How They Could Steal the Election This Time - Ronnie Dugger - The Nation

[Guest guest]

>

>

http://www.thenation.com/doc.mhtml?i=20040816 & s=dugger

>

>

> How They Could Steal the Election This Time

> by RONNIE DUGGER

>

> [from the August 16, 2004 issue]

>

> On November 2 millions of Americans will cast

> their votes for President in computerized voting

> systems that can be rigged by corporate or

> local-election insiders. Some 98 million citizens,

> five out of every six of the roughly 115 million who

> will go to the polls, will consign their votes into

> computers that unidentified computer programmers,

> working in the main for four private corporations

> and the officials of 10,500 election jurisdictions,

> could program to invisibly falsify the outcomes.

>

> The result could be the failure of an American

> presidential election and its collapse into

> suspicions, accusations and a civic fury that will

> make Florida 2000 seem like a family spat in the

> kitchen. Robert Reich, Bill Clinton's Labor

> Secretary, has written, " Automated voting machines

> will be easily rigged, with no paper trails to

> document abuses. " Senator John Kerry told Florida

> Democrats last March, " I don't think we ought to

> have any vote cast in America that cannot be traced

> and properly recounted. " Pointing out in a recent

> speech at the NAACP convention that " a million

> African-Americans were disenfranchised in the last

> election, " Kerry says his campaign is readying 2,000

> lawyers to " challenge any place in America where you

> cannot trace the vote and count the votes " [see Greg

> Palast, " Vanishing Votes, " May 17].

>

> The potential for fraud and error is daunting.

> About 61 million of the votes in November, more than

> half the total, will be counted in the computers of

> one company, the privately held Election Systems and

> Software (ES & S) of Omaha, Nebraska. Altogether,

> nearly 100 million votes will be counted in

> computers provided and programmed by ES & S and three

> other private corporations: British-owned Sequoia

> Voting Systems of Oakland, California, whose

> touch-screen voting equipment was rejected as

> insecure against fraud by New York City in the

> 1990s; the Republican-identified company Diebold

> Election Systems of McKinney, Texas, whose machines

> malfunctioned this year in a California election;

> and Hart InterCivic of Austin, one of whose

> principal investors is Tom Hicks, who helped make

> George W. Bush a millionaire.

>

> About a third of the votes, 36 million, will be

> tabulated completely inside the new paperless,

> direct-recording-electronic (DRE) voting systems, on

> which you vote directly on a touch-screen. Unlike

> receipted transactions at the neighborhood ATM,

> however, you get no paper record of your vote.

> Since, as a government expert says, " the ballot is

> embedded in the voting equipment, " there is no

> voter-marked paper ballot to be counted or

> recounted. Voting on the DRE, you never know,

> despite what the touch-screen says, whether the

> computer is counting your vote as you think you are

> casting it or, either by error or fraud, it is

> giving it to another candidate. No one can tell what

> a computer does inside itself by looking at it; an

> election official " can't watch the bits inside, "

> says Dr. Peter Neumann, the principal scientist at

> the Computer Science Laboratory of SRI International

> and a world authority on computer-based risks.

>

> The four major election corporations count votes

> with voting-system source codes. These are kept

> strictly secret by contract with the local

> jurisdictions and states using the machines. That

> secrecy makes it next to impossible for a candidate

> to examine the source code used to tabulate his or

> her own contest. In computer jargon a " trapdoor " is

> an opening in the code through which the program can

> be corrupted. David Stutsman, an Indiana lawyer

> whose suits in the 1980s exposed a trapdoor that was

> being used by the nation's largest election company

> at that time, puts it well: " The secrecy of the

> ballot has been turned into the secrecy of the vote

> count. "

>

> According to Dr. David Dill, professor of computer

> science at Stanford, all elections conducted on DREs

> " are open to question. " Challenging those who

> belittle the danger of fraud, Dill says that with

> trillions of dollars at stake in the battle for

> control of Congress and the presidency, potential

> attackers who might seek to fix elections include

> " hackers, candidates, zealots, foreign governments

> and criminal organizations, " and " local officials

> can't stop it. "

>

> Last fall during a public talk on " The Voting

> Machine War " for advanced computer-science students

> at Stanford, Dill asked, " Why am I always being

> asked to prove these systems aren't secure? The

> burden of proof ought to be on the vendor. You ask

> about the hardware. 'Secret.' The software?

> 'Secret.' What's the cryptography? 'Can't tell you

> because that'll compromise the secrecy of the

> machines.'... Federal testing procedures? 'Secret'!

