Who's Counting: Hacking Diebold Voting Machines
Oct. 1, 2006 — -- Elections and electronic voting machines invite consideration of the following thought experiment. You go to your local voting station, walk into the booth, pull the curtain, and see a well-dressed man standing inside with a little note pad. He asks whom you're voting for, appears to record what you say in his note pad, tells you he'll add your vote to his running total, thanks you, and asks you to send the next voter into the booth.
Whatever objections you have to this voting scenario should be reserved for the more familiar one involving Diebold and other voting machines. It's long been known that electronic machines run proprietary software and don't keep paper records of the votes cast. Similarly, the man in the voting booth also runs proprietary "mental software" whose commitment to honesty we have no way of ascertaining and simply supplies us with the vote total at the end of the day. He's probably honest and careful and, since he seems to be taking notes, his total is likely to be accurate, but would you trust such a voting system?
To the above already widely expressed concerns about electronic voting machines (and the recent misgivings of the Governors of Maryland and New Mexico among countless others), we should add an even more troubling one. This is the now conclusively demonstrated ease with which these machines can be hacked, or, to continue with the analogy above, the ease with which the well-dressed man in the booth can be persuaded to cheat. (Seldom has the title of this column, Who's Counting, been more descriptive.)
In a paper last month, "Security Analysis of the Diebold AccuVote-TS Voting Machine," (available at http://itpolicy.princeton.edu/voting/) Princeton computer professor Edward W. Felten and two graduate students Ariel J. Feldman and J. Alex Halderman discussed a common Diebold machine. They showed that anyone who gets access to the machine and its memory card for literally a minute or two could easily install the group's invisible vote-stealing software on the machine. (Poll workers and others have unsupervised access for much longer periods.) Changing all logs, counters, and associated records to reflect the bogus vote count that it generates, the software installed by the infected memory card (similar to a floppy disk) would be undetectable. In fact, the software would delete itself at the end of Election Day.