On November 2 millions of Americans will cast their votes for President in computerized voting systems that can be rigged by corporate or local-election insiders. Some 98 million citizens, five out of every six of the roughly 115 million who will go to the polls, will consign their votes into computers that unidentified computer programmers, working in the main for four private corporations and the officials of 10,500 election jurisdictions, could program to invisibly falsify the outcomes.
The result could be the failure of an American presidential election and its collapse into suspicions, accusations and a civic fury that will make Florida 2000 seem like a family spat in the kitchen. Robert Reich, Bill Clinton’s Labor Secretary, has written, “Automated voting machines will be easily rigged, with no paper trails to document abuses.” Senator John Kerry told Florida Democrats last March, “I don’t think we ought to have any vote cast in America that cannot be traced and properly recounted.” Pointing out in a recent speech at the NAACP convention that “a million African-Americans were disenfranchised in the last election,” Kerry says his campaign is readying 2,000 lawyers to “challenge any place in America where you cannot trace the vote and count the votes” [see Greg Palast, “Vanishing Votes,” May 17].
The potential for fraud and error is daunting. About 61 million of the votes in November, more than half the total, will be counted in the computers of one company, the privately held Election Systems and Software (ES&S) of Omaha, Nebraska. Altogether, nearly 100 million votes will be counted in computers provided and programmed by ES&S and three other private corporations: British-owned Sequoia Voting Systems of Oakland, California, whose touch-screen voting equipment was rejected as insecure against fraud by New York City in the 1990s; the Republican-identified company Diebold Election Systems of McKinney, Texas, whose machines malfunctioned this year in a California election; and Hart InterCivic of Austin, one of whose principal investors is Tom Hicks, who helped make George W. Bush a millionaire.
About a third of the votes, 36 million, will be tabulated completely inside the new paperless, direct-recording-electronic (DRE) voting systems, on which you vote directly on a touch-screen. Unlike receipted transactions at the neighborhood ATM, however, you get no paper record of your vote. Since, as a government expert says, “the ballot is embedded in the voting equipment,” there is no voter-marked paper ballot to be counted or recounted. Voting on the DRE, you never know, despite what the touch-screen says, whether the computer is counting your vote as you think you are casting it or, either by error or fraud, it is giving it to another candidate. No one can tell what a computer does inside itself by looking at it; an election official “can’t watch the bits inside,” says Dr. Peter Neumann, the principal scientist at the Computer Science Laboratory of SRI International and a world authority on computer-based risks.
The four major election corporations count votes with voting-system source codes. These are kept strictly secret by contract with the local jurisdictions and states using the machines. That secrecy makes it next to impossible for a candidate to examine the source code used to tabulate his or her own contest. In computer jargon a “trapdoor” is an opening in the code through which the program can be corrupted. David Stutsman, an Indiana lawyer whose suits in the 1980s exposed a trapdoor that was being used by the nation’s largest election company at that time, puts it well: “The secrecy of the ballot has been turned into the secrecy of the vote count.”
According to Dr. David Dill, professor of computer science at Stanford, all elections conducted on DREs “are open to question.” Challenging those who belittle the danger of fraud, Dill says that with trillions of dollars at stake in the battle for control of Congress and the presidency, potential attackers who might seek to fix elections include “hackers, candidates, zealots, foreign governments and criminal organizations,” and “local officials can’t stop it.”
Last fall during a public talk on “The Voting Machine War” for advanced computer-science students at Stanford, Dill asked, “Why am I always being asked to prove these systems aren’t secure? The burden of proof ought to be on the vendor. You ask about the hardware. ‘Secret.’ The software? ‘Secret.’ What’s the cryptography? ‘Can’t tell you because that’ll compromise the secrecy of the machines.’… Federal testing procedures? ‘Secret’! Results of the tests? ‘Secret’! Basically we are required to have blind faith.”