> Results of the tests? 'Secret'! Basically we are

> required to have blind faith. "

>

> The integrity of the vote-counting inside DREs

> depends on audit logs and reports they print out,

> but as Neumann says, these are " not real audit

> trails " because they are themselves riggable. The

> DREs randomly store three to seven complete sets of

> alleged duplicates of each voter's ballot, and sets

> of these images can be printed out after the

> election and manually counted. The companies claim

> that satisfies the requirement in the 2002 Help

> America Vote Act (HAVA) that " a manual audit

> capacity " must be available. But as informed

> computer scientists unanimously agree, if the first

> set of ballot images is corrupted, they all are. I

> asked Robert Boram, the chief engineer who invented

> a DRE sold by the RF Shoup voting-systems company,

> if he could rig his DRE's three sets of ballot

> images. " Give me a month, " he replied.

>

> The United States therefore faces the likelihood

> that about three out of ten of the votes in the

> national election this November will be

> unverifiable, unauditable and unrecountable. The

> private election companies and local and state

> election officials, when required to carry out

> recounts of elections conducted inside the DREs,

> will order the computers to spit out second

> printouts of the vote totals and the computers'

> wholly electronic, fakable " audit trail. " The

> companies and most of the election officials will

> then tell the voters that the second printouts are

> " recounts " that prove the vote-counting was " 100

> percent accurate, " even though a second printout is

> not a recount.

>

> HAVA was supposed to solve election problems

> revealed in 2000; instead, it has made the situation

> worse. Under the act the Election Assistance

> Commission (EAC), appointed by President Bush, is

> supposed to set standards for the vote-counting

> process, but four months before the election the new

> agency had only seven full-time staff members. On

> June 17 the EAC sent $861 million to twenty-five

> states, mainly to buy computerized machines for

> which no new technical standards have been set. Its

> just-appointed fifteen-member technical standards

> committee does not include more than one leading

> critic of computerized vote-counting.

>

> Rather than completely testing the vote-counting

> codes, there is some secretive testing of systems by

> three private companies that are chosen by the

> pro-voting-business National Association of State

> Election Directors. The companies consult obsolete

> pro-company and completely voluntary standards

> promulgated by the Federal Election Commission and

> get paid by the very companies whose equipment is

> being tested. The three private companies,

> speciously called Independent Testing Authorities,

> together constitute a Potemkin village to falsely

> assure the states and the voters of the security of

> the systems. Often their work is misrepresented as

> " federal testing. " The states then test and

> " certify " the systems, and the local jurisdictions

> put on dog-and-pony-show " logic and accuracy tests, "

> which are not capable of discovering hidden codes

> that would change vote totals.

>

> " The system is much more out of control than

> anyone here may be willing to admit, " Dr. Michael

> Shamos, a computer scientist at Carnegie-Mellon

> University and for many years an examiner of voting

> machines for Texas and Pennsylvania, told a House

> panel on June 24. " There's virtually no control over

> how software enters a voting machine. " Shamos told

> another House panel on July 20, " There are no

> adequate standards for voting machines, nor any

> effective testing protocols. "

>

> Hackable computer codes control vote-counting in

> all three kinds of computerized systems that will be

> used again in the 2004 elections: the ballotless

> DREs, on which some 36 million will vote;

> optical-scan systems that electronically tally paper

> ballots marked by the voters, on which 40 million

> people will vote; and punch-card ballots, also

> tabulated by computerized card-readers, which gained

> notoriety in 2000 and are still used by 22 million

> voters. (Another 16 million still vote on the old

> lever machines, about a million on hand-counted

> paper ballots.)

>

> Florida 2000 was universally misunderstood and

> mischaracterized in the press as a crisis of hanging

> chads on the punch-card ballots. The serious issue,

> then as now, was embodied in the explicit though all

> but unreported position that James Baker, George W.

> Bush's field commander in Florida, staked out to

> stop the recounting of votes. The computerized

> vote-counting systems, Baker declared, are

> " precision machinery " that both count and recount

> votes more accurately than people do. Now, with

> Senator Kerry demanding recountability, an ominously

> intensifying partisan split has developed in

> Washington over whether to have a voter-verified

> paper trail and, when necessary, to conduct recounts

> with it.

>

> Torment in Washington

>

> Though no broad citizens' movement has formed

> against computerized vote-counting, a nationwide

> backlash against unverifiable paperless voting has.

