Newsweek piece by Steven Levy, “Will Your Vote Count in 2006?” which, of course, quotes you saying, “When you’re using a paperless voting system, there’s no security.” But it quotes Diebold Election Systems spokesperson David Bear, who says that “Hursti’s findings do not represent a fatal vulnerability in Diebold technology, but simply note the presence of a feature that allows access to authorized technicians to periodically update the software. If it so happens that someone not supposed to use the machine — or an election official who wants to put his or her thumb on the scale of democracy — takes advantage of this fast track to fraud, that’s not Diebold’s problem.” Bear says, the Diebold spokesperson, “[Our critics are] throwing out a 'what if' that’s premised on a basis of an evil, nefarious person breaking the law.”
PROF. DAVID DILL: I’m always speechless when I hear or read that quote. But I’m trying to think of the right analogy. It’s like someone issuing me burglary tools so I can get into my house more conveniently. What it does is compromise me. You know, it casts doubt on every election and every election official, regardless of how honest they are. So it’s heartwarming that Diebold has this much confidence in our election officials, but I think that our election officials would probably prefer to see the elections protected by the equipment.
AMY GOODMAN: Bruce Funk, are you sorry you did what you did? You’ve lost your job. You had it for almost a quarter of a century.
BRUCE FUNK: No, I don’t. I knew at the time, in watching Harri Hursti go through these machines, that it was the right thing to do, and despite the outcome. And watching that, I had the same concerns as Professor Dill there, in that the vulnerability of these machines were what really concerned me, because as an election official, you can’t have something there that even questions whether it can be hacked, and you’re going to be accountable for that, and they’re going to accuse you of that. And you don’t even want that option there.
AMY GOODMAN: Professor Dill, the midterm elections are coming up. How many electronic voting machines are there in the country? What is your assessment of the situation now?
PROF. DAVID DILL: I don’t know the exact number. In 2004, 30% of the votes went through electronic voting. Since then, there have been two changes. More electronic voting machines have been purchased, but there has also been more paper-based machines, either those machines with voter verifiable printers or paper ballot systems purchased.
AMY GOODMAN: What are your other concerns about the machines?
PROF. DAVID DILL: Well, there are so many concerns that I think — you know, we have to get out of the mentality of treating each election as a crisis and start undertaking a long-term plan to make the system more transparent, that includes both technology, but also election law, election procedures and making sure there’s more citizen participation in watching over elections.
AMY GOODMAN: Paper receipts? I mean, the idea that a person who votes on an electronic voting machine has no way to verify that their vote registered what they wanted it to?
PROF. DAVID DILL: Yeah, you need some sort of paper record that the voter can check before the vote is cast to make sure that there is something that people can go back to and recount, if it’s really necessary to do that. I don’t like the term “receipt,” because it suggests that it’s something you can carry away from the polling place, which is not true. It stays in the ballot box, so it can be audited or recounted at a later time. But that’s not the whole solution. That’s something we need. We also need all the procedures, laws and the observers there to make sure that those things are properly handled and that the laws are followed.
AMY GOODMAN: What kind of legislation is there?
PROF. DAVID DILL: Right now, we’ve got such a decentralized system that every state is different. Some states, including the one you are in, California, have relatively solid laws, although there’s still substantial room for improvement. Some states have virtually no protection at all for voters — fully electronic voting, no real provisions for recounts, etc. At the federal level, there are several bills pending that we’d love to see passed. One is Rush Holt’s HR550, which requires voter-verified paper trails and random audits.
AMY GOODMAN: Now, how long has that been languishing in Congress?
PROF. DAVID DILL: Well, it’s been languishing for a couple of years in different forms it’s been written — at least three years, actually. It is gathering more and more co-sponsors, and it’s approaching within shooting distance of a majority of the House.
AMY GOODMAN: And explain what the argument against it is. How does a congressman argue against having some kind of way that the counting could be re-done, if need be?
