|
A
few weeks after Election Night 2002, Roxanne Jekot,
a computer programmer who lives in Cumming, Ga.,
began fearing demons lingering in the state's
voting machines. The midterm election had been
a historic one: Georgia became the first state
to use electronic touch-screen voting machines
in every one of its precincts. The 51-year-old
Jekot, who has a grandmotherly bearing but describes
herself as a "typical computer geek," was initially
excited about the new system.
"I
thought it was the coolest thing we could have
done," she says.
But
the election also brought sweeping victories for
Republicans, including, most stunningly, one for
Sonny Perdue, who defeated Roy Barnes, the incumbent
Democrat, to become Georgia's first Republican
governor in 135 years, while Rep. Saxby Chambliss
upset Vietnam veteran Sen. Max Cleland. The convergence
of these two developments -- the introduction
of new voting machines and the surprising GOP
wins -- began to eat away at Roxanne Jekot. Like
many of her fellow angry Democrats on the Internet
discussion forums she frequented, she had a hard
time believing the Republicans won legitimately.
Instead, Jekot began searching for her explanation
in the source code used in the new voting machines.
What
she found alarmed her. The machines were state-of-the-art
products from an Ohio company called Diebold.
But the code -- which a friend of Jekot's had
found on the Internet -- was anything but flawless,
Jekot says. It was amateurish and pocked with
security problems. "I expected sophistication
and some fairly difficult to understand advanced
coding," Jekot said one evening this fall at a
restaurant near her home. But she saw "a hodgepodge
of commands thrown all over the source code,"
an indication, she said, that the programmers
were careless. Along with technical commands,
Diebold's engineers had written English comments
documenting the various functions their software
performed -- and these comments "made my hair
stand on end," Jekot said. The programmers would
say things like "this doesn't work because that
doesn't work and neither one of them work together."
They seemed to know that their software was flawed.
To
Jekot, there appeared to be method in the incompetence.
Professional programmers could not be so sloppy;
it had to be deliberate. "They specifically opened
doors that need not be opened," Jekot said, suggesting
the possibility that Diebold wanted to leave its
voting machines open to fraud. And, ominously,
the electronic voting systems used in Georgia,
like most of the new machines installed in the
United States since the 2000 election, do not
produce a "paper trail" -- every vote cast in
the state's midterm election was recorded, tabulated,
checked and stored by computers whose internal
workings are owned by Diebold, a private corporation.
Jekot
was particularly alarmed -- and outraged -- to
learn that company CEO Walden O'Dell is one of
the GOP's biggest fundraisers in his home state
of Ohio and nationally. Right after the Georgia
elections, an O'Dell e-mail began making the rounds
of Web logs and other Internet sites that were
tracking the Diebold security flaws, in which
the CEO bragged that he's "committed to helping
Ohio deliver its electoral votes to the president
next year." What better way to deliver electoral
votes for President Bush, some reasoned, than
to control the equipment Americans use to cast
their ballots?
"I
believe that the 2002 election in Georgia was
rigged," Jekot insists today. "I don't believe
that Saxby Chambliss or Sonny Perdue won their
races legally."
Despite
Jekot's technical expertise, officials in Georgia
consider her theories baseless. Roy Barnes, the
defeated Democratic governor, says that blaming
his loss on voting machines is "ridiculous." And,
to be sure, there is no evidence proving malfeasance,
and there probably never will be. The only trouble
is, the state cannot furnish any definitive evidence
to show that the 2002 election was not fraudulent.
Proving that the machines didn't malfunction,
or that they weren't hacked, is impossible. And
since scores of computer scientists say that voting
systems are vulnerable to attack, and because
activists have raised legitimate concerns about
election equipment vendors' politics and processes,
Jekot's fears have come to seem, to many, entirely
reasonable.
Even
a self-described Christian arch-conservative,
former Diebold systems manager Rob Behler, says
the company failed to adequately test its troubled
equipment -- and balked when he warned them of
widespread problems with the machines. Last summer,
computer scientists at Johns Hopkins University
and Rice University found major security flaws
in the Diebold machines, concluding that the Georgia
system falls "far below even the most minimal
security standards." And in January, experts at
RABA Technologies, a consulting firm in Maryland,
discovered additional failures in that state's
Diebold systems. Internal Diebold e-mail shows
that company engineers knew about the problems
and in some instances chose to ignore them.
