Cybereye | What happened in Maryland?
Flaws, vulnerabilities and human error created a perfect storm for e-voting
If this week’s primary election in Maryland decided anything decisively, it was that you can’t solve problems by slapping on some technology. Automating a problem only produces faster, bigger mistakes.In the Sept. 12 primaries, Maryland used the Diebold AccuVote-TS direct-recording, electronic voting machine statewide for the first time. Precincts across the state were plagued by late openings and delays when cards to operate the machines were unavailable, voting machines froze up and computers containing electronic voter lists failed. Paper ballots were often not available as a backup, and there were reports of voters scribbling their choices on scraps of paper as polls were closing.In a congressional race in which incumbent Democrat Rep. Albert Wynn garnered around 50 percent of the vote and leads his opponent by only 3,000 votes, you have to wonder what impact these irregularities will have on the outcome.Of course, some bugs are to be expected in a new process. But some of the worst problems occurred in counties that have been using the machines since 2002, including Montgomery County, where a judge had to step in and keep polls open an extra hour because of screw-ups.Not all of the problems were technical. Montgomery County suffered a self-administered denial-of-service attack when election officials neglected to provide the reusable cards needed by voters to activate the voting machines. Machines containing electronic voter rolls were delivered late by Diebold in some counties, so there was little time to test them or train poll workers.On top of all this, researchers from Princeton’s Department of Computer Science released a the next day detailing vulnerabilities in the AccuVote-TS.“Many computer scientists doubt that paperless DREs can be made reliable and secure, and they expect that any failures of such systems would likely go undetected,” the authors said. Their research tended to confirm this.“An attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code,” that could change votes and alter logs to hide its tracks, the report said. That code could spread between machines during normal election activity.Diebold is having none of this, calling the study “unrealistic and inaccurate.” In a statement, Diebold Election Systems president Dave Byrd said the software used in the study was obsolete and that researchers ignored common security procedures.“Secure voting equipment, proper procedures and adequate testing assure an accurate voting process,” Byrd said.But many researchers doubt the equipment and software really is secure, and events in Maryland show that “proper procedures and adequate testing” cannot be relied upon to assure anything. What can be relied upon is that whatever can go wrong eventually will go wrong.Murphy’s Law applies to everything, not just computers, and no voting system will be perfect. The problems in Maryland are not due simply to the use of electronic voting machines. They are due to the adoption of unproven technology, inadequate training and stupid human mistakes. Most important, they are due to the lack of planning for inevitable problems. Stacks of paper ballots and printed voter lists in the polling places would have made the technical glitches little more than irritations, and machines that provide a voter-verified paper trail would go a long way toward making security flaws moot.The day after the Maryland fiasco, Diebold’s Byrd wrote, “Every voter in every local jurisdiction that uses the AccuVote-TS should feel secure knowing that their vote will count on Election Day.”I’m pretty sure my vote counted. I used a No. 2 pencil and a paper absentee ballot that I mailed in before the election.
NEXT STORY: House passes database spending bill