> The paper ballots used in the op-scan and punch-card

> systems already provide a voter-verified paper audit

> trail (VVPAT). The principal proposed security

> safeguard for the DRE system was invented, but not

> patented, ten years ago by computer scientist

> Rebecca Mercuri, now a research fellow at Harvard.

> In her solution, after voters record their choices

> on the touch-screen, they confirm them on a paper

> ballot that appears under glass and then push a

> button to cast the vote, causing the machine to

> deposit the paper ballot in a box that will hold it

> for recounting if that is ordered. The printer for

> the paper ballots for each voting machine should

> cost about $50; the total add-on could be $300-$600.

> Many jurisdictions also have the alternative of

> expanding or acquiring the relatively inexpensive

> optical-scan systems or other systems already in

> place that create paper trails.

>

> In the US Senate seven Democrats and the one

> Independent are co-sponsoring a bill by Senators Bob

> Graham and Hillary Clinton to require paper trails

> on DREs by November, with a loophole for

> jurisdictions whose officials deem it to be

> technologically impossible. Clinton told the press

> that without a voter-verified paper trail

> GOP-leaning corporations might program voting

> machines to help Republicans steal elections [see

> sidebar, page 16]. In an interview in his hideaway

> office in the Capitol, Graham told me that he

> regards his and Clinton's bill as so obviously

> needed that it's " a no-brainer. " The absence of a

> paper trail on the DREs could endanger " the

> legitimacy " of November's election, Graham said.

>

> New Jersey Democrat Rush Holt introduced a House

> bill more than a year ago requiring a paper trail on

> DREs. It has 149 co-sponsors, including a few

> prominent Republicans. Holt says, " The verification

> has to be something that the voter herself or

> himself has to do " ; without that, " we will never

> have a truly secure election. " Holt's bill has

> opened up a partisan divide in the House. The

> chairman of the committee to which his bill is

> assigned, Ohio Republican Bob Ney, informed Holt

> that he is against the bill and would not allow a

> hearing on it. A few days later Graham and Holt

> wrote their fellow members of Congress that " without

> an independent, voter-verified paper trail, we will

> be able only to guess whether votes are accurately

> counted. " Last month Ney relented and scheduled two

> hearings. Holt plans to offer his bill as an

> amendment to the Treasury appropriation after

> Congress returns from its August recess. Graham is

> still mulling his strategy.

>

> The principal stated objection to a DRE paper

> trail comes from some spokespersons for the

> disabled, who characterize it as a step back from

> the touch-screen's improved accessibility and

> privacy. Many election officials, whose work paper

> ballots make both auditable and much more extensive,

> object variously that the attachment will add costs,

> that the printers might fail and that paper ballots

> can be stolen or counterfeited and sometimes produce

> somewhat different totals.

>

> Leading citizen organizations have been split.

> Initially the League of Women Voters, concerned to

> minimize invalidly cast ballots, opposed the paper

> trail, but there was a revolt in the chapters and a

> petition for the paper trail was signed by 800

> members. At the league's June convention, after a

> fight led by Barbara Simons, past president of the

> Association of Computer Machinery, the league

> switched sides, endorsing voting systems that are

> " recountable. " Common Cause, placing the highest

> value on insuring that every vote is counted and can

> be recounted if necessary, has been among the

> leaders of the fight for the paper trail.

>

> Around the States

>

> Not surprisingly, the starkest resistance to the

> voter-verified paper trail comes from Florida, where

> more than half the citizens will have to vote on

> touch-screen systems in November. The President's

> brother, Governor Jeb Bush, and Jeb's Secretary of

> State, Glenda Hood, express unqualified confidence

> in the trustworthiness of the DRE systems and

> militantly oppose providing a paper-ballot trail for

> them. Hood has denied that the electronic voting

> machines can be tampered with in the software,

> saying: " The touch-screen machines are not

> computers. You'd have to go machine by machine, all

> over the state. " A spokeswoman for her says flatly

> that " a manual recount is unnecessary. "

>

> This past spring a powerful state senator proposed

> to make it illegal to recount votes in the DRE

> systems, but she backed down when called on it by

> activists. Then Ed Kast, director of Hood's division

> of elections, who has since resigned, sought to

> achieve the same purpose by diktat, issuing a formal

> ruling that, despite the extant state law requiring

> recounts under certain circumstances, supervisors of

> elections do not need to recount DRE ballots. The

> ACLU and other groups have sued to invalidate that

> ruling; a spokesperson for the state Republican

> Party excoriates the suit as a left-wingers' " ploy

> to undermine voters' confidence. "

