Insider Risk

By Edward Cone  |  Posted 2004-03-03 Print this article Print

Lamone dismisses RABAs success at physically breaking into boxes as unrealistic in the real world, given the presence of election observers, locked storage facilities and other traditional security methods. But Wertheimer says the biggest risk of tampering with electronic voting machines is from insiders—either elections staff or vendors. "If you have five minutes with a server, you can load a CD and change everything," he says. The risks grow the farther upstream you go. Compromising a single machine might involve 150 votes, the average number of votes counted by a single machine, according to Wertheimer. Cracking a server at the county level in Maryland might mean access to tens of thousands of votes, with more than three million votes at stake at the state level. "If malicious changes to the software are made before it is distributed to the individual machines, there is no way to defend against it," Dill says. "It can easily be hidden so that it is very unlikely to be detected by any amount of inspection or testing."
Computer experts say that paper ballots printed by the electronic machines would reduce risks of tampering—a position taken last fall by California voting officials.
"Name an electronic transaction that doesnt ask if you want a paper receipt—at the bank, the gas pump, Amazon," Wertheimer says. Indeed, Dill suggests that voting systems need tighter security, since voters names arent inscribed on ballots. "Compare that with banks, [which] have paper audit trails all over the place, all transactions have the names of the participants on them—and they are still subject to insider fraud," he says. "Its a cost of doing business." But many voting officials say printers are unreliable and the ongoing cost of paper ballots and storage are too high. "Paper will cause more problems than it solves," Lamone says. Nevertheless, Lutherville voter William Myers, 74, says he expected a paper trail of some sort, but acknowledges he didnt see one. "Nothing is perfect, I suppose," Myers says. Wertheimer admits that paper is "a nightmare" to store according to federal standards, but says the costs of building and upgrading security over time will be greater than those associated with paper. "Your local election judges have to be information-technology pros," he says. "Security is a process, not something you achieve. When you buy into an all-electronic solution, you are buying into a lifetime of increasing support, like patching your PC repeatedly against new viruses. You have to stay ahead of the hackers around the world." —Additional reporting by Sean Gallagher

Senior Writer and author of the Know It All blog

Ed Cone has worked as a contributing editor at Wired, a staff writer at Forbes, a senior writer for Ziff Davis with Baseline and Interactive Week, and as a freelancer based in Paris and then North Carolina for a wide variety of magazines and papers including the International Herald Tribune, Texas Monthly, and Playboy. He writes an opinion column in his hometown paper, the Greensboro News & Record, and publishes the semi-popular weblog. He lives in North Carolina with his wife, Lisa, two kids, and a dog.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel