Elections Easy to Steal, Say Computer Scientists

Sept. 15, 2006 — -- When you walk into the voting booth and close the curtain behind you, you know the candidates you like, and you expect the person you choose will get your vote. Right?

Not necessarily, says Edward W. Felten.

Felten is a professor of computer sciences at Princeton University who has made a career, in recent years, of poking holes in computer security. In 2001 he raised hackles in the music industry by showing how hard it was to keep a recording from being copied. He's written software to show how easily private computer networks can be breached.

And now he's violated the sanctuary of the voting booth -- specifically, by hacking into the electronic voting machines that were designed to prevent election fraud.

Felten and two Princeton graduate students, Ariel Feldman and Alex Halderman, created a computer virus that they say could "steal" votes from one candidate, give them to another -- and go undetected.

"You have to be a good programmer -- not a genius -- to do this," said Halderman. "I believe a good programmer could reproduce our virus without very much effort."

Felten and his team targeted the most commonly-used electronic voting machines in the United States, the Diebold AccuVote-TS. In November, almost ten percent of American voters will find the TS or a similar model, the TSx, in the booth when they go to the polls. About eighty percent of voting in the U.S. is now electronic.

The AccuVote machines are small desktop computers with a touch screen. They can print out their results, but the totals on Election Day are meant to be recovered electronically -- the better to ensure accuracy. The Princeton team was given a machine by someone, they said, who prefers to remain anonymous.

The computer virus -- written by graduate student Feldman over the summer -- was stored on a memory card, which they said could be inserted in a Diebold machine by opening a small locked hatch, or unscrewing the machine's bottom cover. The team said either could be done in a minute or two --