WalterM140
June 26th 04, 09:46 PM
It's a culture clash between the election world, which prizes reliability, and
computer scientists, who obsess over security
By Steven Levy
Newsweek
June 28 issue - It's now official: Walden O'Dell is no longer raising funds for
George W. Bush. Why should you care? That was Walden O'Dell's attitude last
year, when he promised, in his role as rainmaker for Ohio's presidential
re-election campaign, to deliver the state to the incumbent. To his surprise,
he learned that lots of people did indeed care—once they realized that his
day job was running Diebold, a company that makes electronic-voting devices
used by millions of voters. So it was prudent for Diebold to adopt a new policy
that banned its executives from outside political work, adopted months ago but
formally announced just recently.
Unfortunately, Diebold hasn't conceded its bigger problem—that the current
generation of computer-voting devices, the ones that many of us will use this
November, are flawed by their inability to verify that the voter's choices are
actually the ones that count in the final tallies.
In a visit last week to NEWSWEEK, O'Dell, whose company is under increasing
pressure as more citizens learn about the details of touch-screen voting (the
League of Women Voters just retracted its support of the technology), presented
a spirited defense. Introducing himself as "Wally," and accompanied by
experienced PR fire-putter-outers, he explained that Diebold, which makes
billions in financial devices like bank ATMs, isn't in the voting game solely
for lucre (though he'd like to see a profit down the line). It's about
patriotism. "In November 2000 we couldn't elect a president," he says. "America
had a problem. We could help."
If touch-screen devices with coherent interfaces replaced confusing systems
like butterfly ballots, he explained, overvoting and unintentional undervoting
could be virtually eliminated. The high-tech devices, equipped with audio
readbacks, could also serve blind voters. So Diebold bought one of the
pioneering companies in the field, and now its elections division is the leader
among several firms selling touch-screen devices. It won contracts to supply
all of Georgia and Maryland. O'Dell has a stack of documents and video
testimonials attesting to the successful elections conducted by his machines
(he didn't mention the March 2 debacle in California, where many polls opened
late because the devices wouldn't boot correctly). "On our very worst day," he
says, "we're 10 times better than what was out there before."
A less rosy perspective emerged last year after a report by Avi Rubin, a Johns
Hopkins University professor who got hold of Diebold voting-machine code that
was unintentionally exposed on the Internet. He found that the security in the
machines was "amateurish" and easily hackable. His findings bolstered the
contentions of a growing movement, spearheaded by computer scientists, that the
machines are "black boxes" providing no assurance that the vote cast is the one
reported, and could in theory be manipulated to swipe an election with total
stealth. A "recount" in that case would rely on the same software that secretly
swiped the votes to begin with, and simply verify the theft.
On one hand, this is a culture clash between the old-school election world,
which prizes reliability and measures success by happy voters, and the computer
scientists, who obsess on the dangers of a catastrophic election heist. O'Dell
does admit "we made mistakes." But he chides the geeks for demanding a level of
security that doesn't reflect the real world. And while he says he will happily
outfit his units with technology for paper vote verification if required, he
notes the possible glitches and inevitable expenses—as much as $1,000 a unit.
Clearly, he believes that no such paper trail is necessary, despite the fact
that the prize of a stolen election is well worth the efforts of a well-funded,
persistent and talented group of attackers. We're protected, he says, because
the code in the devices is vetted by outside companies who certify the devices
before they are used.
But the certification process, says California Secretary of State Kevin
Shelley, is "very deficient." He charges that the companies hired to examine
the software have a conflict of interest, as they work for the manufacturers.
(Shelley, believing that Diebold misled the state during the process, has asked
the attorney general to look into possible civil and criminal penalties.
Diebold denies misconduct.) In any case, computer scientists like Rubin believe
that the companies poring over the code would probably fail to discover any
well-written secret subroutines that could steal votes.
O'Dell claims to be "agnostic" on the necessity of providing voters with
evidence that their choices are the ones reflected in the count. But the
possibility that a future president can attain office mounted on a Trojan horse
isn't a philosophical issue: it's a threat to democracy. It's nice to know that
Wally O'Dell is no longer working to elect one candidate in particular. It
would be even nicer to know, beyond any doubt, that his voting machines
weren't, either.
