Inside Bay Area - Voting glitch said to be 'dangerous'
Voting Glitch Said to Be 'Disastrous'
Inside Bay Area (CA) (05/10/06) Hoffman, Ian
A recently discovered vulnerability in Diebold's touch-screen voting machines has election officials scrambling to understand and contain the risk. A hacker with minimal specialized knowledge of Diebold's system and an off-the-shelf component could load software onto the machine to disable it or alter vote counts in a matter of minutes. "This one is worse than any of the others I've seen. It's more fundamental," said Douglas Jones, a University of Iowa computer scientist. "In the other ones, we've been arguing about the security of the locks on the front door," he said. "Now we find there's no back door. This is the kind of thing where if the states don't get out in front of the hackers, there's a real threat." Finnish computer expert Harri Hursti discovered the flaw while working with Black Box Voting in March, and quietly spread word of the glitch to several prominent computer scientists who advise states on voting machines. Pennsylvania, California, and Iowa have directed their election officials to seal the machines with tamper-proof tape until election day, though California advised its counties that intend to use only Diebold machines in their upcoming elections that the threat is low, and that tampering would be easily detected by voters from the paper read-out and by officials once they recount 1 percent of their precincts' paper ballots. California Assistant Secretary of State for elections Susan Lapsley downplayed the risk, arguing that "it assumes access and control for a lengthy period of time." Scientists disagree, noting that hackers could work out plans ahead of time, and that it only takes a minute to install the software, a hole that apparently originated from Diebold's efforts to make it as easy as possible to update the software inside its systems. ACM's U.S. Public Policy Committee has released a report on Statewide Databases of Registered Voters. To review, visit http://www.acm.org/usacm/VRD