>

> Representative Robert Wexler, a Democrat from the

> southern tier of the three big counties on the

> Atlantic, which for election scandals is to Florida

> what Cook County is to Illinois, sued state and

> county election officials in state and federal court

> to require the VVPAT on DREs. He argues that

> allowing some voters to have manual recounts but not

> others violates the Supreme Court decision in Bush

> v. Gore compelling equal treatment of voters

> (although the majority specified it was only for

> that election). To date his suits, opposed at every

> step by the Bush Administration in Tallahassee, have

> gotten nowhere. If he loses, half the voters in

> Florida, those voting on DREs, will be denied the

> manual recounts that the other half can have.

>

> The Bush forces in Florida geared up for another

> purge of released felons from the voter rolls. Ion

> Sancho, supervisor of elections for Leon County,

> admits with shame that the state's felon purge in

> 2000 resulted in more than 50,000 legal voters being

> disenfranchised. The state elections division

> identified 47,000 more suspected felons, a list

> disproportionately heavy with blacks, and asked that

> local election supervisors purge them. The Bush

> people refused to make the list public, but were

> ordered to do so by a judge. Only then was it

> discovered that the list excluded felons who are

> Hispanic. In Florida Hispanics tend to vote

> Republican. This dandy error was " absolutely

> unintentional, " the Bush people said--while

> abandoning the then indefensible list. Miami Herald

> columnist Jim Defede wrote that Hood--an " amazing

> incompetent or the leader of a frightening

> conspiracy " --must resign.

>

> " What are we going to do if there's a close race? "

> Wexler asked in the Orlando Sentinel. " The voting

> records of these machines will have disappeared in

> cyberspace. " He told me angrily: " Apparently their

> motives are to suppress the vote in Florida in a

> number of different ways. They are refusing a paper

> trail on a computerized voting machine. They are

> again preparing on the felons--they've got a new and

> improved process. I don't trust 'em to do the right

> thing. " This summer, Representative Alcee Hastings,

> whose district includes Fort Lauderdale and West

> Palm Beach, exclaimed, " Any way we cut it, these

> people are going to try to steal this election. "

>

> The Miami-Dade Reform Coalition asked Jeb Bush to

> audit the touch-screen machines this summer. Bush's

> spokesperson rebuffed that as " an accusation du

> jour. " Undeterred, Democratic US Senator Bill Nelson

> of Florida demanded, " Why not do an audit when so

> much is at stake?... The national election for

> President could ride on the results coming out of

> Florida. " Senator Nelson even sent a letter to

> Attorney General John Ashcroft asking that the

> federal government audit the machines.

>

> This past spring in California, Diebold systems

> malfunctioned in two counties, disenfranchising

> thousands of voters. Secretary of State Kevin

> Shelley discovered that the voting systems in

> seventeen counties in the state had not been

> certified, as required by law. After two days of

> tumultuous hearings in Sacramento, during which

> high-level election officials called the company's

> behavior " despicable " and accused its officials of

> lying, Shelley prohibited the use of Diebold's

> systems in four counties, the first time this has

> happened in the United States. Shelley, who has said

> to the Los Angeles Times that he doesn't want to be

> " the Katherine Harris of the West Coast, " also made

> the certification of voting systems in ten more

> counties dependent on their adoption of twenty-three

> security improvements that he specified. One of

> these requires those counties to let citizens vote

> on paper if they want to, but Shelley flinched at

> requiring a DRE paper trail this year. Four counties

> and advocates of the disabled sued Shelley to block

> his actions, but a federal judge ruled he had the

> authority and had used it reasonably.

>

> Two secretaries of state, Republicans Dean Heller

> in Nevada and Matt Blunt in Missouri, have required

> that DREs in their states have a voter-verified

> paper ballot for the November election. Sequoia is

> producing the Mercuri VVPAT on demand for Nevada,

> and several small election companies, including

> Avante and AccuPoll, have built Mercuri attachments,

> won their certification and are ready to sell them

> to local jurisdictions now. Among the thirty-one

> other states with DRE voting systems in some of

> their jurisdictions, as of early summer legislatures

> in five had rejected requiring the paper trail,

> another nine were considering such a requirement and

> seventeen had no such proposal before them.

