ALTIMORE, April 29 - The fix was in, and it was
devilishly hard to detect. Software within electronic voting
machines had been corrupted with malicious code squirreled away in
images on the touch screen. When activated with a specific series of
voting choices, the rogue program would tip the results of a
precinct toward a certain candidate. Then the program would
disappear without a trace.
 |
|
|
Luckily, the setting was not an election but a classroom
exercise; the conspirators were students of Aviel D. Rubin, a
professor at Johns Hopkins University. It might seem unusual to
teach computer security through hacking, but a lot of what Professor
Rubin does is unusual. He has become the face of a growing revolt
against high-technology voting systems. His critiques have earned
him a measure of fame, the enmity of the companies and their
supporters among election officials, and laurels: in April, the
Electronic Frontier Foundation gave him its Pioneer Award, one of
the highest honors among the geekerati.
The push has had an effect on a maker of electronic voting
machines, Diebold
Inc., as well. California has banned the use of more than 14,000
electronic voting machines made by Diebold in the November election
because of security and reliability concerns. Also, the company has
warned that sales of election systems this year are slowing.
In April, the company said its first-quarter earnings rose 13
percent compared with the same quarter a year earlier. It also
reported $29.2 million in revenue on nearly $500 million in sales in
the latest period. But it lowered expectations for election systems
sales for this year to a range of $80 million to $95 million from
$100 million in sales a year earlier.
Professor Rubin took center stage in the national voting scene
last July, when he published the first in-depth security analysis of
Diebold's touch-screen voting software. The software had been pulled
off an unprotected Diebold Internet site by Bev Harris, a
publicist-turned-muckraker who posted the software and other
documents she found as part of her campaign against what she calls
"black box voting."
Professor Rubin and his colleagues at Hopkins and Rice University
in Houston subjected the 49,000 lines of code to a deep review over
a two-week period. Their report painted a grim picture: "Our
analysis shows that this voting system is far below even the most
minimal security standards applicable in other contexts," they
wrote. "We conclude that, as a society, we must carefully consider
the risks inherent in electronic voting, as it places our very
democracy at risk."
That shot across the bow was met with outrage from the industry
and from election officials who had spent tens of millions of
dollars on Diebold machines. Mr. Rubin was denounced as
irresponsible and uninformed.
"I think when he's talking about computers, he's very good and
knows what he's doing," said Britain J. Williams, a professor
emeritus of computer science at Kennesaw State University in
Georgia, and a consultant on voting systems. "When he's talking
about elections, he doesn't know what he's talking about."
Typically, Professor Rubin decided to confront the issue of
whether he had experience with elections by taking part in one.
During the March presidential primary, he signed up to become an
election judge and found himself sitting all day at a precinct in a
church at Lutherville, Md., helping voters use the same Diebold
touch-screen machines that he had criticized so roundly. He then
went home and wrote a full account and posted it to the
Internet.
Over the day, he wrote, "I started realizing that some of the
attacks described in our initial paper were actually quite
unrealistic, at least in a precinct with judges who worked as hard
as ours did and who were as vigilant. At the same time, I found that
I had underestimated some of the threats before."
Ultimately, he said, "I continue to believe that the Diebold
voting machines represent a huge threat to our democracy."
When asked to comment on Professor Rubin's work, the company
issued a statement that did not mention him by name. "Our collective
goal should always be to provide voters with the assurance that
their vote is important, voting systems are accurate and their
individual vote counts," the company said.
.gif){kind=spacer}
