Aviel Rubin, 09.04.06, 12:00 AM ET
You don't like hanging chads? Get ready for cheating chips and
doctored drives.
I am a computer scientist. I own seven Macintosh computers, one
Windows machine and a Palm Treo 700p with a GPS unit, and I chose my
car (Infiniti M35x) because it had the most gadgets of any vehicle in
its class. My 7-year-old daughter uses e-mail. So why am I advocating
the use of 17th-century technology for voting in the 21st century--as
one of my critics puts it?
The 2000 debacle in Florida spurred a rush to computerize voting. In
2002 Congress passed the Help America Vote Act, which handed out $2.6
billion to spend on voting machines. Most of that cash was used to
acquire Direct Recording Electronic voting machines.
Yet while computers are very proficient at counting, displaying
choices and producing records, we should not rely on computers alone
to count votes in public elections. The people who program them make
mistakes, and, safeguards aside, they are more vulnerable to
manipulation than most people realize. Even an event as common as a
power glitch could cause a hard disk to fail or a magnetic card that
holds votes to permanently lose its data. The only remedy then: Ask
voters to come back to the polls. In a 2003 election in Boone County,
Ind., DREs recorded 144,000 votes in one precinct populated with fewer
than 6,000 registered voters. Though election officials caught the
error, it's easy to imagine a scenario where such mistakes would go
undetected until after a victor has been declared.
Consider one simple mode of attack that has already proved effective
on a widely used DRE, the Accuvote made by Diebold (nyse: DBD - news -
people ). It's called overwriting the boot loader, the software that
runs first when the machine is booted up. The boot loader controls
which operating system loads, so it is the most security-critical
piece of the machine. In overwriting it an attacker can, for example,
make the machine count every fifth Republican vote as a Democratic
vote, swap the vote outcome at the end of the election or produce a
completely fabricated result. To stage this attack, a night janitor at
the polling place would need only a few seconds' worth of access to
the computer's memory card slot.
MORE >>>
http://www.forbes.com/forbes/2006/0904/040.html?partner=alerts&_requestid=2972