High-Tech Votes Can Be Hacked, Scientists Say
[There will be a lot more talk in the future about this subject.I'm not sure "vandals" are what should be worried about here.]
story.news.yahoo.com
By Andy Sullivan
WASHINGTON (Reuters) - Software flaws in a high-tech voting system could allow vandals to tamper with election results in several U.S. states, computer security researchers said on Thursday.
Interest in electronic voting systems has grown since the 2000 presidential election, when problems with primitive punch-card systems in Florida led to a bruising, weeks-long recount battle ultimately settled by the Supreme Court.
But researchers at Johns Hopkins University and Rice University said they had uncovered bugs in a Diebold Inc. (NYSE:DBD - news) voting system that could allow voters and poll workers to cast multiple ballots, switch others' votes, or shut down an election early.
"It's unfortunate to find flaws in a system as potentially important as this one," Tadayoshi Kohno, a graduate student at the John Hopkins Information Security Institute, said in a telephone interview.
The researchers found the software on a Diebold Internet site in January and said they believe it was at the heart of an electronic touch-screen voting system used last year in Maryland, Georgia, Kansas and California.
A Diebold spokesman did not return several telephone calls seeking comment.
While researchers said they did not know for sure whether the software had been used in voting situations, they said comments and copyright notices in the code indicated that it was legitimate.
"I have no proof that this is what's running in their systems, but I would bet it's pretty close," said Avi Rubin, technical director of the Information Security Institute.
FLAWS IN THE SYSTEM
Rubin, Kohno, Johns Hopkins graduate student Adam Stubblefield, and Rice University computer-science professor Dan Wallach said they had uncovered several flaws in the system.
Encryption of sensitive data is spotty, they said, allowing outsiders to reach into the system and change election tallies. A lack of oversight in the development process could allow programmers to create secret "back doors" for tampering as well, they said.
Though the system relies on credit card-style "smart cards" for authentication, voters can easily create their own bogus cards to cast multiple ballots, or administer larger changes by posing as a poll worker, they said.
While such bugs are common in commercial software used to run desktop computers and Web sites, voting systems should be held to a higher standard, they said. Diebold should open the system up for public scrutiny to uncover other flaws, or at least design a paper trail to guard against electronic tampering, they said.
Rubin said the software was so full of errors that it would have to be rewritten completely. Even then, he said, computers and voting should not mix.
"I am against electronic voting because I think voting is too important and computers are too difficult to secure," he said. |
