July 29, 2004 12:22 PM PDT

E-voting critic calls on hackers to expose flaws

LAS VEGAS--Electronic voting systems have major security problems and hackers should make it their mission to find the flaws, an e-voting critic told security researchers on Thursday.

Speaking at the Black Hat Security Briefings here, Rebecca Mercuri, a fellow at a Harvard-affiliated research center and a noted e-voting critic, called the current voting process a statistical game of shells, one that e-voting machine makers are playing for profits.

"The data is not being collected in any meaningful way," she said. "Citizens should demand full accountability in election data at the precinct, county and state levels."

To hold voting machine makers to their promises of security, hackers should try to circumvent the systems and reveal their problems, she said. She pointed to a $10,000 reward promised by e-voting proponent Michael Shamos, a computer scientist at Carnegie Mellon University, as additional incentive.

Mercuri wants voting machine makers to stop being secretive about their security, or lack thereof, and stop legal pursuits of students and researchers that attempt to analyze their source code. She has formally called for two voting-system technology makers--machine maker Advanced Voting Solutions and verification system make VoteHere--to open up their systems as part of a contest.

The call to arms is the latest move in a debate between researchers who believe that the U.S. election system has too many security holes, and those who believe the system works well as a whole. The latest salvo in the debate has focused on electronic voting machines, known more formally as direct recording electronic, or DRE, machines.

Bev Harris, a well-known voting-security activist, joined Mercuri in the presentation, stressing that the system needs to be fixed, and soon.

"What we have is poorly designed software that isn't tested properly, and they don't use the tested software anyway," she said. "And we have bad operating procedures, and we don't follow them anyway. And afterward, everyone covers their ass."

Others should also be worried, Harris said. Computer scientists and politicians should not be the only ones who are part of the debate. Opinions should also be sought from experts in other disciplines. The fear of election fraud should have election officials talking to accountants, for example.

"We had a computer scientist talk about why there is a good reason to have three sets of books in a voting machine," she said. "But an accountant would know that there is only one reason for a double or triple set of books, and that is fraud."

Mercuri also showed data that indicated that the latest touch-screen voting machines don't perform significantly better in elections. While a Diebold touch-screen DRE machine had the lowest error rate in the California election over the issue of whether there should be a recall, it had the third-highest error rate for candidate votes, she said.

The acceptance of such errors as "part of the process" has to stop, she said.

"With the error rate we are seeing in elections, in any other scientific discipline, you would have a 'do over,'" she said. "In voting, you just keep counting until you get the result you want."

1 comment

Join the conversation!
Add your comment
Beta Tested? RC evaluation?
I have been involved in Beta testing various kinds of programs
from major corporations. The testing proceeds from Beta 1
through beta x, then through Release Candidate (RC), to final
product. As anyone knows, even final products are found to
have serious flaws (bugs), security risks, and general usage
issues.
Many companies use the public as their testers for the beta and
RC programs and we often find that the final product isn't
completely able to do what the designers had hoped for. And
that improvements are often promised for future releases
(updates) which may or may not ever happen.
With this background of experience, I deeply fear any voting
system that hasn't been fully tested, it's issues revealed,
discussed and dealt with openly, and it's limitations discovered
and compensated for.

Otherwise, we're opening a can of electronic worms that would
make the voter manipulation in Florida's 2000 election look
tame.
Posted by Riphly (15 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.