Yet another independent study by computer security experts has concluded Diebold's Optical-Scan election system is vulnerable to hacking and rigging. This time it's the Voting Technology Research Center, at the Department of Computer Science at the University of Connecticut. Their conclusions will sadden anyone who values democracy. Here are a few quotations from the report titled, "A Case Study in Optical Scan E-Voting":
[W]e demonstrate a "time bomb" attack in which the bytecode checks the date and time in order to decide whether the election has begun. [It can] retain proper behavior in pre-election testing, while behaving improperly during the actual election.
[I]f the Optical Scan printouts are the sole means of reporting the election results (as it is the case in fact in many jurisdictions)* then one can write quite complex malicious reporting functionalities that get triggered in specific cases (when e.g., the number of votes of a certain candidate are below a certain percentage) and perform arbitrary vote transfers between the candidates.
There are now at least 5 major independent studies like this. It's becoming like "beating a dead horse." But it's not a horse, it's the door of our election officials offices that are being pounded on, and they are simply ignoring the call. We know that our state's election authorities are reading these reports. So the question is, why do they ignore the experts and leave our democracy at risk?
I'm from Vermont, a place you'd think the election officials would do the right thing. But the fact is, that many people have written to Secretary of State Deb Markowitz and Director of Elections Kathy DeWolfe about this. (click here for their contact info if you want to write to them yourself) Many people have asked them, "when are you going to institute random audits on the elections, like all of these studies recommend?"
Their answer is becoming more and more embarrassing...
They say simply that the experts are wrong and they are right. The system is safe, they tell us, and therefore we don't need audits.
Deb and Kathy say there are tests on the machines that make sure there is no tampering, even if the academic studies prove the tests simply are not adequate. Deb and Kathy say no one could hack the system because they keep the memory cards safe. But the studies show how easily anyone could switch a memory card. And even worse, we all know that employees of Diebold and LHS have unfettered access to the memory cards before each election, as we recently saw in New Hampshire for example, so keeping the cards safe is moot.
Deb and Kathy's answer to this is, that we should just trust them. What was that? Trust a company such as Diebold who has been prosecuted for fraud, is being investigated by both the SEC and DoJ, sued by its own shareholders, and has employed convicted felons to write their software code? Am I really hearing that correctly, Deb and Kathy? You want us to trust a company with a track record like that?
My question now is, how much longer can Deb and Kathy (and other Secretaries of State) stand there and say the experts are wrong and they are right? How long can they actually claim that they understand the system better than these people who have been studying and teaching about computer security for their entire careers? Because that's exactly what they're claiming - that they know more than the experts.
Every study makes recommendations. These recommendations are written specifically to the folks responsible for administering elections --- people like Deb and Kathy. We know they have read these recommendations. And they all say the same thing: Conduct random audits on every election.
Every day that goes by as Deb and Kathy deny that audits are necessary, is another day they're thumbing their noses at the computer security experts (and citizens who care about having accurate elections). Every day that goes by is another day that Deb and Kathy are claiming they understand computer security better than the reports fromUniverisity of Connecticut [PDF], Princeton University, University of California [PDF], and Lawrence Livermore Labs, and even the head of security for Microsoft [PDF]. All these studies agree --- without random audits, the system is wholly vulnerable.
Deb claims that it would cost too much to have audits. But can you put a value on our Democracy? If we are using an inadequate system, we have to do something about it. And if cost is really the problem, she could even make Diebold pay for the audits, like California's Secretary of State is doing. So what's the problem? Why are they so vehemently against audits, which would only strengthen the integrity of our election system?
Several other states have heard the call of the experts and have begun to implement random audits. But Deb and Kathy evidently think all those other Secretaries of States are wrong for following the advice of the experts, and once again, only they are right.
How much longer can Deb and Kathy do this without looking foolish? Will Vermont be the last state in the country to have audits?
In Vermont --- and every state that uses unverifiable DRE/touchscreen machines and optical scanners without audits --- we must continue asking questions, and applying pressure to such election officials. In Vermont we have a petition, a flyer [PDF] we pass around, and a website to promote awareness. We must pressure our elected officials to stop denying the advice of the experts and start random audits on our state's election system, starting this November!