Florida voting machines WILL NOT be retested!!

[Guest guest]

S

Mon, 19 Dec 2005 15:23:34 -0800 (PST)

Florida voting machines WILL NOT be retested!!

 

 

 

Posted on Fri, Dec. 16, 2005

 

 

ELECTIONS

 

Voting machines won't be retested, state officials say

State elections officials aren't ready to re-examine

electronic voting machines -- even after a supervisor

reported hackers could rig votes on some machines.

BY MARC CAPUTO

mcaputo

 

TALLAHASSEE - Top computer scientists and voting

experts said Thursday that Florida must re-examine the

way it tests voting machines and needs to verify

claims by a Tallahassee elections official who said

hackers could alter some computerized election

results.

 

But acting Florida Secretary of State David Mann,

whose office oversees the state elections department,

said Thursday that he has such ''confidence'' in his

agency's certification process that he has no

intention of doing any double-checking right now.

 

At the center of the controversy: Leon County's

elections chief, Ion Sancho, a nonpartisan maverick

who's determined to avoid the 2000 Florida elections'

debacle that led lawmakers to mandate the very

computerized voting systems he is now questioning.

 

Over the past six months, Sancho gave two computer

hackers access to his optical-scan voting machines, in

which voters cast fill-in-the-blank ballots. Attacking

different parts of the system from the inside, the

hackers said they were able to easily bypass security

codes, make losing candidates win, add or subtract

voters -- and do it without leaving a trace.

 

On Tuesday, Sancho officially dumped the voting

machine system made by Diebold Elections Systems in

favor of another made by Election Systems & Software.

ES & S also manufactures Miami-Dade and Broward's

ATM-like touch-screen voting machines, which experts

say also could be vulnerable to attacks from advanced

insider-hackers. A Diebold spokesman said Sancho's

test was bogus. Including Monroe, 29 counties use

Diebold's touch-screen and opti-scan machines.

 

The reports from the Leon County hackers, especially

the most recent from Finnish computer scientist Harri

Hursti, raised red flags in the small world of

computer-security and voting experts.

 

''The most important thing is that these claims not be

ignored,'' said Ronald L. Rivest, a Massachusetts

Institute of Technology scientist who's known among

colleagues as one of the world's most influential

computer cryptographers.

 

''These claims by Hursti look credible. If the claims

he makes are correct, it's a rather large loophole,''

said Rivest, adding that he has not examined Hursti's

results in depth. ``They are technical claims and they

can be examined.''

 

SECURITY STANDARDS

 

Rivest sits on the federal Elections Assistance

Commission's technical guidelines committee, which is

attempting to adopt better security standards for

electronic voting machines. He said previous standards

''were quite light on security,'' but though the new

standards are stricter, ``we have a ways to go.''

 

Rivest said state approval of voting machines are

generally ``worth a grain of salt. A skeptical

attitude about security claims is a good idea.''

 

But Mann was more sanguine about the way the state

approves voting machines and the security measures

that supervisors of elections employ to ensure every

vote counts.

 

''I'm confident in the certification procedures that

we went through with this department. When used within

the context of a normal election and the security

procedures that all supervisors follow . . . we're

confident that that equipment operates correctly and

gives accurate results,'' Mann said.

 

He added he knew little of Sancho's tests and said his

agency ''would love to sit down with him.'' Mann said

he would wait for Sancho to invite his office.

 

Sancho said he called Mann's office Wednesday and

received no response. He plans to send a letter

officially notifying the Secretary of State of his

findings.

 

Echoing Diebold, Mann said the only item he was

''concerned'' about was ''when, or if, a supervisor

releases codes and accessibility to the system that

he's responsible for running.'' Sancho, who has

frequently clashed with the agency that operates just

down the road from his office, said he never gave away

codes and that such statements smacked of ``shooting

the messenger.''

 

Mann also said he found some ''good news'' in Sancho's

hacker tests: ``When those individuals tried to hack

from the outside, they couldn't get in.''

 

Sancho said he gave the hackers inside access to see

if an operative could easily change votes. Sancho met

the computer experts through a group called

BlackBoxVoting.org, which has questioned the integrity

of electronic voting systems, particularly Diebold's.

 

The first hacker, Herbert Thompson, was able to break

into the central calculator and disguise 60,000 hidden

votes for a candidate. Thompson, a computer-security

expert and professor at the Florida Institute of

Technology, said he was surprised by how easy it was

to outwit the system.

 

Next up was Hursti. Rather than attack the central

calculator, he manipulated data on a small memory card

that election workers insert into each vote machine in

the morning. The memory card, which records votes, is

fed into the calculator at day's end.

 

Computer experts say Diebold's system was prone to

easy attack for three reasons: Some of its computer

code was mistakenly posted on the Internet for about

five years, and it uses Windows-based programming

that's well-known, as is the technology underpinning

the memory cards, which resemble the cards on digital

cameras.

 

Diebold spokesman David Bear said the tests weren't

fair because they didn't simulate real-world

conditions.

 

''If I gave you the keys to my house and I turned off

the alarm and told you when I wasn't going to be home,

I don't doubt you can get into my house,'' Bear said.

``The fact is, no one has been able to do this in an

election, and no one will.''

 

NEED FOR VIGILANCE

 

But Doug Jones, a computer-security expert from the

University of Iowa, said everyone needs to be

vigilant. Jones was hired by Miami-Dade County two

years ago to help fix an auditing function on its

touch-screen machines.

 

Jones said that Miami-Dade and Broward also use memory

cards similar to the ones manipulated by Hursti, but

they're tougher to access and appear to have a

harder-to-crack code. In each county, elections

workers start up each voting machine by inserting a

cartridge that communicates with the memory card and,

at day's end, records all the votes.

 

If someone were to get access to these cartridges,

figure out the code and then slip them past the

counties' multiple security layers, the election

results could be electronically rigged, Jones said.

 

''That's not likely right now. But that could happen

five years down the road,'' Jones said.

 

Echoing other experts in the elections field, Jones

said the key to avoiding fraud is to have tight

security and multiple reports showing how many ballots

were cast and where.

 

Like Sancho, Jones and other computer experts said

touch-screen voting machines should be equipped with a

paper receipt that could be used to verify vote

counts. Right now, Florida law makes recounts

difficult and doesn't allow for receipts on

touch-screen machines.

 

Still, Jones credited Florida's secretary of state's

office for its ''above-average'' efforts to certify

voting machines. But he said the attitude that Florida

needs no improvement could invite disaster.

 

''Rigging elections is an age-old problem and is a

threat to our very democracy,'' he said. ``Just that

threat alone should be a call to action for the

state.''

 

http://www.miami.com/mld/miamiherald/13418976.htm?template=contentModules/prints\

tory.jsp