The integrity of the vote-counting inside DREs depends on audit logs and reports they print out, but as Neumann says, these are “not real audit trails” because they are themselves riggable. The DREs randomly store three to seven complete sets of alleged duplicates of each voter’s ballot, and sets of these images can be printed out after the election and manually counted. The companies claim that satisfies the requirement in the 2002 Help America Vote Act (HAVA) that “a manual audit capacity” must be available. But as informed computer scientists unanimously agree, if the first set of ballot images is corrupted, they all are. I asked Robert Boram, the chief engineer who invented a DRE sold by the RF Shoup voting-systems company, if he could rig his DRE’s three sets of ballot images. “Give me a month,” he replied.
The United States therefore faces the likelihood that about three out of ten of the votes in the national election this November will be unverifiable, unauditable and unrecountable. The private election companies and local and state election officials, when required to carry out recounts of elections conducted inside the DREs, will order the computers to spit out second printouts of the vote totals and the computers’ wholly electronic, fakable “audit trail.” The companies and most of the election officials will then tell the voters that the second printouts are “recounts” that prove the vote-counting was “100 percent accurate,” even though a second printout is not a recount.
HAVA was supposed to solve election problems revealed in 2000; instead, it has made the situation worse. Under the act the Election Assistance Commission (EAC), appointed by President Bush, is supposed to set standards for the vote-counting process, but four months before the election the new agency had only seven full-time staff members. On June 17 the EAC sent $861 million to twenty-five states, mainly to buy computerized machines for which no new technical standards have been set. Its just-appointed fifteen-member technical standards committee does not include more than one leading critic of computerized vote-counting.
Rather than completely testing the vote-counting codes, there is some secretive testing of systems by three private companies that are chosen by the pro-voting-business National Association of State Election Directors. The companies consult obsolete pro-company and completely voluntary standards promulgated by the Federal Election Commission and get paid by the very companies whose equipment is being tested. The three private companies, speciously called Independent Testing Authorities, together constitute a Potemkin village to falsely assure the states and the voters of the security of the systems. Often their work is misrepresented as “federal testing.” The states then test and “certify” the systems, and the local jurisdictions put on dog-and-pony-show “logic and accuracy tests,” which are not capable of discovering hidden codes that would change vote totals.
“The system is much more out of control than anyone here may be willing to admit,” Dr. Michael Shamos, a computer scientist at Carnegie-Mellon University and for many years an examiner of voting machines for Texas and Pennsylvania, told a House panel on June 24. “There’s virtually no control over how software enters a voting machine.” Shamos told another House panel on July 20, “There are no adequate standards for voting machines, nor any effective testing protocols.”
Hackable computer codes control vote-counting in all three kinds of computerized systems that will be used again in the 2004 elections: the ballotless DREs, on which some 36 million will vote; optical-scan systems that electronically tally paper ballots marked by the voters, on which 40 million people will vote; and punch-card ballots, also tabulated by computerized card-readers, which gained notoriety in 2000 and are still used by 22 million voters. (Another 16 million still vote on the old lever machines, about a million on hand-counted paper ballots.)
Florida 2000 was universally misunderstood and mischaracterized in the press as a crisis of hanging chads on the punch-card ballots. The serious issue, then as now, was embodied in the explicit though all but unreported position that James Baker, George W. Bush’s field commander in Florida, staked out to stop the recounting of votes. The computerized vote-counting systems, Baker declared, are “precision machinery” that both count and recount votes more accurately than people do. Now, with Senator Kerry demanding recountability, an ominously intensifying partisan split has developed in Washington over whether to have a voter-verified paper trail and, when necessary, to conduct recounts with it.
Torment in Washington
Though no broad citizens’ movement has formed against computerized vote-counting, a nationwide backlash against unverifiable paperless voting has. The paper ballots used in the op-scan and punch-card systems already provide a voter-verified paper audit trail (VVPAT). The principal proposed security safeguard for the DRE system was invented, but not patented, ten years ago by computer scientist Rebecca Mercuri, now a research fellow at Harvard. In her solution, after voters record their choices on the touch-screen, they confirm them on a paper ballot that appears under glass and then push a button to cast the vote, causing the machine to deposit the paper ballot in a box that will hold it for recounting if that is ordered. The printer for the paper ballots for each voting machine should cost about $50; the total add-on could be $300-$600. Many jurisdictions also have the alternative of expanding or acquiring the relatively inexpensive optical-scan systems or other systems already in place that create paper trails.
In the US Senate seven Democrats and the one Independent are co-sponsoring a bill by Senators Bob Graham and Hillary Clinton to require paper trails on DREs by November, with a loophole for jurisdictions whose officials deem it to be technologically impossible. Clinton told the press that without a voter-verified paper trail GOP-leaning corporations might program voting machines to help Republicans steal elections [see sidebar, page 16]. In an interview in his hideaway office in the Capitol, Graham told me that he regards his and Clinton’s bill as so obviously needed that it’s “a no-brainer.” The absence of a paper trail on the DREs could endanger “the legitimacy” of November’s election, Graham said.
New Jersey Democrat Rush Holt introduced a House bill more than a year ago requiring a paper trail on DREs. It has 149 co-sponsors, including a few prominent Republicans. Holt says, “The verification has to be something that the voter herself or himself has to do”; without that, “we will never have a truly secure election.” Holt’s bill has opened up a partisan divide in the House. The chairman of the committee to which his bill is assigned, Ohio Republican Bob Ney, informed Holt that he is against the bill and would not allow a hearing on it. A few days later Graham and Holt wrote their fellow members of Congress that “without an independent, voter-verified paper trail, we will be able only to guess whether votes are accurately counted.” Last month Ney relented and scheduled two hearings. Holt plans to offer his bill as an amendment to the Treasury appropriation after Congress returns from its August recess. Graham is still mulling his strategy.
The principal stated objection to a DRE paper trail comes from some spokespersons for the disabled, who characterize it as a step back from the touch-screen’s improved accessibility and privacy. Many election officials, whose work paper ballots make both auditable and much more extensive, object variously that the attachment will add costs, that the printers might fail and that paper ballots can be stolen or counterfeited and sometimes produce somewhat different totals.
Leading citizen organizations have been split. Initially the League of Women Voters, concerned to minimize invalidly cast ballots, opposed the paper trail, but there was a revolt in the chapters and a petition for the paper trail was signed by 800 members. At the league’s June convention, after a fight led by Barbara Simons, past president of the Association of Computer Machinery, the league switched sides, endorsing voting systems that are “recountable.” Common Cause, placing the highest value on insuring that every vote is counted and can be recounted if necessary, has been among the leaders of the fight for the paper trail.
Around the States
Not surprisingly, the starkest resistance to the voter-verified paper trail comes from Florida, where more than half the citizens will have to vote on touch-screen systems in November. The President’s brother, Governor Jeb Bush, and Jeb’s Secretary of State, Glenda Hood, express unqualified confidence in the trustworthiness of the DRE systems and militantly oppose providing a paper-ballot trail for them. Hood has denied that the electronic voting machines can be tampered with in the software, saying: “The touch-screen machines are not computers. You’d have to go machine by machine, all over the state.” A spokeswoman for her says flatly that “a manual recount is unnecessary.”
This past spring a powerful state senator proposed to make it illegal to recount votes in the DRE systems, but she backed down when called on it by activists. Then Ed Kast, director of Hood’s division of elections, who has since resigned, sought to achieve the same purpose by diktat, issuing a formal ruling that, despite the extant state law requiring recounts under certain circumstances, supervisors of elections do not need to recount DRE ballots. The ACLU and other groups have sued to invalidate that ruling; a spokesperson for the state Republican Party excoriates the suit as a left-wingers’ “ploy to undermine voters’ confidence.”
Representative Robert Wexler, a Democrat from the southern tier of the three big counties on the Atlantic, which for election scandals is to Florida what Cook County is to Illinois, sued state and county election officials in state and federal court to require the VVPAT on DREs. He argues that allowing some voters to have manual recounts but not others violates the Supreme Court decision in Bush v. Gore compelling equal treatment of voters (although the majority specified it was only for that election). To date his suits, opposed at every step by the Bush Administration in Tallahassee, have gotten nowhere. If he loses, half the voters in Florida, those voting on DREs, will be denied the manual recounts that the other half can have.
The Bush forces in Florida geared up for another purge of released felons from the voter rolls. Ion Sancho, supervisor of elections for Leon County, admits with shame that the state’s felon purge in 2000 resulted in more than 50,000 legal voters being disenfranchised. The state elections division identified 47,000 more suspected felons, a list disproportionately heavy with blacks, and asked that local election supervisors purge them. The Bush people refused to make the list public, but were ordered to do so by a judge. Only then was it discovered that the list excluded felons who are Hispanic. In Florida Hispanics tend to vote Republican. This dandy error was “absolutely unintentional,” the Bush people said–while abandoning the then indefensible list. Miami Herald columnist Jim Defede wrote that Hood–an “amazing incompetent or the leader of a frightening conspiracy”–must resign.
“What are we going to do if there’s a close race?” Wexler asked in the Orlando Sentinel. “The voting records of these machines will have disappeared in cyberspace.” He told me angrily: “Apparently their motives are to suppress the vote in Florida in a number of different ways. They are refusing a paper trail on a computerized voting machine. They are again preparing on the felons–they’ve got a new and improved process. I don’t trust ’em to do the right thing.” This summer, Representative Alcee Hastings, whose district includes Fort Lauderdale and West Palm Beach, exclaimed, “Any way we cut it, these people are going to try to steal this election.”
The Miami-Dade Reform Coalition asked Jeb Bush to audit the touch-screen machines this summer. Bush’s spokesperson rebuffed that as “an accusation du jour.” Undeterred, Democratic US Senator Bill Nelson of Florida demanded, “Why not do an audit when so much is at stake?… The national election for President could ride on the results coming out of Florida.” Senator Nelson even sent a letter to Attorney General John Ashcroft asking that the federal government audit the machines.
This past spring in California, Diebold systems malfunctioned in two counties, disenfranchising thousands of voters. Secretary of State Kevin Shelley discovered that the voting systems in seventeen counties in the state had not been certified, as required by law. After two days of tumultuous hearings in Sacramento, during which high-level election officials called the company’s behavior “despicable” and accused its officials of lying, Shelley prohibited the use of Diebold’s systems in four counties, the first time this has happened in the United States. Shelley, who has said to the Los Angeles Times that he doesn’t want to be “the Katherine Harris of the West Coast,” also made the certification of voting systems in ten more counties dependent on their adoption of twenty-three security improvements that he specified. One of these requires those counties to let citizens vote on paper if they want to, but Shelley flinched at requiring a DRE paper trail this year. Four counties and advocates of the disabled sued Shelley to block his actions, but a federal judge ruled he had the authority and had used it reasonably.
Two secretaries of state, Republicans Dean Heller in Nevada and Matt Blunt in Missouri, have required that DREs in their states have a voter-verified paper ballot for the November election. Sequoia is producing the Mercuri VVPAT on demand for Nevada, and several small election companies, including Avante and AccuPoll, have built Mercuri attachments, won their certification and are ready to sell them to local jurisdictions now. Among the thirty-one other states with DRE voting systems in some of their jurisdictions, as of early summer legislatures in five had rejected requiring the paper trail, another nine were considering such a requirement and seventeen had no such proposal before them.
