E-voting critic calls on hackers to expose flaws

by Guest Contributor | Jul 30, 2004 1:48:00 PM

Tags: Guest Contributor

Takeaway: Harvard researcher urges security experts to show flaws in current electronic voting machines and points to $10,000 reward.

Stay on top of the latest tech news with our free IT News Digest e-newsletter, delivered each weekday. Automatically sign up today!

By Robert Lemos
CNET News.com

LAS VEGAS--Electronic voting systems have major security problems and hackers should make it their mission to find the flaws, an e-voting critic told security researchers on Thursday.

Speaking at the Black Hat Security Briefings here, Rebecca Mercuri, a fellow at a Harvard-affiliated research center and a noted e-voting critic, called the current voting process a statistical game of shells, one that e-voting machine makers are playing for profits.

"The data is not being collected in any meaningful way," she said. "Citizens should demand full accountability in election data at the precinct, county and state levels."

To hold voting machine makers to their promises of security, hackers should try to circumvent the systems and reveal their problems, she said. She pointed to a $10,000 reward promised by e-voting proponent Michael Shamos, a computer scientist at Carnegie Mellon University, as additional incentive.

Mercuri wants voting machine makers to stop being secretive about their security, or lack thereof, and stop legal pursuits of students and researchers that attempt to analyze their source code. She has formally called for two voting-system technology makers--machine maker Advanced Voting Solutions and verification system make VoteHere--to open up their systems as part of a contest.

		More IT news stories Google a favorite among hackers too IBM downsizes U.S. layoff plans Intel short on 3.6GHz chips Nerd news site woos IT execs

The call to arms is the latest move in a debate between researchers who believe that the U.S. election system has too many security holes, and those who believe the system works well as a whole. The latest salvo in the debate has focused on electronic voting machines, known more formally as direct recording electronic, or DRE, machines.

Bev Harris, a well-known voting-security activist, joined Mercuri in the presentation, stressing that the system needs to be fixed, and soon.

"What we have is poorly designed software that isn't tested properly, and they don't use the tested software anyway," she said. "And we have bad operating procedures, and we don't follow them anyway. And afterward, everyone covers their ass."

Others should also be worried, Harris said. Computer scientists and politicians should not be the only ones who are part of the debate. Opinions should also be sought from experts in other disciplines. The fear of election fraud should have election officials talking to accountants, for example.

"We had a computer scientist talk about why there is a good reason to have three sets of books in a voting machine," she said. "But an accountant would know that there is only one reason for a double or triple set of books, and that is fraud."

Mercuri also showed data that indicated that the latest touch-screen voting machines don't perform significantly better in elections. While a Diebold touch-screen DRE machine had the lowest error rate in the California election over the issue of whether there should be a recall, it had the third-highest error rate for candidate votes, she said.

The acceptance of such errors as "part of the process" has to stop, she said.

"With the error rate we are seeing in elections, in any other scientific discipline, you would have a 'do over,'" she said. "In voting, you just keep counting until you get the result you want."

Print/View all Posts Comments on this article

E-voting critic: Calling all hackers Newsletter Editor | 07/30/04

What a stupid idea rmcconky@... | 07/30/04

Yeah, but... bradt | 07/30/04

Couldn't disagree more...hack away! emachlan | 07/30/04

Delusional DickEd | 07/30/04

Learn the reason for electoral college jdclyde | 11/16/04

I disagree with hacking it because Plainbroke | 07/30/04

Over in AU we had something HAL 9000 | 07/30/04

Finally a great Idea antispock | 07/30/04

Is it Microsoft based ComputerPerceptions.com | 07/30/04

More Likely HAL 9000 | 07/31/04

Yes, it's Microsoft based Server Queen | 11/16/04

Contact your congressperson mshultz@... | 07/30/04

Hackers Not Needed gsquared | 07/30/04

Its a trick. HoneyPots myndebox@... | 07/30/04

Hack the person? Myron_s | 07/30/04

What should we hack next twpatters | 07/30/04

BS i_de_maria_wrk@... | 08/05/04

A Pandora's box calm_pc | 07/30/04

Technology doesn't belong here TomSal | 07/30/04

Tom I think it an attempt to get HAL 9000 | 07/30/04

10,000 $ joke rgun2515@... | 07/30/04

That's obvious HAL 9000 | 07/31/04

Calling all FBI Agents jkr10000@... | 07/30/04

Hacking the voting machines TokyoPete | 07/30/04

The flaws are known - why the lack of fuss? sean® | 07/30/04

To me this is like New Viruses HAL 9000 | 07/31/04

in context of Olympic Games, yes rmuldavin | 07/31/04

OK but why tell?! 1PebKac | 08/02/04

recognition is sometimes more worth than money dev/hda1 | 08/02/04

Tradition Dilbert-Tom | 08/02/04

More of a security risk? husp1@... | 08/02/04

This is nuts! Cweb | 08/05/04

naieve dnickolai@... | 08/01/04