Some
elections officials are beginning to see the profound
dangers inherent in this process; California Secretary
of State Kevin Shelley has ordered that all systems
in his state implement a paper record by 2006.
Activists hailed Shelley's decision as evidence
that he understands the fundamental principle
at stake: Elections should be sacrosanct.
But
on Election Day this November, more than 20 percent
of American voters will cast their ballots on
paperless electronic machines; voters across the
nation will encounter them during the primaries.
Critics of touch-screen systems point to the controversy
surrounding the vote in Georgia as a sign of things
to come nationally. If there's an upset in a close
presidential race, will we be able to trust it?
Ironically, the paperless systems were supposed
to restore trust in a democracy that saw the presidency
hang by a few thousand chads in Florida three
years ago. In Georgia, and increasingly across
the nation, they're in danger of doing quite the
opposite.
Many
in Georgia dismiss Jekot and her Web-based acolytes
as blinded partisans, conspiracy nuts, or even
"wack-jobs."
But
if you dismiss Roxanne Jekot as a wack-job, you
still have to deal with her friends. Jekot represents
only the most strident quarter of an emerging
national movement aimed at slowing the spread
of the kind of touch-screen systems that were
first used in Georgia. While the movement counts
as members some of the most shrill partisans on
the Web, it also includes some of the most well-regarded
computer scientists in the world -- and together,
these groups have been unexpectedly successful
in changing the national perceptions of touch-screen
machines.
Until
just about a year ago, these systems were considered
the natural replacement to the punch-card machines
that so roiled the last presidential election.
The new machines are easy to maintain, they can
accommodate multiple languages, they can be used
by people with disabilities, and they have the
backing of influential groups like the League
of Women Voters and the ACLU. The Help America
Vote Act of 2002, which doles out a total of $650
million in federal money to state and local officials
who upgrade their aging voting systems, has already
prompted dozens of counties and a handful of states
to deploy the touch-screen systems.
The
activists have upended the process. Fear of the
voting machines is now a red-meat issue not just
for online lefties but also for libertarians,
for many on the right, and, increasingly, for
the establishment. National newspapers run Op-Eds
on the issue, network news shows feature the movement's
proponents, and officials like Shelley, in California,
have been pressed to change their positions on
the systems.
If
you spend much time in the world of the activists,
you'll understand why. In the fall, I sat with
Jim March, an anti-Diebold tech expert in Sacramento,
Calif., while he showed me on his home PC how
to steal an election. March, an ardent libertarian
whose apartment is decorated with political posters
-- "Politicians Prefer an Unarmed Populace," one
announces -- spent months investigating security
flaws in touch-screen systems. Thanks to his network
of fellow geek-activists, he'd found flaws in
the system Diebold used to tally election results,
a program called GEMS. The GEMS software runs
on a standard PC that's usually housed in a county
election office. The system stores its votes in
a format recognizable by Microsoft Access, a common
office database program. If you've got a copy
of Access and can get physical access to the county
machine -- or, some activists say, if you discover
the county's number and call into the machine
over a phone line -- the vote is yours to steal.
While
I sat at his computer, March helped me open a
file containing actual results from a March 2002
primary election held in San Luis Obispo County,
Calif. -- a file that March says would be accessible
to anyone who worked in the county elections office
on Election Day. Following March's direction,
I changed the vote count with a few clicks. Then,
he explained how to alter the "audit log," erasing
all evidence that we'd tampered with the results.
I saved the file. If it had been a real election,
I would have been carrying out an electronic coup.
It was a chilling realization.
The
person who discovered the problems with the GEMS
program -- she's singularly responsible for almost
every bit of attention recently paid to electronic
voting machines, and for almost every juicy detail
uncovered about the vote in Georgia -- is a middle-aged
publicist-turned-investigative-journalist in Seattle
named Bev Harris. Harris began thinking about
voting machines in late 2002, when, after reading
some claims on the Web that the election equipment
firms were being infiltrated by foreign nationals,
she decided, almost on a lark, to investigate
the matter.
Harris
had no journalistic experience, but she'd always
harbored fantasies of uncovering something big.
