Friday, January 30, 2004

Salon.com| Md. vote machines flawed, consultant says

Md. vote machines flawed, consultant says


- - - - - - - - - - - -
By Tom Stuckey



Jan. 30, 2004 | ANNAPOLIS, Md. (AP) -- Computers that Maryland voters will use in the March primary contain "vulnerabilities that could be exploited by malicious individuals," according to programmers who tested the equipment.

Hackers could easily compromise 16,000 touch-screen computers in precincts statewide, Michael Wertheimer of RABA Technologies told a state legislative committee on Thursday.

RABA's report, which focused on hardware, is the latest study by computer scientists to conclude that electronic systems pose significant security risks.

Dozens of states are rushing to replace punch-card and lever systems with modern voting equipment to qualify for federal matching funds through the 2002 Help America Vote Act.

Maryland is spending $55.6 million to move toward an entirely electronic system that does not provide traditional paper ballots that could be used in case of a recount.

A team assembled by Columbia-based RABA conducted an exercise Jan. 19 to simulate an attack on Maryland's touch-screens, built by North Canton, Ohio-based Diebold Inc.

Members found that individual machines could be disabled by jamming a voter card into a terminal or lifting it up and pulling out wires. The team guessed passwords on the cards that were needed to access the machines, and found the passwords were contained in the source code of the computers.

The team also said the computer server that tabulates election results did not have security updates from Microsoft Corp. Team members were able to break into the server remotely via dial-up modem.

Wertheimer said he was surprised that each of Maryland's machines has two identical locks, which could be opened by any one of the 32,000 keys. The report also stated it was easy to pick the locks.

Bob Urosevich, president of Diebold Election Systems, focused on the positive aspects of the report, which stated that major software changes were "not needed" before the March primary.

The RABA report confirms "the accuracy and security of Maryland's voting procedures and our voting systems as they exist today," Urosevich said in a statement. "With that said ... there will always be room for improvement and refinement."

RABA recommended liberal use of tamper tape, including inside and outside two locked boxes on each machine. The tape would show if someone had broken into, or attempted to break into, a machine. RABA also suggested each voting machine have a different password.

Linda Lamone, administrator of the State Board of Elections, said it would be too risky to install 16,000 different passwords by March 2 and make sure election judges had the right passwords. Lamone told legislators that poll workers had already made some of RABA's recommendations, including tamper tape on the machines.

"They are going to look like someone who has duct tape wrapped around them," Lamone said.


- - - - - - - - - - - -