Oct. 1, 2006 — -- Elections and electronic voting machines invite consideration of the following thought experiment. You go to your local voting station, walk into the booth, pull the curtain, and see a well-dressed man standing inside with a little note pad. He asks whom you're voting for, appears to record what you say in his note pad, tells you he'll add your vote to his running total, thanks you, and asks you to send the next voter into the booth.
Whatever objections you have to this voting scenario should be reserved for the more familiar one involving Diebold and other voting machines. It's long been known that electronic machines run proprietary software and don't keep paper records of the votes cast. Similarly, the man in the voting booth also runs proprietary "mental software" whose commitment to honesty we have no way of ascertaining and simply supplies us with the vote total at the end of the day. He's probably honest and careful and, since he seems to be taking notes, his total is likely to be accurate, but would you trust such a voting system?
To the above already widely expressed concerns about electronic voting machines (and the recent misgivings of the Governors of Maryland and New Mexico among countless others), we should add an even more troubling one. This is the now conclusively demonstrated ease with which these machines can be hacked, or, to continue with the analogy above, the ease with which the well-dressed man in the booth can be persuaded to cheat. (Seldom has the title of this column, Who's Counting, been more descriptive.)
In a paper last month, "Security Analysis of the Diebold AccuVote-TS Voting Machine," (available at http://itpolicy.princeton.edu/voting/) Princeton computer professor Edward W. Felten and two graduate students Ariel J. Feldman and J. Alex Halderman discussed a common Diebold machine. They showed that anyone who gets access to the machine and its memory card for literally a minute or two could easily install the group's invisible vote-stealing software on the machine. (Poll workers and others have unsupervised access for much longer periods.) Changing all logs, counters, and associated records to reflect the bogus vote count that it generates, the software installed by the infected memory card (similar to a floppy disk) would be undetectable. In fact, the software would delete itself at the end of Election Day.
Even more ominously the memory cards that are used to install this or similar vote-stealing software can act like a virus and infect many other machines if the bad cards are used to amend these machines. This is normal practice with pre- and post-election updates, and no attachment to a network is necessary. Moreover, since memory cards are removed from all voting machines in a given region and inserted into a single machine that accumulates the votes for the region, something worse is possible. "By planting a virus far enough in advance, [a hacker] can ensure that a significant number of machines can steal votes on Election Day" even if he has access to only one or a few machines.
This last fact undercuts one of the common criticisms of election conspiracy theories, namely that stealing an election would require the cooperation of many people over a wide area. This might not be necessary, but about the contention of any recent major US election having been stolen, the authors write, "We know some people are claiming this happened, but we don't find their evidence convincing."
One of the most interesting aspects of this study is a videotape of an actual Diebold AccuVote-TS machine being hacked. The tape clearly shows the quick installation of the bad memory card (either with a copied key or by picking the machine's lock), the pre-election check indicating that nothing is amiss, the mock mini-contest between George Washington and Benedict Arnold which Washington wins 4-1, and then the print-out showing that Arnold, in an election upset, beats Washington 3-2. There are a number of other types of electronic voting machines in use today, but little certainty that they aren't vulnerable to similar tampering. (In response, Diebold claims that there have been improvements.)
With proprietary software and no independent paper trail, there are unfortunately grounds to doubt election results, especially when they're close. You wouldn't make a deposit at an ATM machine whose screen opened to reveal a well-dressed bank official who thanked you for your check and assured you he'd put it into your account, but who didn't give you a receipt or any way to check your balance. The same holds for credit cards. Your money is important, but so is your right to vote, and you shouldn't have to trust well-dressed men about either. Identity theft is a well-publicized bother; democracy theft is an invisible rot.
The only good news is that it now takes programming prowess to steal elections when all it used to take was the ability to stuff ballot boxes.
Professor of mathematics at Temple University, John Allen Paulos is the author of best-selling books including "Innumeracy" and "A Mathematician Plays the Stock Market." His "Who's Counting?" column on ABCNews.com appears the first weekend of every month.