She turned out to be exceptionally talented at
reporting. Within a few weeks of her investigation,
she'd dug up many compelling nuggets. She found,
for instance, that in the early 1990s, before
he was elected to office, Sen. Chuck Hagel, the
Nebraska Republican, served as the president of
American Information Systems, the company that
built most of the voting machines used in his
state. Harris also discovered that Diebold, the
firm that produced the machines used in Georgia,
had left the software used to run its systems
on a public server online. Harris downloaded these
files and looked through them. She saw that she
had the company's source code as well as several
other curiously named files -- one, for example,
was called "rob-georgia.zip."
Before
Bev Harris found the files used in Georgia, the
software in the machines had essentially been
secret. Although the code had been reviewed by
government testing authorities, nobody outside
those labs had been allowed to see the programs,
which is a standard provision in most electronic
voting systems. When the computing public got
a peek at the files Harris found, experts were
not kind.
In
July, a team of four computer scientists at Johns
Hopkins University and Rice University announced
that they'd uncovered major security flaws in
the machines used in Georgia's elections. "Our
analysis shows that this voting system is far
below even the most minimal security standards
applicable in other contexts," the team wrote.
Diebold has long boasted that votes in its system
are stored in an encrypted manner, hidden to anyone
who didn't have a valid password; the computer
scientists found that Diebold's programmers left
the "key" to decrypt the votes written into the
code, which is a bit like locking your door and
placing the key on the welcome mat. The Hopkins/Rice
scientists also said that they saw no adequate
mechanism to prevent voters from casting multiple
ballots, viewing partial election results, or
terminating an election early.
On
Jan. 19, a team of computer scientists working
with RABA Technologies set up a red-team exercise
-- a one-day attempt to hack into Diebold machines
configured as they would be on Election Day. They
were successful. In a short time, the hackers
managed to guess the passwords securing the voting
system, allowing them to cast multiple ballots.
They found that with a standard lock-pick set,
they could inconspicuously open up each machine
-- sometimes in less than 10 seconds -- and remove
or attach various pieces of hardware, letting
them erase or change electronic ballots. They
concluded that Diebold's touch-screen machines
contain "considerable security risks," and they
suggested that Maryland put in place stringent
safeguards before its March 2 primary, and that
the state overhaul the system before the presidential
election.
Diebold
fiercely disputes that its technology is vulnerable
to attacks. Mark Radke, a spokesman for Diebold,
says that the RABA study pointed out some areas
in which Maryland could improve its voting procedures,
and he's pleased that Maryland is instituting
those changes. As for the Hopkins study, Radke
says the scientists who looked at the system erred
in their assessment by examining only a small
bit of the code and by neglecting the "checks
and balances" that occur in an actual election.
He pointed to a study of the company's system
that was performed by Science Applications International
Corp., a consulting firm, at the behest of the
state of Maryland. The SAIC report gives Diebold
a clean bill of health, and Georgia officials
say it proves their system is safe. (The study
is available here in PDF format.)
There
is no evidence that someone tampered with the
votes in Georgia. But certainly it is not beyond
the bounds of possibility that someone could do
so in the future. The history of American democracy
is replete with allegations of vote fixing and
stolen elections -- from Rutherford Hayes' disputed
victory over Samuel Tilden in 1876 to Illinois
in 1960 (there were vote fraud allegations against
both Richard Nixon and John F. Kennedy) to the
Florida debacle in 2000. Leaving the security
of such a crucial government function in the hands
of private companies motivated primarily by a
desire to make a quick buck seems like a loopy
idea to many people. And the more one listens
to the activists' complaints about how Diebold
does business, the more one comes to understand
their worries about election security.
Bev
Harris says that in August, a former employee
at Diebold handed her a trove of documents from
the company, representing years of discussions
on an internal company Web site. In the memos,
Diebold programmers seem to acknowledge security
holes in their system, and they appear to discuss
methods of evading testing authorities. In one
e-mail, Ken Clark, a programmer at the company,
acknowledges that vote data can be viewed with
Microsoft Access, but he says that fixing the
problem will be difficult, and it would be easier
to feel out the testing labs and "find out what
it is going to take to make them happy." In another
e-mail, Clark recommends to his co-workers that
if the state of Maryland -- which has also purchased
the company's touch-screen machines -- decides
to require a paper trail in its voting systems,
the company should exact a high price for the
required upgrades. Diebold should charge Maryland
"out the yin," Clark wrote. In yet another e-mail,
Clark does an impression of how voters in Georgia
might react to touch-screen machines: "Yer votin
thingamajig sure looks purdy," he writes. (Calls
to Clark were routed to Diebold's P.R. office.