In swing-state Ohio, under procedures approved by Republican Secretary of State Kenneth Blackwell, thirty-one counties decided they would not use paperless DREs in November, and three said they would. Blackwell then ruled that because of unsolved security problems, none of them will. In Maryland, which imposed Diebold DREs statewide in 2002, the Board of Elections ruled that paper ballots cast in the March primary by citizens who did not want to vote on the DREs would not be counted. That’s now in the courts. The Campaign for Verifiable Voting presented 13,000 signatures for a paper trail and called for the resignation of the state elections chief, Linda Lamone, who, sitting tight, said, “I think everything is going to be just fine.” In Texas, Representative Ciro Rodriguez, chair of the Congressional Hispanic Caucus, was renominated by 150 votes until 419 “found votes” made challenger Henry Cuellar the winner. Rodriguez is contesting the outcome, but since the voting in Bexar County (San Antonio) was conducted on DREs, the votes there can’t be recounted. “There’s no paper trail to verify what was put in,” Cuellar said.
A paper trail will not assure that elections won’t be stolen in the DREs. “The only thing the VVPAT will do is give us the ability to prove that it happened,” says Roxanne Jekot of Cumming, Georgia, a self-taught computer specialist who has become one of the most effective activists against paperless computerized voting. “There is nothing to deter that single outsourced information-technology worker [from manipulating the machine]. Nobody can prove that he did it.”
Many states require recounts if an outcome in a computer-counted race is within a margin of less than 1 percent or a half or quarter percent, but that invites crooked programmers, if any such be at work, to jimmy their rigged outcomes to fall outside the recount-triggering spreads.
Furthermore, a paper trail isn’t an audit unless the ballots are recounted. Even before the advent of touch-screen systems, obtaining actual recounts of elections was becoming more difficult. Election officials, election companies and state laws have often combined to block recounts or discourage narrowly losing candidates from getting them. Incredibly, in 2002 the legislature in Nebraska, the home state of Election Systems & Software, outlawed recounts of the paper ballots in the ES&S optical-scan computerized ballot-counting systems that tally 85 percent or so of the votes in that state. Colorado requires that for elections conducted on DRE machines, recounts must be conducted on the very same machines.
In Alabama two years ago, during a controversy over an election for governor conducted mostly on op-scan machines, Attorney General Bill Pryor, backing up the sheriff in one questioned county, ruled officially that under state law anyone recounting the ballots would be subject to arrest. This year President Bush, circumventing Senate hearings, elevated Pryor to the Eleventh Circuit Court of Appeals in a recess appointment.
‘It’s Really a Matter of Trust’
Confident, friendly, but officious, Jesse Durazo, the registrar of voters of Santa Clara County in the heart of the Silicon Valley, is typical of hundreds of local election officials who berate “the academics.” This past spring, despite dire warnings from Professors Neumann of SRI and Dill of Stanford, Durazo led his county into buying 5,500 of the Sequoia AVC Edge DREs at $3,000 each ($20 million, figuring in everything). The anteroom of his county election headquarters is festooned with cheery signs such as one saying Voting Just Got Easier. He is delighted that DREs will facilitate voting by those who speak a foreign language (including Spanish, Vietnamese and Chinese).
Durazo said that the AVC had first been approved by the federal government (which is not correct) and then certified by the California secretary of state. He said that providing a voter-verified ballot would open the way to “unlimited error,” while computer error, in contrast, can be “quantified.” As for Trojan horses smuggling in corrupt instructions, he said in a confident tone, “I don’t have those fears.” Stealing votes in the computers is next to impossible, he insisted, because local ballots are set up at the last minute, there are a large number of races and ballot initiatives in any one election, and the order of the candidates’ positions on the ballots is rotated in different precincts.
The three sets of all the votes, kept in the computer, provide the recount, he said. Are those not just copies of each other, automatically made? Durazo exclaimed in high dudgeon: “It’s a redundant perfection!… It starts with the premise that the information in the system is correct.”
