Primary Concerns

Electronic voting machines in Maryland survived their first test, but officials may want to install a firewall before the presidential election. (Baseline)

The early returns are in and no voter fraud has been discovered in the wake of Marylands first statewide use of touch-screen electronic voting machines, which took place during the Democratic primary on March 2. Thats a good thing...right?

Maybe not, says the expert who outlined several specific steps Maryland needed to improve its security procedures—only some of which the state managed to implement before the primary.

"Election officials will think that this validates the system, that now we can all see that it works just fine—but thats not the case," says Michael Wertheimer, a systems-security consultant at Columbia, Md.-based RABA Technologies, the firm charged with advising Maryland on its voting security. "In fact, what this means is that when the November election comes around—the really important election—a malicious person will have had an opportunity to do reconnaissance."

Nonsense, says Linda Lamone, the states director of elections. "This showed that our systems are secure," she said after the Super Tuesday vote ended with no major technology glitches. But can a voting system be secure without following a security recommendation as basic as installing an Internet firewall?

The primary was Marylands first statewide election since purchasing more than $55 million worth of touch-screen electronic voting machines from North Canton, Ohio-based Diebold Election Systems Inc. in 2003.

The RABA report, commissioned by the state and released in mid-January, followed several critical analyses of touch-screen voting machines, including a damning report last summer from researchers at Johns Hopkins University. RABA found that Marylands Diebold voting machines could be opened with a purloined key or simply pried open, then disabled or reprogrammed. Password protection was deemed inadequate. Researchers also found they were able to dial into the vote-tabulation server, raising the specter that hackers bent on election-tampering could do the same.

Maryland state officials responded prior to the March 2 vote by securing machines with tamper-proof tape, and by creating new, randomly generated passwords for key cards, although the latter was done only at a county level, not the precinct level suggested by the report.

A sampling of voters at Lutherville, Md., on Super Tuesday showed that the systems worked well on the surface. "The machine was easy to use," says Charlie Mitchell, 49. "The only thing I wondered about was what I had read about these machines—were the votes getting counted or not? I dont know."

Maryland failed to carry out other key recommendations as well, such as patching the Windows 2000 software used on its central computer system, and installing a firewall to protect that system. "We are disappointed," Wertheimer says.

Lamone says Maryland will follow through by November on the RABA recommendations it hasnt yet implemented. The states claim: its Global Election Management System software has choked on patches in the past, meaning any fixes and subsequent independent testing might not have been completed in time. Maryland couldnt risk a system failure, since there was no backup to the touch-screen units—the state had already gotten rid of its old, optical-scan voting machines.

The risk of tampering is as old as voting itself, but technology makes it both harder to trace and possible on a larger scale, says political activist Kevin Zeese, who heads an advocacy group called Campaign for Verifiable Voting that wants stricter controls on Marylands voting procedures.

"The Republicans say the Democrats are out to steal elections, the Democrats say the Republicans are and the Greens say theyre both right," he cracks. The group has focused on Web-based activism, posting tools online that allow volunteers to write legislators and newspapers, put logos on their own websites, sign resolutions and so on. About 1,000 people have taken some sort of action through the site, Zeese says.

Diebold has not helped things. The company announced in January 2003 that it had accidentally revealed source code for its voting machines on the Internet, and found itself at the center of a political controversy when its chief executive wrote a letter later in the year pledging to help re-elect President George W. Bush.

Meanwhile, the two groups of professionals involved—elections officials and computer scientists—are talking past each other. Where their specialties overlap, they tend to disagree on both the big picture and the details. "These are wonderful people in elections, but they are not security professionals or information-technology professionals," says Wertheimer, a veteran of the National Security Agency who adds he has witnessed repeated attempts to hack systems at military sites, power grids and phone networks.

/zimages/4/28571.gifCheck out eWEEK.coms Security Center at for security news, views and analysis.

Lamone notes the machines had been extensively tested, with every unit undergoing logic and accuracy tests. But David Dill, a Stanford computer scientist who has been a high-profile critic of voting-machine security, says current logic and accuracy tests are inadequate. "They mostly consist of running scripts on the machines," Dill says. "It is incredibly easy to write malicious code that checks whether there is a script running and behaves perfectly in that case. A better test would be to run a mock election, but there are literally dozens of checks that malicious software could use to distinguish a mock election from a real election."

Dill says that testing procedures at the federal level are no better. "I cant even get good information about how carefully the software is inspected by the [federal] testing labs," he says.

Next Page: Biggest risk is insiders.