While the company concedes that the memos are
authentic, it disputes Harris' claim that the
files came from a Diebold employee. Instead, says
Mark Radke, Diebold's computers were hacked. The
firm initially threatened to sue people who posted
the files on the Web, but it has backed off that
threat.)
In
the spring of 2003, Harris received an e-mail
that read, "I think I may be the Rob in rob-georgia."
The message was from Rob Behler, a laid-off telecom
worker who found a contract job at Diebold's Atlanta
warehouse in the summer before the midterm election.
Behler, a friendly fellow in his 30s who speaks
with a disarming Southern drawl, paints a disastrously
unflattering picture of the company that provided
his state with its voting equipment. He told Harris
that his time at Diebold was marked by confusion
and chaos, a month of 16-hour days in which he
did nothing but fix broken machines, broken management
techniques, and deal with incompetent people.
On
his first day on the job, Behler, who had never
worked on election systems before, was promoted
to a manager's position and put in charge of the
team assembling, testing and deploying all of
the voting machines in the state. He says that
when he checked the machines that employees had
been assembling for months, he discovered that
large numbers of them were defective.
During
the few weeks that followed, Behler spent his
time fixing the machines. He says that each time
he discovered a new problem with the systems,
he would call up the tech experts at Diebold,
and they would determine a way to fix it. The
programmers would put a file on the company server
-- a file like rob-georgia.zip -- and Behler would
download it to his laptop, store it on a memory
card, then install the memory card on the touch-screen
machines. The process steered clear of any certification
authorities; no independent body was checking
to see what was being installed on the system.
Indeed,
Behler remembers a conference call with Diebold
executives in which they specifically discussed
what to tell Georgia authorities if Diebold engineers
were caught installing software on the machines.
"Can't we just tell them we're updating?" Behler
wondered in the meeting. "They're like, 'No, no,
no, no, no, you can't do that. It has to be certified.'
And I say, 'Oh? So we don't want them to know
that we're fixing a problem?' So I was like, 'OK
-- we can tell them that we're doing a quality
check and that we're making sure that they're
all the same.' And that's exactly what we did."
Mark
Radke of Diebold says, "All I can tell you about
these situations is that before the units are
deployed they are fully tested, and that final
testing was proof-positive about how those units
were going to function."
The
Georgia secretary of state's office dismisses
most of Behler's claims. Chris Riggall, press
secretary to Cathy Cox, the secretary of state,
says that at some point before the 2002 election,
Diebold did discover that Windows CE, the version
of the Microsoft Windows operating system that
runs on the touch-screen machines, needed to be
upgraded. But this was a one-time fix that Cox
was fully aware of, he said. This fix was not
formally certified by state and federal testing
authorities, as Georgia law requires. But Riggall
says that the state's testing experts determined
that because the upgrade was only to the Windows
operating system and not to the other software
in the touch-screen machine, it did not need to
be certified. The election was fast approaching,
Riggall said, and there simply was no time for
certification. Doing it this way was "not our
preferred best option," he wrote in an e-mail,
"but nevertheless justifiable under the circumstances."
As for Behler's claim that the software was downloaded
from Diebold's publicly accessible server, Riggall
says that's not true. "No, we never used that
site during any aspect of the 2002 elections."
Behler,
who has seven children, is an arch-conservative.
One night this fall, standing outside his five-bedroom
house in one of Atlanta's affluent northern suburbs,
he described his politics in detail -- why he
favored the ban on late-term abortions, why he
considers the minimum wage a foolish idea, why
he prefers George W. Bush to Bill Clinton, and
why, despite what he knows of working at Diebold,
he does not believe that the 2002 election in
his state was rigged. For one thing, he doesn't
consider the GOP's wins very surprising; to him,
the Republicans running that year were fine candidates.
But he does believe the Diebold flaws are an open
invitation to election mischief.
