Elections and electronic voting machines invite consideration of the following thought experiment. You go to your local voting station, walk into the booth, pull the curtain, and see a well-dressed man standing inside with a little note pad. He asks whom you're voting for, appears to record what you say in his note pad, tells you he'll add your vote to his running total, thanks you, and asks you to send the next voter into the booth.
Whatever objections you have to this voting scenario should be reserved for the more familiar one involving Diebold and other voting machines. It's long been known that electronic machines run proprietary software and don't keep paper records of the votes cast. Similarly, the man in the voting booth also runs proprietary "mental software" whose commitment to honesty we have no way of ascertaining and simply supplies us with the vote total at the end of the day. He's probably honest and careful and, since he seems to be taking notes, his total is likely to be accurate, but would you trust such a voting system?
To the above already widely expressed concerns about electronic voting machines (and the recent misgivings of the Governors of Maryland and New Mexico among countless others), we should add an even more troubling one. This is the now conclusively demonstrated ease with which these machines can be hacked, or, to continue with the analogy above, the ease with which the well-dressed man in the booth can be persuaded to cheat. (Seldom has the title of this column, Who's Counting, been more descriptive.)
In a paper last month, "Security Analysis of the Diebold AccuVote-TS Voting Machine," (available at http://itpolicy.princeton.edu/voting/) Princeton computer professor Edward W. Felten and two graduate students Ariel J. Feldman and J. Alex Halderman discussed a common Diebold machine. They showed that anyone who gets access to the machine and its memory card for literally a minute or two could easily install the group's invisible vote-stealing software on the machine. (Poll workers and others have unsupervised access for much longer periods.) Changing all logs, counters, and associated records to reflect the bogus vote count that it generates, the software installed by the infected memory card (similar to a floppy disk) would be undetectable. In fact, the software would delete itself at the end of Election Day.
Even more ominously the memory cards that are used to install this or similar vote-stealing software can act like a virus and infect many other machines if the bad cards are used to amend these machines. This is normal practice with pre- and post-election updates, and no attachment to a network is necessary. Moreover, since memory cards are removed from all voting machines in a given region and inserted into a single machine that accumulates the votes for the region, something worse is possible. "By planting a virus far enough in advance, [a hacker] can ensure that a significant number of machines can steal votes on Election Day" even if he has access to only one or a few machines.