Alfred Gonzales, Durazo’s Filipino outreach specialist for voters who speak Tagalog, demonstrated the AVC, a sign on the top of which said Try It Out Today. No More Punchcards! I voted on it and asked Gonzales how I knew for sure that my vote would be counted. “Because it will be registered in the machine, saved in the hard drive, and put on a cartridge,” he said. “At the end of the day it will be in the printout of the total.” How did he know the machine would do that? “Because it has been federally certified!” he said. “There is fool-proof security.” Well, one more thing, I asked. There’s no ballot–what if you need a recount? “It’s really a matter of trusting the machine,” Gonzales said. Patting the AVC gently, he intoned with pride, “It’s really a matter of trust.”
“These companies are basically saying ‘trust us,'” Rebecca Mercuri told the New York Times. “Why should anybody trust them? That’s not the way democracy is supposed to work.” Douglas Kellner, a leader on the New York City Board of Elections, exclaimed at a meeting of computer specialists in Berkeley this past spring, “I think the word ‘trust’ ought to be banned from election administration!” Dr. Avi Rubin, computer science professor and technical director of the Information Security Institute at Johns Hopkins University, recently testified before the federal Election Assistance Commission, “The vendors, and many election officials, such as those in Maryland and Georgia, continue to insist that the machines are perfectly secure. I cannot fathom the basis for their claims. I do not know of a single computer security expert who would testify that these machines are secure.”
Mercuri wrote in her dissertation on vote-counting in 2001 that “security flaws (such as Trojan horse attacks)…are possible in all of the computer-based voting systems” and that providing thorough examinations of source code and other circuits for DREs that vary from municipality to municipality “is a Herculean task–one that is likely not to be affordable, even if it were accomplishable.”
Not all the scientists agree. Michael Shamos of Carnegie-Mellon, who once warned that computerized vote-counting is highly vulnerable to fraud, now takes the position that “the issue is not whether voting systems are absolutely secure, but whether they present barriers sufficiently formidable to give us confidence in the integrity of our elections.”
Voting Machines Stolen in Georgia
In 2000 five out of six Georgians cast a paper ballot that could be recounted on ES&S systems. In January 2001, in a speech to the Democratic-controlled legislature, Georgia Secretary of State Cathy Cox, a Democrat who is expected to run for governor in 2006, declared that considering all the recent problems down in Florida, Georgia should adopt one “uniform electronic voting system by November 2004.” Upon Cox’s fervent recommendation of the just-born Diebold Election Systems, in May 2002 Georgia agreed to pay Diebold $54 million for 19,000 DRE voting systems. The counties and cities of Georgia had chosen their own voting machines for the last time, and, less obviously, Georgians had lost their ability to recount their votes in contested elections.
At once Diebold set to manufacturing 282 of its AccuVote TS voting systems a day. Some of the earliest ones arriving in Georgia, sent out for use in the training of election workers, were left in a hotel conference room overnight, stolen and never recovered. Late that June the secret vote-counting codes inside nine to fourteen more of the Diebold machines were stolen. Diebold made an uncounted number of apparently illegal changes in the election-conducting code between June and November. The memory cards on which the votes on each of the computers were recorded on election day all over Georgia had no encryption. According to Rob Behler, who served as Diebold’s production deployment manager in Georgia during the first half of that summer, those cards could be used to change the results manually, precinct by precinct.
Incumbent US Senator Max Cleland and incumbent Governor Roy Barnes, both Democrats, were odds-on favorites to win re-election. A week before the voting an Atlanta Journal-Constitution poll showed Cleland ahead by five points, 49-44, but on election day he lost to his Republican opponent, Saxby Chambliss, by seven points, 53-46, a twelve-point swing. The loss of Governor Barnes to Sonny Perdue was even more remarkable: a one-week switch of fourteen percentage points. These were suspicious anomalies, and subsequently in a Peach State Poll one in eight Georgia voters were “not very confident” or “not at all confident” that the DREs had produced accurate results; another 32 percent were only “somewhat confident.”
In his front parlor at home in Georgia, Rob Behler told me that just before or just as he took over the Atlanta warehouse for Diebold, some of the voting machines had been sent out to “do demos,” and in one southern county “somebody broke in and stole…[nine or] fourteen of the machines and, I think, one of the servers.” He says the vote-counting programs in the stolen computers could have been completely reconstructed by reverse engineering and employed to jimmy the election.