The
transition to touch-screen machines in Georgia
was proposed and championed by Democrats, and
the state's elected Democrats remain the machines'
fiercest defenders. It is an irony of this story,
then, that while Roxanne Jekot and her friends
claim that Republicans rigged the 2002 election,
it is for Democrats -- or, for one Democrat in
particular, Georgia's secretary of state, Cathy
Cox -- that they reserve their contempt. Cox,
a former journalist and attorney who was first
elected to office in 1998, is the nation's leading
proponent of electronic voting systems. After
the 2000 election, Cox grasped, long before her
peers in other states, that electronic voting
would be the future of elections. It was a future
that she was determined to bring to her state.
Georgia
has 159 counties, more than any state except Texas,
and, before the new machines were installed, there
were nearly as many different voting systems in
use -- old-school lever machines (which also produce
no paper trail), punch-card machines, and optical
scan systems (which use SAT-style fill-in-the-bubble
ballots), all of varying makes and models. Shortly
after the 2000 election, Cox commissioned a study
on the accuracy of these systems, looking at one
measure in particular, the presidential-race undervote.
(The undervote in a given race is the number of
ballots on which voters failed to register any
choice for a candidate.) Cox found that the highest
undervote rates occurred in neighborhoods where
there were large groups of minorities.
In
a sample of predominantly black precincts Cox
examined, for instance, she found that the undervote
was an alarming 8.1 percent. What was mysterious
was that optical scan voting systems -- which
are really the only alternative to touch-screen
machines still available for sale -- did not seem
to greatly improve the undervote rate among minorities.
While the undervote rate on optical scan machines
in white neighborhoods was just 2.2 percent, in
black neighborhoods it was 7.6 percent. The situation
in Georgia was so obviously discriminatory that
in 2001, the ACLU sued Cox to force her to upgrade
the state's elections systems. Cox says that she
chose touch-screen systems because, among other
attributes, they had the best chance of reducing
the undervote. She was right: In the 2002 election,
using the new machines, the undervote rate in
Georgia was less than 1 percent.
In
the online forums where voting-machine critics
assert that Republicans fixed the 2002 election
in Georgia, it's often said that the results in
the state surprised everybody. This isn't exactly
the case. The Senate race, which pitted the incumbent
Democrat Max Cleland against Saxby Chambliss,
a Republican, was widely considered a tossup by
Election Day.
The
big surprise, perhaps the largest upset anywhere
in the country that night, was in the governor's
race. Roy Barnes had been all but assured a win.
He had everything on his side, including money
(Barnes outspent Sonny Perdue by a margin of 6
to 1), history (Georgia is the only state in the
nation that did not elect a Republican governor
in all of the 20th century) and a commanding lead
in the polls.
But
when Barnes eventually lost (with 46 percent to
Perdue's 51 percent), his campaign did not suspect
the voting machines, not even for a second. According
to Bobby Kahn, Barnes' chief of staff and an old-time
political hand in Georgia, there was an obvious
political reason for the defeat -- the Confederate
flag. In an e-mail, Roy Barnes wrote that "you
will see that the dominant factor in my defeat
in 2002 was anger over my actions in changing
the Georgia flag to reduce the size of the Confederate
battle emblem. I knew from my travels around the
state that there was a lot of anger over the change
-- I had believed, or at least hoped, I could
overcome the anger, but I couldn't." Voter turnout
among white Georgians in 2002 was unexpectedly
high, much higher than in the 1998 race.
In
his office this fall, Chris Riggall, Cox's press
secretary, said that many of the computer scientists
who have questioned electronic voting systems
have little firsthand experience in elections,
and are therefore unqualified to judge a voting
system's security. And those who say there was
something amiss with the 2002 election don't have
a clue about how politics works in Georgia, he
said. "When I see the Independent" -- the London
newspaper -- "saying the only way Max Cleland
could have lost was because of the voting machines,
I have to laugh. What in the hell do you know
about Georgia political history? The last time
he won with [just] 30,000 votes!"
"Our
system is not perfect," says Riggall. "Our system
is vulnerable, but we believe it's less so than
all of the alternatives. So our frustration is
the lack of context, perspective and knowledge
of what happens in Georgia."
But
the movement to challenge electronic voting is
not confined to Georgia, or to those who worry
about the 2002 election results. David Dill, a
computer scientist at Stanford University, has
been among the one or two activists most responsible
for the shift. Dill says that when he first heard
that systems were being installed in Georgia and
in some of California's largest counties -- including
his own, Santa Clara -- he initially figured "that
somebody was minding the store and making sure
that the equipment is somehow trustworthy."