>

> In swing-state Ohio, under procedures approved by

> Republican Secretary of State Kenneth Blackwell,

> thirty-one counties decided they would not use

> paperless DREs in November, and three said they

> would. Blackwell then ruled that because of unsolved

> security problems, none of them will. In Maryland,

> which imposed Diebold DREs statewide in 2002, the

> Board of Elections ruled that paper ballots cast in

> the March primary by citizens who did not want to

> vote on the DREs would not be counted. That's now in

> the courts. The Campaign for Verifiable Voting

> presented 13,000 signatures for a paper trail and

> called for the resignation of the state elections

> chief, Linda Lamone, who, sitting tight, said, " I

> think everything is going to be just fine. " In

> Texas, Representative Ciro Rodriguez, chair of the

> Congressional Hispanic Caucus, was renominated by

> 150 votes until 419 " found votes " made challenger

> Henry Cuellar the winner. Rodriguez is contesting

> the outcome, but since the voting in Bexar County

> (San Antonio) was conducted on DREs, the votes there

> can't be recounted. " There's no paper trail to

> verify what was put in, " Cuellar said.

>

> A paper trail will not assure that elections won't

> be stolen in the DREs. " The only thing the VVPAT

> will do is give us the ability to prove that it

> happened, " says Roxanne Jekot of Cumming, Georgia, a

> self-taught computer specialist who has become one

> of the most effective activists against paperless

> computerized voting. " There is nothing to deter that

> single outsourced information-technology worker

> [from manipulating the machine]. Nobody can prove

> that he did it. "

>

> Many states require recounts if an outcome in a

> computer-counted race is within a margin of less

> than 1 percent or a half or quarter percent, but

> that invites crooked programmers, if any such be at

> work, to jimmy their rigged outcomes to fall outside

> the recount-triggering spreads.

>

> Furthermore, a paper trail isn't an audit unless

> the ballots are recounted. Even before the advent of

> touch-screen systems, obtaining actual recounts of

> elections was becoming more difficult. Election

> officials, election companies and state laws have

> often combined to block recounts or discourage

> narrowly losing candidates from getting them.

> Incredibly, in 2002 the legislature in Nebraska, the

> home state of Election Systems & Software, outlawed

> recounts of the paper ballots in the ES & S

> optical-scan computerized ballot-counting systems

> that tally 85 percent or so of the votes in that

> state. Colorado requires that for elections

> conducted on DRE machines, recounts must be

> conducted on the very same machines.

>

> In Alabama two years ago, during a controversy

> over an election for governor conducted mostly on

> op-scan machines, Attorney General Bill Pryor,

> backing up the sheriff in one questioned county,

> ruled officially that under state law anyone

> recounting the ballots would be subject to arrest.

> This year President Bush, circumventing Senate

> hearings, elevated Pryor to the Eleventh Circuit

> Court of Appeals in a recess appointment.

>

> 'It's Really a Matter of Trust'

>

> Confident, friendly, but officious, Jesse Durazo,

> the registrar of voters of Santa Clara County in the

> heart of the Silicon Valley, is typical of hundreds

> of local election officials who berate " the

> academics. " This past spring, despite dire warnings

> from Professors Neumann of SRI and Dill of Stanford,

> Durazo led his county into buying 5,500 of the

> Sequoia AVC Edge DREs at $3,000 each ($20 million,

> figuring in everything). The anteroom of his county

> election headquarters is festooned with cheery signs

> such as one saying Voting Just Got Easier. He is

> delighted that DREs will facilitate voting by those

> who speak a foreign language (including Spanish,

> Vietnamese and Chinese).

>

> Durazo said that the AVC had first been approved

> by the federal government (which is not correct) and

> then certified by the California secretary of state.

> He said that providing a voter-verified ballot would

> open the way to " unlimited error, " while computer

> error, in contrast, can be " quantified. " As for

> Trojan horses smuggling in corrupt instructions, he

> said in a confident tone, " I don't have those

> fears. " Stealing votes in the computers is next to

> impossible, he insisted, because local ballots are

> set up at the last minute, there are a large number

> of races and ballot initiatives in any one election,

> and the order of the candidates' positions on the

> ballots is rotated in different precincts.

>

> The three sets of all the votes, kept in the

> computer, provide the recount, he said. Are those

> not just copies of each other, automatically made?

> Durazo exclaimed in high dudgeon: " It's a redundant

> perfection!... It starts with the premise that the

> information in the system is correct. "

>

> Alfred Gonzales, Durazo's Filipino outreach

> specialist for voters who speak Tagalog,

> demonstrated the AVC, a sign on the top of which

> said Try It Out Today. No More Punchcards! I voted

> on it and asked Gonzales how I knew for sure that my

> vote would be counted. " Because it will be

> registered in the machine, saved in the hard drive,

> and put on a cartridge, " he said. " At the end of the

> day it will be in the printout of the total. " How

> did he know the machine would do that? " Because it

> has been federally certified! " he said. " There is

> fool-proof security. " Well, one more thing, I asked.