“Quality-checking” the AccuVote machines as they arrived from Diebold at a warehouse in Atlanta, Behler and his crew found problems, he says, with “every single one” of them and about a fifth of them were shoved aside as unusable. When Diebold’s programmers wanted “patches,” that is, changes, inserted into the voting-system software, Behler says, they sent them to him via the company’s open, insecure File Transfer Protocol (FTP) site in cyberspace. On his own unsecured laptop (resting on his desk as he spoke), Behler made twenty-two or twenty-three of the cards that were used to change the programs in the machines.
The night of the November 2002 election, sixty-seven of the memory cards used in Fulton County (Atlanta) disappeared. Running his laptop with a dual battery, Behler says, in six or seven hours he could have changed the totals on those sixty-seven cards. “There’s no technical problem. There was absolutely zero protection on the card itself. You throw the card in, you just drill down into its files.”
Brit Williams, a computer consultant at Kennesaw State University who runs Georgia’s testing of voting systems, confirmed to me that the memory cards were not encrypted and all had the same password (1111), but each one, he contended, was “unique to its machine.” He snapped, “We had 22,000 voting stations. How would you like to be in charge of 22,000 passwords?” Williams said the sixty-seven missing memory cards in Atlanta had been left in the machines by forgetful workers and were recovered.
The Georgia election of 2002 illustrates how serious risks of technical malfunctions and malicious tampering can occur without anyone outside the voting business finding out about them. No doubt in part because of the hasty start-up, Diebold’s “security,” though approved by the independent testing authorities and the state, was in fact farcical. Both of the losing Democrats had backed installation of the DRE systems statewide, so they could hardly call for recounts that their own state party had made literally impossible.
The Kids Prick Open a Scandal
Some kids who are “really interested in computers” were playing around last year, spidering through the links on various websites, when they discovered that Diebold had an unsecured FTP site (the same one Behler had used). One of the boys noted the fact on his website. Some other material on that site–not the stuff about Diebold–attracted a lot of hits, and that automatically led Google, the cyberspace search engine, to position it among the early-listed sites for many searches. One day Bev Harris, a literary publicist in Washington who was doing research for a book on vote-counting in computers, fed Google the right search words and the FTP site itself popped up. Knowing little about computers, she turned to David Allen, who was publishing her book, and he recognized the openly posted source codes and much other data concerning Diebold voting machines.
A small group of activists in Georgia worked with Harris. One of them, Roxanne Jekot, who runs a software consulting firm, analyzed “almost every line” of the Diebold source code and found many ways to change vote totals there and also in the Microsoft operating code. “The software is totally junk,” she says. “They sold vaporware.” Determined to get peer review of what she was finding, Jekot approached David Dill, the Stanford computer science professor.
“Both Roxanne and Bev were very courageous and determined to lift the veil of secrecy on the code,” Dill says. “I think most academics would be much more cautious, especially about publishing the fact that they looked at the code. I certainly was, and I wasn’t about to get other people in trouble by asking them to help me. A number of us would be inclined to talk to lawyers before doing anything too bold. So it made a huge difference that Bev posted the code in New Zealand for everyone to download. That reduced but didn’t eliminate the legal risks of the Johns Hopkins/Rice University people looking at the code. If Bev and whoever else was involved in releasing this code had not been so brave, people [with strong professional reputations] might not have been able to speak out so freely.”
After some agreements on a division of roles, Avi Rubin of Johns Hopkins and three other scientists produced a devastating twenty-three-page exposure of the Diebold software. That was followed by two more damaging technical studies in Ohio. Then a “Red Team” exercise to break the Diebold code was staged at RABA Technologies’ headquarters in Maryland. Four of the eight computer scientists on the team had worked at the National Security Agency, and the team director had been the senior technical director for the NSA. The team concluded, “A voter can be deceived into thinking he is voting for one candidate when, in fact, the software is recording the vote for another candidate.” A security vulnerability “allows a remote attacker to get complete control of the machine.” And one can “automatically upload malicious software” that will “modify or delete elections.” Some kids sniffing around in cyberspace had led, step by step, to the dawning national realization that computerized vote-counting puts democracy in grave danger.