© 2004 Newsweek, Inc.
computer scientists, who obsess over security
By Steven Levy
Newsweek
June 28 issue - It's now official: Walden O'Dell is no longer raising funds for
George W. Bush. Why should you care? That was Walden O'Dell's attitude last
year, when he promised, in his role as rainmaker for Ohio's presidential
re-election campaign, to deliver the state to the incumbent. To his surprise,
he learned that lots of people did indeed care—once they realized that his
day job was running Diebold, a company that makes electronic-voting devices
used by millions of voters. So it was prudent for Diebold to adopt a new policy
that banned its executives from outside political work, adopted months ago but
formally announced just recently.
Unfortunately, Diebold hasn't conceded its bigger problem—that the current
generation of computer-voting devices, the ones that many of us will use this
November, are flawed by their inability to verify that the voter's choices are
actually the ones that count in the final tallies.
In a visit last week to NEWSWEEK, O'Dell, whose company is under increasing
pressure as more citizens learn about the details of touch-screen voting (the
League of Women Voters just retracted its support of the technology), presented
a spirited defense. Introducing himself as "Wally," and accompanied by
experienced PR fire-putter-outers, he explained that Diebold, which makes
billions in financial devices like bank ATMs, isn't in the voting game solely
for lucre (though he'd like to see a profit down the line). It's about
patriotism. "In November 2000 we couldn't elect a president," he says. "America
had a problem. We could help."
If touch-screen devices with coherent interfaces replaced confusing systems
like butterfly ballots, he explained, overvoting and unintentional undervoting
could be virtually eliminated. The high-tech devices, equipped with audio
readbacks, could also serve blind voters. So Diebold bought one of the
pioneering companies in the field, and now its elections division is the leader
among several firms selling touch-screen devices. It won contracts to supply
all of Georgia and Maryland. O'Dell has a stack of documents and video
testimonials attesting to the successful elections conducted by his machines
(he didn't mention the March 2 debacle in California, where many polls opened
late because the devices wouldn't boot correctly). "On our very worst day," he
says, "we're 10 times better than what was out there before."
A less rosy perspective emerged last year after a report by Avi Rubin, a Johns
Hopkins University professor who got hold of Diebold voting-machine code that
was unintentionally exposed on the Internet. He found that the security in the
machines was "amateurish" and easily hackable. His findings bolstered the
contentions of a growing movement, spearheaded by computer scientists, that the
machines are "black boxes" providing no assurance that the vote cast is the one
reported, and could in theory be manipulated to swipe an election with total
stealth. A "recount" in that case would rely on the same software that secretly
swiped the votes to begin with, and simply verify the theft.
On one hand, this is a culture clash between the old-school election world,
which prizes reliability and measures success by happy voters, and the computer
scientists, who obsess on the dangers of a catastrophic election heist. O'Dell
does admit "we made mistakes." But he chides the geeks for demanding a level of
security that doesn't reflect the real world. And while he says he will happily
outfit his units with technology for paper vote verification if required, he
notes the possible glitches and inevitable expenses—as much as $1,000 a unit.
Clearly, he believes that no such paper trail is necessary, despite the fact
that the prize of a stolen election is well worth the efforts of a well-funded,
persistent and talented group of attackers. We're protected, he says, because
the code in the devices is vetted by outside companies who certify the devices
before they are used.
But the certification process, says California Secretary of State Kevin
Shelley, is "very deficient." He charges that the companies hired to examine
the software have a conflict of interest, as they work for the manufacturers.
(Shelley, believing that Diebold misled the state during the process, has asked
the attorney general to look into possible civil and criminal penalties.
Diebold denies misconduct.) In any case, computer scientists like Rubin believe
that the companies poring over the code would probably fail to discover any
well-written secret subroutines that could steal votes.
O'Dell claims to be "agnostic" on the necessity of providing voters with
evidence that their choices are the ones reflected in the count. But the
possibility that a future president can attain office mounted on a Trojan horse
isn't a philosophical issue: it's a threat to democracy. It's nice to know that
Wally O'Dell is no longer working to elect one candidate in particular. It
would be even nicer to know, beyond any doubt, that his voting machines
weren't, either.
© 2004 Newsweek, Inc.