> There's no ballot--what if you need a recount? " It's

> really a matter of trusting the machine, " Gonzales

> said. Patting the AVC gently, he intoned with pride,

> " It's really a matter of trust. "

>

> " These companies are basically saying 'trust us,' "

> Rebecca Mercuri told the New York Times. " Why should

> anybody trust them? That's not the way democracy is

> supposed to work. " Douglas Kellner, a leader on the

> New York City Board of Elections, exclaimed at a

> meeting of computer specialists in Berkeley this

> past spring, " I think the word 'trust' ought to be

> banned from election administration! " Dr. Avi Rubin,

> computer science professor and technical director of

> the Information Security Institute at Johns Hopkins

> University, recently testified before the federal

> Election Assistance Commission, " The vendors, and

> many election officials, such as those in Maryland

> and Georgia, continue to insist that the machines

> are perfectly secure. I cannot fathom the basis for

> their claims. I do not know of a single computer

> security expert who would testify that these

> machines are secure. "

>

> Mercuri wrote in her dissertation on vote-counting

> in 2001 that " security flaws (such as Trojan horse

> attacks)...are possible in all of the computer-based

> voting systems " and that providing thorough

> examinations of source code and other circuits for

> DREs that vary from municipality to municipality " is

> a Herculean task--one that is likely not to be

> affordable, even if it were accomplishable. "

>

> Not all the scientists agree. Michael Shamos of

> Carnegie-Mellon, who once warned that computerized

> vote-counting is highly vulnerable to fraud, now

> takes the position that " the issue is not whether

> voting systems are absolutely secure, but whether

> they present barriers sufficiently formidable to

> give us confidence in the integrity of our

> elections. "

>

> Voting Machines Stolen in Georgia

>

> In 2000 five out of six Georgians cast a paper

> ballot that could be recounted on ES & S systems. In

> January 2001, in a speech to the

> Democratic-controlled legislature, Georgia Secretary

> of State Cathy Cox, a Democrat who is expected to

> run for governor in 2006, declared that considering

> all the recent problems down in Florida, Georgia

> should adopt one " uniform electronic voting system

> by November 2004. " Upon Cox's fervent recommendation

> of the just-born Diebold Election Systems, in May

> 2002 Georgia agreed to pay Diebold $54 million for

> 19,000 DRE voting systems. The counties and cities

> of Georgia had chosen their own voting machines for

> the last time, and, less obviously, Georgians had

> lost their ability to recount their votes in

> contested elections.

>

> At once Diebold set to manufacturing 282 of its

> AccuVote TS voting systems a day. Some of the

> earliest ones arriving in Georgia, sent out for use

> in the training of election workers, were left in a

> hotel conference room overnight, stolen and never

> recovered. Late that June the secret vote-counting

> codes inside nine to fourteen more of the Diebold

> machines were stolen. Diebold made an uncounted

> number of apparently illegal changes in the

> election-conducting code between June and November.

> The memory cards on which the votes on each of the

> computers were recorded on election day all over

> Georgia had no encryption. According to Rob Behler,

> who served as Diebold's production deployment

> manager in Georgia during the first half of that

> summer, those cards could be used to change the

> results manually, precinct by precinct.

>

> Incumbent US Senator Max Cleland and incumbent

> Governor Roy Barnes, both Democrats, were odds-on

> favorites to win re-election. A week before the

> voting an Atlanta Journal-Constitution poll showed

> Cleland ahead by five points, 49-44, but on election

> day he lost to his Republican opponent, Saxby

> Chambliss, by seven points, 53-46, a twelve-point

> swing. The loss of Governor Barnes to Sonny Perdue

> was even more remarkable: a one-week switch of

> fourteen percentage points. These were suspicious

> anomalies, and subsequently in a Peach State Poll

> one in eight Georgia voters were " not very

> confident " or " not at all confident " that the DREs

> had produced accurate results; another 32 percent

> were only " somewhat confident. "

>

> In his front parlor at home in Georgia, Rob Behler

> told me that just before or just as he took over the

> Atlanta warehouse for Diebold, some of the voting

> machines had been sent out to " do demos, " and in one

> southern county " somebody broke in and stole...[nine

> or] fourteen of the machines and, I think, one of

> the servers. " He says the vote-counting programs in

> the stolen computers could have been completely

> reconstructed by reverse engineering and employed to

> jimmy the election.