What You Can Do
Public interest groups are mobilizing to head off another Florida. Petitions calling for a paper trail for DREs have attracted something approaching half a million signatures. Lou Dobbs’s quick poll on CNN on “paper receipts of electronic votes” was running 5,735 to 85 for them on July 20. Greg Palast and Martin Luther King III have more than 80,000 signatures on their petition against paperless touch-screens and the purging of voter rolls. Global Exchange, the San Francisco-based organization, is inviting twenty-eight nonpartisan foreign observers to monitor the US election. Eleven members of Congress asked Kofi Annan to send UN monitors. Cindy Cohn of the Electronic Frontier Foundation is organizing attorneys for litigation against paperless electronic voting.
In mid-June the California secretary of state approved the nation’s first set of standards for a verified paper trail for touch-screen machines. A recent “Voting, Vote Capture and Vote Counting” symposium at Harvard’s Kennedy School of Government has produced an “Annotated Best Practices,” available at www.ljean.com/files/ABPractices.pdf. On June 29 the Leadership Conference on Civil Rights and the Brennan Center for Justice, with the endorsement of Common Cause, the NAACP, People for the American Way and most of the leading scientific critics of paperless touch-screen voting, sent the nation’s local election officials a “call for new security measures for electronic voting machines,” including local retention of independent security experts; the full report is available at www.civilrights.org/issues/voting/lccr_brennan_report.pdf.
Douglas Kellner, the New York City election expert, believes the best practical remedy for the dangers of computerized vote-counting is voting on optical-scan systems, posting the election results in the precincts and keeping the ballots with the machines in which they were counted. In all computerized vote-counting situations the precinct results should be publicly distributed and posted in the precincts before they are transmitted to the center for final counting, Kellner says. Once they are sent from the precinct the audit trail is lost.
Citizens can stay current on election developments via several websites: electionline.org, a reliable and up-to-date source; VerifiedVoting.org, Dill’s group; notablesoftware.com, Mercuri’s site; blackboxvoting.org, Bev Harris’s site; countthevote.org, the site of the Georgia group led by Jekot; and these will key into many others. For a steady flow of news stories on this subject (and a few others) from around the country, get on the e-mail list of email@example.com. Official information concerning each state is available online at each state’s website for its secretary of state.
People should go down to their local election departments and ask their supervisor of elections how they are going to know that their votes are counted–and refuse to take “Trust us,” or “Trust the machines,” for an answer. They can be poll watchers. Many organizations are fostering poll watching, including People for the American Way’s Election Protection 2004 project. Common Cause “has made election monitoring a major project,” a spokesperson says. VerifiedVoting.org is concentrating on having people watch election technology, including pre-election testing as well as the procedures on election day. Bev Harris is organizing people to do such work (see her website).
Rebecca Mercuri says that if you believe an election has been corrupted through voting equipment, you should collect affidavits from voters; get the results from every voting machine for all precincts; get the names and titles of everyone involved; inventory the equipment, including the software, and try to have it impounded; demand a recount; and go to the press. Noting that all counties that have rushed to purchase DRE voting systems also have paper-ballot systems in place to handle absentee voters, motor-voters and emergency ballots for when the system breaks down, she suggests mothballing the DREs and using paper ballots. “Counties are saying there’s nothing they can do but use the DREs in November, and that is simply untrue,” Mercuri declares.
Much of this would be unnecessary if Congress enacted either the Graham-Clinton or the Holt bill, which would empower voters to verify their own votes and create a paper trail.
The computerized voting companies have precipitated a crisis for the integrity of democracy. Three months to go.