Electronic Voting Machines Still Widely Used Despite Security Concerns

Hack The Vote: Controversial E-Voting Machines Still Widely Used Despite Security Concerns
LOS ANGELES - FEBRUARY 18: A voter demonstrates use of a touchscreen voting booth on the first day of early voting for the March 2 primary February 18, 2004 in east Los Angeles, California. A California judge today denied a temporary restraining order against use of electronic voting brought by a group of computer programmers and voters that alleges the system is vulnerable to manipulation. (Photo by David McNew/Getty Images)
LOS ANGELES - FEBRUARY 18: A voter demonstrates use of a touchscreen voting booth on the first day of early voting for the March 2 primary February 18, 2004 in east Los Angeles, California. A California judge today denied a temporary restraining order against use of electronic voting brought by a group of computer programmers and voters that alleges the system is vulnerable to manipulation. (Photo by David McNew/Getty Images)

For years, researchers have been aware of numerous security flaws in electronic voting machines. They've found ways to hack the machines to swap votes between candidates, reject ballots or accept 50,000 votes from a precinct with just 100 voters.

Yet on Nov. 6, millions of voters -- including many in hotly contested swing states -- will cast ballots on e-voting machines that researchers have found are vulnerable to hackers. What is more troubling, say some critics, is that election officials have no way to verify that votes are counted accurately because some states do not use e-voting machines that produce paper ballots.

After the "hanging chad" controversy of the 2000 election, Congress passed a federal law that gave states funding to replace their punch card and lever voting systems with electronic voting machines. But computer scientists have repeatedly demonstrated that a variety of electronic voting machines can be hacked -- often quite easily.

"Every time they are studied, we find further problems," said J. Alex Halderman, a computer science professor at the University of Michigan who researches voting machine security.

"It's simply a matter of reprogramming these machines to be dishonest," Halderman added. "That's what we found six years ago and it's still true today, and many of these machines are still in use."

In 2008, researchers at Princeton University found that it took seven minutes, using simple tools, to install a different computer program in a voting machine "that steals votes from one party's candidates, and gives them to another." That machine, the Sequoia Avantage, is still used in at least six states by 9 million voters, according to Roger Johnston, who heads the vulnerability assessment team at Argonne National Laboratory.

Last fall, Johnston and his team of researchers found that Diebold's AccuVote voting machines could be hacked to change voting results by inserting a piece of electronics into the machines. Diebold's AccuVote voting machines are used in at least 20 states by 21 million voters, according to Johnston.

"I've seen high school science fair projects that are more sophisticated than what is needed to hijack a voting machine," Johnston said in an interview.

Most voting machines are made by two manufacturers, Election Systems & Software and Dominion Voting Systems, which was formerly Diebold Election Systems. Neither company returned requests for comment.

Researchers say it's difficult to determine whether voting machine manufacturers have fixed cyber-security flaws because the companies do not share their software code publicly. In addition, there is little pressure on them from elections officials to do so, Johnston said.

"The voting manufacturers are in denial," Johnston said. "They are not doing anything about these problems, but their customers are not asking them to, either."

However, there is no evidence that hackers have ever manipulated votes in a U.S. election, experts say. And many election officials insist security concerns about voting machines are overblown. They say that security on Election Day is much stricter than, say, what a team of computer scientists with unlimited time in a laboratory might face to hack a voting machine.

"It's important to keep in mind that having full and open access to these systems is quite different than how these systems are available to voters on Election Day," said Jessica Myers, a voting systems certification specialist at U.S. Election Assistance Commission, which certifies e-voting machines.

Butler County, Ohio -- in a key swing state with more than 240,000 registered voters -- has been using AccuVote machines since 2005, according to Lynn Kinkaid, director of the county board of elections. One reason they still use the machines is that "elderly people like them because you can enlarge the print," he said.

Kinkaid said the county's e-voting machines are tested before each election, encrypted and not connected to the Internet.

"We are very sure our machines are safe and secure," he said.

Lehigh County, Pa., which has about 236,000 registered voters in another swing state, has been using Accuvote voting machines since 2006, according to Tim Benyo, the county's chief clerk for registration and elections.

Benyo said the county's e-voting machines are certified by the state, and prior to Election Day, they are locked, sealed and never left alone. He said there have been "slight modifications" to the machines' software over the years, "but nothing drastic."

"I am familiar with some reports of them being able to be hacked," Benyo said. "But my concerns are limited because these machines are not left alone with anybody for a long enough period of time."

However, Halderman, of the University of Michigan, was part of a team of researchers in 2006 that found a hacker with access to an AccuVote voting machine for just one minute could install malicious code on the machine to steal votes.

Lehigh County's e-voting machines do not produce a paper record for voters because it is not required by the state, Benyo said. One-quarter of registered voters nationwide will cast ballots on Nov. 6 using electronic voting machines that do not produce paper ballots, according to VerifiedVoting.org, a nonprofit whose mission is to safeguard elections in the digital age.

Without paper ballots -- which are counted using optical scan systems -- elections officials have no way to go back and conduct an audit to see whether votes were counted correctly, security researchers say.

"You really can't tell whether vote totals are accurate unless you have a paper ballot," said David Dill, founder of VerifiedVoting.org.

In 2006, Maryland lawmakers passed a bill that called for state election officials to stop using Diebold's AccuVote-TSx touchscreen systems, which the state has used since 2002, because the machines contained security flaws and did not produce a paper record, according to Computer World magazine.

But after the law passed, Gov. Martin O'Malley chose not to fund the purchase of new e-voting machines that produce paper ballots, according to Donna Duncan, a spokeswoman for the Maryland State Board of Elections. On Nov. 6, polling places across Maryland will still use AccuVote touchscreen machines that don't produce paper ballots.

"We have absolute confidence in the voting equipment," Duncan said. "The security measures we put in place, we believe, are sufficient."

Before You Go

Obama, Romney Get Intense At 2nd Debate

Popular in the Community

Close

What's Hot