>

> " Quality-checking " the AccuVote machines as they

> arrived from Diebold at a warehouse in Atlanta,

> Behler and his crew found problems, he says, with

> " every single one " of them and about a fifth of them

> were shoved aside as unusable. When Diebold's

> programmers wanted " patches, " that is, changes,

> inserted into the voting-system software, Behler

> says, they sent them to him via the company's open,

> insecure File Transfer Protocol (FTP) site in

> cyberspace. On his own unsecured laptop (resting on

> his desk as he spoke), Behler made twenty-two or

> twenty-three of the cards that were used to change

> the programs in the machines.

>

> The night of the November 2002 election,

> sixty-seven of the memory cards used in Fulton

> County (Atlanta) disappeared. Running his laptop

> with a dual battery, Behler says, in six or seven

> hours he could have changed the totals on those

> sixty-seven cards. " There's no technical problem.

> There was absolutely zero protection on the card

> itself. You throw the card in, you just drill down

> into its files. "

>

> Brit Williams, a computer consultant at Kennesaw

> State University who runs Georgia's testing of

> voting systems, confirmed to me that the memory

> cards were not encrypted and all had the same

> password (1111), but each one, he contended, was

> " unique to its machine. " He snapped, " We had 22,000

> voting stations. How would you like to be in charge

> of 22,000 passwords? " Williams said the sixty-seven

> missing memory cards in Atlanta had been left in the

> machines by forgetful workers and were recovered.

>

> The Georgia election of 2002 illustrates how

> serious risks of technical malfunctions and

> malicious tampering can occur without anyone outside

> the voting business finding out about them. No doubt

> in part because of the hasty start-up, Diebold's

> " security, " though approved by the independent

> testing authorities and the state, was in fact

> farcical. Both of the losing Democrats had backed

> installation of the DRE systems statewide, so they

> could hardly call for recounts that their own state

> party had made literally impossible.

>

> The Kids Prick Open a Scandal

>

> Some kids who are " really interested in computers "

> were playing around last year, spidering through the

> links on various websites, when they discovered that

> Diebold had an unsecured FTP site (the same one

> Behler had used). One of the boys noted the fact on

> his website. Some other material on that site--not

> the stuff about Diebold--attracted a lot of hits,

> and that automatically led Google, the cyberspace

> search engine, to position it among the early-listed

> sites for many searches. One day Bev Harris, a

> literary publicist in Washington who was doing

> research for a book on vote-counting in computers,

> fed Google the right search words and the FTP site

> itself popped up. Knowing little about computers,

> she turned to David Allen, who was publishing her

> book, and he recognized the openly posted source

> codes and much other data concerning Diebold voting

> machines.

>

> A small group of activists in Georgia worked with

> Harris. One of them, Roxanne Jekot, who runs a

> software consulting firm, analyzed " almost every

> line " of the Diebold source code and found many ways

> to change vote totals there and also in the

> Microsoft operating code. " The software is totally

> junk, " she says. " They sold vaporware. " Determined

> to get peer review of what she was finding, Jekot

> approached David Dill, the Stanford computer science

> professor.

>

> " Both Roxanne and Bev were very courageous and

> determined to lift the veil of secrecy on the code, "

> Dill says. " I think most academics would be much

> more cautious, especially about publishing the fact

> that they looked at the code. I certainly was, and I

> wasn't about to get other people in trouble by

> asking them to help me. A number of us would be

> inclined to talk to lawyers before doing anything

> too bold. So it made a huge difference that Bev

> posted the code in New Zealand for everyone to

> download. That reduced but didn't eliminate the

> legal risks of the Johns Hopkins/Rice University

> people looking at the code. If Bev and whoever else

> was involved in releasing this code had not been so

> brave, people [with strong professional reputations]

> might not have been able to speak out so freely. "

>

> After some agreements on a division of roles, Avi

> Rubin of Johns Hopkins and three other scientists

> produced a devastating twenty-three-page exposure of

> the Diebold software. That was followed by two more

> damaging technical studies in Ohio. Then a " Red

> Team " exercise to break the Diebold code was staged

> at RABA Technologies' headquarters in Maryland. Four

> of the eight computer scientists on the team had

> worked at the National Security Agency, and the team

> director had been the senior technical director for

> the NSA. The team concluded, " A voter can be

> deceived into thinking he is voting for one

> candidate when, in fact, the software is recording

> the vote for another candidate. " A security

> vulnerability " allows a remote attacker to get

> complete control of the machine. " And one can

> " automatically upload malicious software " that will

> " modify or delete elections. " Some kids sniffing

> around in cyberspace had led, step by step, to the

> dawning national realization that computerized

> vote-counting puts democracy in grave danger.