PROF. DAVID DILL: The arguments vary a lot, and a lot of the times people just don’t really want to talk about it. Some of the original authors of the Help America Vote Act legislation in 2002 have said that the current protections are adequate and that the problem will be studied some more in the Election Assistance Commission, which they set up, a federal commission, will study the problem and come up with the right security measures. That’s not really happening. The Election Assistance Commission has not been very aggressive about the security of these machines. Others say, “Well, we’ll support the bill when it gets to the floor of the House, which is not very helpful in getting it to the floor of the House, which is what we need.
AMY GOODMAN: Bruce Funk, what kind of response has there been in the public to what you did, to trying to examine these Diebold voting machines in Utah?
BRUCE FUNK: Initially there, for example, within the first week, I had thousands of personal emails from all across the United States from people extending appreciation for someone to be concerned and take the time and invite somebody in and watch other our democratic process. So it’s been overwhelming acknowledgement across the country and even residents who are temporarily out of the country. My problem is locally is that the state officials have bought into this thing to where they’ve made me out to be the villain for having done this. So nationally I get a very positive response. Within the state, they don’t want to acknowledge any aspect of what I’ve done was proper.
AMY GOODMAN: Professor Dill, have you seen other restive election officials in other states that are starting to do the kind of thing that we’re seeing here?
PROF. DAVID DILL: Not very many. One of the other ones, also a similar situation with different equipment, was Ion Sancho in Leon County, Florida. He also has faced a certain amount of adversity for inspecting his own machines, but at least he still has his job, so far as I know, and is getting a lot more local support within his county. I have heard from a few other election officials that they have asked a few inconvenient questions about the machines and been basically told that that wasn’t a good thing to do, but nobody else is sufficiently public to talk about it.
AMY GOODMAN: Now, Diebold, of course, is the company where the former head said that “We will deliver” the votes to Bush. This was in Ohio.
PROF. DAVID DILL: A famous un-politic quote. I assume that he was talking about campaign fundraising, rather than through his voting machine company, but…
AMY GOODMAN: And how extensive, in terms of the corporate landscape, are Diebold machines. What are the other machines that are out there?
PROF. DAVID DILL: There are maybe four major venders of electronic voting equipment and a number of regional venders that have certain cities, like, say, Philadelphia. So, the others: ES&S, Sequoia and Hart Intercivic are the other major vendors. Diebold may have more paperless electronic voting machines out there than other companies. They’re not the largest vendor, but they may be the largest vendor of electronic voting machines.
AMY GOODMAN: Finally, are you at all optimistic on change, on verifiability, on what this means for the 2006 and then the 2008 presidential election?
PROF. DAVID DILL: I think we have to take one election at a time. I’m very optimistic, so long as we don’t insist that the problem be solved by next year. I can look at the progress that has been made over the last three years. Even since 2004, more — you know, right now there are 27 or 28 states that require voter-verified paper records. At the end of 2004, it was maybe 13 states. I don’t have the exact number. Now more than half of the voting population of the U.S. is in states that have voter-verified paper record requirements. So progress is being made, but it’s slower than I would like.
AMY GOODMAN: Rush Holt is a Democratic congressmember from New Jersey, but I don’t exactly see the Democratic Party, the Democratic leaders in Congress, the presidential candidates making this a major issue.
PROF. DAVID DILL: I agree. You know, a lot of them have spoken about it. Howard Dean came out in 2004 very strongly against paperless electronic voting. But I don’t hear it discussed as often as I would like to hear it. It’s also not just a Democratic issue. There’s certainly Republicans who very solidly support what I’m trying to do, including John Ensign in the Senate, who has submitted his own bill.
AMY GOODMAN: Well, I want to thank you very much for being with us, Professor David Dill, founder of verifiedvoting.org; and Bruce Funk, on the line with us, former County Clerk of Emery County, Utah, forced out of his position when he exposed security flaws in the Diebold voting machines.