Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Database
    • IT Management
    • Networking
    • Storage

    Primary Concerns

    Written by

    Edward Cone
    Published March 3, 2004
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      The early returns are in and no voter fraud has been discovered in the wake of Marylands first statewide use of touch-screen electronic voting machines, which took place during the Democratic primary on March 2. Thats a good thing…right?

      Maybe not, says the expert who outlined several specific steps Maryland needed to improve its security procedures—only some of which the state managed to implement before the primary.

      “Election officials will think that this validates the system, that now we can all see that it works just fine—but thats not the case,” says Michael Wertheimer, a systems-security consultant at Columbia, Md.-based RABA Technologies, the firm charged with advising Maryland on its voting security. “In fact, what this means is that when the November election comes around—the really important election—a malicious person will have had an opportunity to do reconnaissance.”

      Nonsense, says Linda Lamone, the states director of elections. “This showed that our systems are secure,” she said after the Super Tuesday vote ended with no major technology glitches. But can a voting system be secure without following a security recommendation as basic as installing an Internet firewall?

      The primary was Marylands first statewide election since purchasing more than $55 million worth of touch-screen electronic voting machines from North Canton, Ohio-based Diebold Election Systems Inc. in 2003.

      The RABA report, commissioned by the state and released in mid-January, followed several critical analyses of touch-screen voting machines, including a damning report last summer from researchers at Johns Hopkins University. RABA found that Marylands Diebold voting machines could be opened with a purloined key or simply pried open, then disabled or reprogrammed. Password protection was deemed inadequate. Researchers also found they were able to dial into the vote-tabulation server, raising the specter that hackers bent on election-tampering could do the same.

      Maryland state officials responded prior to the March 2 vote by securing machines with tamper-proof tape, and by creating new, randomly generated passwords for key cards, although the latter was done only at a county level, not the precinct level suggested by the report.

      A sampling of voters at Lutherville, Md., on Super Tuesday showed that the systems worked well on the surface. “The machine was easy to use,” says Charlie Mitchell, 49. “The only thing I wondered about was what I had read about these machines—were the votes getting counted or not? I dont know.”

      Maryland failed to carry out other key recommendations as well, such as patching the Windows 2000 software used on its central computer system, and installing a firewall to protect that system. “We are disappointed,” Wertheimer says.

      Lamone says Maryland will follow through by November on the RABA recommendations it hasnt yet implemented. The states claim: its Global Election Management System software has choked on patches in the past, meaning any fixes and subsequent independent testing might not have been completed in time. Maryland couldnt risk a system failure, since there was no backup to the touch-screen units—the state had already gotten rid of its old, optical-scan voting machines.

      The risk of tampering is as old as voting itself, but technology makes it both harder to trace and possible on a larger scale, says political activist Kevin Zeese, who heads an advocacy group called Campaign for Verifiable Voting that wants stricter controls on Marylands voting procedures.

      “The Republicans say the Democrats are out to steal elections, the Democrats say the Republicans are and the Greens say theyre both right,” he cracks. The group has focused on Web-based activism, posting tools online that allow volunteers to write legislators and newspapers, put logos on their own websites, sign resolutions and so on. About 1,000 people have taken some sort of action through the site, Zeese says.

      Diebold has not helped things. The company announced in January 2003 that it had accidentally revealed source code for its voting machines on the Internet, and found itself at the center of a political controversy when its chief executive wrote a letter later in the year pledging to help re-elect President George W. Bush.

      Meanwhile, the two groups of professionals involved—elections officials and computer scientists—are talking past each other. Where their specialties overlap, they tend to disagree on both the big picture and the details. “These are wonderful people in elections, but they are not security professionals or information-technology professionals,” says Wertheimer, a veteran of the National Security Agency who adds he has witnessed repeated attempts to hack systems at military sites, power grids and phone networks.

      /zimages/4/28571.gifCheck out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.

      Lamone notes the machines had been extensively tested, with every unit undergoing logic and accuracy tests. But David Dill, a Stanford computer scientist who has been a high-profile critic of voting-machine security, says current logic and accuracy tests are inadequate. “They mostly consist of running scripts on the machines,” Dill says. “It is incredibly easy to write malicious code that checks whether there is a script running and behaves perfectly in that case. A better test would be to run a mock election, but there are literally dozens of checks that malicious software could use to distinguish a mock election from a real election.”

      Dill says that testing procedures at the federal level are no better. “I cant even get good information about how carefully the software is inspected by the [federal] testing labs,” he says.

      Next Page: Biggest risk is insiders.

      Insider Risk

      Lamone dismisses RABAs success at physically breaking into boxes as unrealistic in the real world, given the presence of election observers, locked storage facilities and other traditional security methods.

      But Wertheimer says the biggest risk of tampering with electronic voting machines is from insiders—either elections staff or vendors. “If you have five minutes with a server, you can load a CD and change everything,” he says. The risks grow the farther upstream you go. Compromising a single machine might involve 150 votes, the average number of votes counted by a single machine, according to Wertheimer. Cracking a server at the county level in Maryland might mean access to tens of thousands of votes, with more than three million votes at stake at the state level.

      “If malicious changes to the software are made before it is distributed to the individual machines, there is no way to defend against it,” Dill says. “It can easily be hidden so that it is very unlikely to be detected by any amount of inspection or testing.”

      Computer experts say that paper ballots printed by the electronic machines would reduce risks of tampering—a position taken last fall by California voting officials.

      “Name an electronic transaction that doesnt ask if you want a paper receipt—at the bank, the gas pump, Amazon,” Wertheimer says.

      Indeed, Dill suggests that voting systems need tighter security, since voters names arent inscribed on ballots. “Compare that with banks, [which] have paper audit trails all over the place, all transactions have the names of the participants on them—and they are still subject to insider fraud,” he says. “Its a cost of doing business.”

      But many voting officials say printers are unreliable and the ongoing cost of paper ballots and storage are too high. “Paper will cause more problems than it solves,” Lamone says.

      Nevertheless, Lutherville voter William Myers, 74, says he expected a paper trail of some sort, but acknowledges he didnt see one. “Nothing is perfect, I suppose,” Myers says.

      Wertheimer admits that paper is “a nightmare” to store according to federal standards, but says the costs of building and upgrading security over time will be greater than those associated with paper. “Your local election judges have to be information-technology pros,” he says. “Security is a process, not something you achieve. When you buy into an all-electronic solution, you are buying into a lifetime of increasing support, like patching your PC repeatedly against new viruses. You have to stay ahead of the hackers around the world.”

      —Additional reporting by Sean Gallagher

      Edward Cone
      Edward Cone
      Senior Writer and author of the Know It All blogEd Cone has worked as a contributing editor at Wired, a staff writer at Forbes, a senior writer for Ziff Davis with Baseline and Interactive Week, and as a freelancer based in Paris and then North Carolina for a wide variety of magazines and papers including the International Herald Tribune, Texas Monthly, and Playboy. He writes an opinion column in his hometown paper, the Greensboro News & Record, and publishes the semi-popular EdCone.com weblog. He lives in North Carolina with his wife, Lisa, two kids, and a dog.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×