>

> What You Can Do

>

> Public interest groups are mobilizing to head off

> another Florida. Petitions calling for a paper trail

> for DREs have attracted something approaching half a

> million signatures. Lou Dobbs's quick poll on CNN on

> " paper receipts of electronic votes " was running

> 5,735 to 85 for them on July 20. Greg Palast and

> Martin Luther King III have more than 80,000

> signatures on their petition against paperless

> touch-screens and the purging of voter rolls. Global

> Exchange, the San Francisco-based organization, is

> inviting twenty-eight nonpartisan foreign observers

> to monitor the US election. Eleven members of

> Congress asked Kofi Annan to send UN monitors. Cindy

> Cohn of the Electronic Frontier Foundation is

> organizing attorneys for litigation against

> paperless electronic voting.

>

> In mid-June the California secretary of state

> approved the nation's first set of standards for a

> verified paper trail for touch-screen machines. A

> recent " Voting, Vote Capture and Vote Counting "

> symposium at Harvard's Kennedy School of Government

> has produced an " Annotated Best Practices, "

> available at www.ljean.comABPractices.pdf. On

> June 29 the Leadership Conference on Civil Rights

> and the Brennan Center for Justice, with the

> endorsement of Common Cause, the NAACP, People for

> the American Way and most of the leading scientific

> critics of paperless touch-screen voting, sent the

> nation's local election officials a " call for new

> security measures for electronic voting machines, "

> including local retention of independent security

> experts; the full report is available at

>

www.civilrights.org/issues/voting/lccr_brennan_report.pdf.

>

>

> Douglas Kellner, the New York City election

> expert, believes the best practical remedy for the

> dangers of computerized vote-counting is voting on

> optical-scan systems, posting the election results

> in the precincts and keeping the ballots with the

> machines in which they were counted. In all

> computerized vote-counting situations the precinct

> results should be publicly distributed and posted in

> the precincts before they are transmitted to the

> center for final counting, Kellner says. Once they

> are sent from the precinct the audit trail is lost.

>

> Citizens can stay current on election developments

> via several websites: electionline.org, a reliable

> and up-to-date source; VerifiedVoting.org, Dill's

> group; notablesoftware.com, Mercuri's site;

> blackboxvoting.org, Bev Harris's site;

> countthevote.org, the site of the Georgia group led

> by Jekot; and these will key into many others. For a

> steady flow of news stories on this subject (and a

> few others) from around the country, get on the

> e-mail list of resist. Official information

> concerning each state is available online at each

> state's website for its secretary of state.

>

> People should go down to their local election

> departments and ask their supervisor of elections

> how they are going to know that their votes are

> counted--and refuse to take " Trust us, " or " Trust

> the machines, " for an answer. They can be poll

> watchers. Many organizations are fostering poll

> watching, including People for the American Way's

> Election Protection 2004 project. Common Cause " has

> made election monitoring a major project, " a

> spokesperson says. VerifiedVoting.org is

> concentrating on having people watch election

> technology, including pre-election testing as well

> as the procedures on election day. Bev Harris is

> organizing people to do such work (see her website).

>

>

> Rebecca Mercuri says that if you believe an

> election has been corrupted through voting

> equipment, you should collect affidavits from

> voters; get the results from every voting machine

> for all precincts; get the names and titles of

> everyone involved; inventory the equipment,

> including the software, and try to have it

> impounded; demand a recount; and go to the press.

> Noting that all counties that have rushed to

> purchase DRE voting systems also have paper-ballot

> systems in place to handle absentee voters,

> motor-voters and emergency ballots for when the

> system breaks down, she suggests mothballing the

> DREs and using paper ballots. " Counties are saying

> there's nothing they can do but use the DREs in

> November, and that is simply untrue, " Mercuri

> declares.

>

> Much of this would be unnecessary if Congress

> enacted either the Graham-Clinton or the Holt bill,

> which would empower voters to verify their own votes

> and create a paper trail.

>

> The computerized voting companies have

> precipitated a crisis for the integrity of

> democracy. Three months to go.

>