Then
he did some research into how the systems were
designed and implemented, and "I began to feel
that maybe that wasn't true," he says. Dill says
that he was particularly annoyed that election
officials seemed to ignore the concerns of computer
security experts, who've warned of the dangers
of electronic voting for decades. So early in
2003, Dill posted a petition online demanding
that all computerized voting equipment produce
what he called a "voter-verifiable audit trail."
The
audit trail (an idea that was first developed
by Rebecca Mercuri, a computer scientist who has
long studied the voting systems and is now a research
fellow studying transparency in computational
systems at Harvard's Kennedy School) works as
follows: When a voter casts a ballot on a touch-screen
machine, she'll be presented with a paper version
of her votes to look over. Once she approves this
paper ballot, it becomes the official record of
her vote (she is not allowed to remove the paper
ballot from the voting precinct). If there is
a question about the accuracy of the electronic
count, election officials would be required to
manually count the paper ballots; if there's a
discrepancy between the two counts, the manual
count would be considered the official result
of the election. Thousands of computer scientists
have signed Dill's demand; attaining it nationally
has become the paramount goal for the critics
of the touch-screen systems.
"It's
not just one computer scientist whining about
this," Dill says. "It's a lot of very reputable
people who are willing to say that as far as they
can see this voter-verifiable audit trail idea
is the only way you can conceive the necessary
level of confidence in the equipment."
Kevin
Shelley's decision, in late November, to require
a paper trail in California's electronic voting
machines was gutsy -- and some say precipitous.
No paper-equipped touch-screen system has ever
been used in a real election in the state, and
a few election experts have expressed serious
concerns about the viability of such a machine.
Ted Selker, a computer scientist at MIT who has
studied election procedures, fears that the paper
trail would be prone to accidents and attacks:
Paper ballots are tricky to count accurately by
machine, are almost impossible and time-consuming
to count by hand, and, of course, they can easily
be tampered with. It's not clear how the paper
ballots would be made accessible to the blind,
either, and nobody knows how much upgrading to
the paper system would cost. Selker, who worked
on a landmark study of the 2000 election, says
that millions of votes each year are lost because
of faulty registration databases, flawed ballot
design, and poorly trained poll workers. Spending
money on a paper trail rather than to fix these
known problems, he says, is a waste.
Officials
in Shelley's office acknowledge the concerns with
paper, but they insist that voting firms will
overcome them. Most major voting companies, including
Diebold, already say they can build systems that
include a paper trail. "Our perspective is that
voter confidence is paramount in terms of the
election process," Tony Miller, an attorney in
Shelley's office, says. "Even if this costs a
few thousand dollars, the cost of democracy is
not necessarily cheap and it shouldn't be the
determining factor."
David
Dill describes Shelley's decision as "the biggest
breakthrough that the paper trail movement has
had to date," and he says that he's certain "it
will affect the attitude of people in other states."
He was right: In December, Nevada also acted to
require paper receipts. Dill also has high hopes
for the Voter Confidence and Increased Accessibility
Act of 2003, a bill introduced in Congress by
Rep. Rush Holt, a New Jersey Democrat, which would
require a paper trail nationally. Three Democrats
in the Senate -- Barbara Boxer, Hillary Clinton
and Bob Graham -- have each proposed companion
legislation.
But
officials who've already invested in paperless
machines will have a hard time joining the paper-trail
bandwagon. In Georgia, for instance, Cathy Cox
is sticking by her decision. In a speech to the
state's political scientists in November, she
assailed the critics who've lately attacked touch-screen
voting systems, saying they "approach the issue
of election technology as if on a mission to save
humanity from the scourge of a worldwide conspiracy."
But Cox, it should be noted, is massively invested
in the reliability of the Diebold systems she
purchased, having staked her political career
-- and the millions it cost to purchase them --
on the new system.
The
people who insist that Georgia's 2002 election
was stolen may well be wrong. But the attention
that they are focusing on voting machines is anything
but misplaced. An election has to be above suspicion,
even above the suspicion of some of the most suspicious
people in a democracy. Says California's Tony
Miller: "If people don't have confidence in the
voting systems being used, then they lose faith
in the voting process itself."
Topplebush.com
Posted: February 11, 2004
|
