stephen_g22
Member
http://www.chron.com/cs/CDA/ssistory.mpl/nation/2092678
Possible flaw triggers electronic voting concerns
Associated Pre
BC-Electronic Voting, Bjt,0836
Apparent security hole in primary highlights danger of electronic voting
Eds: Also moving on advance lines.
By RACHEL KONRAD AP Technology Writer
SAN JOSE, Calif. (AP) -- The strange case of an election tally that appears to have popped up on the Internet hours before polls closed is casting new doubts about the trustworthiness of electronic voting machines.
During San Luis Obispo County's March 2002 primary, absentee vote tallies were apparently sent to an Internet site operated by Diebold Election Systems Inc., the maker of the voting machines used in the election.
At least that's what timestamps on digital records showed.
County election officials say the unexplained gaffe probably didn't influence the vote, and Diebold executives -- who only recently acknowledged the lapse -- say voters should have confidence in the election process.
But computer programmers say the incident is further evidence that electronic voting technology could allow a politically connected computer hacker to monitor balloting and, if the vote was going the wrong way, mobilize voters to swing the election.
"If you're at the state party headquarters and you know how the vote is going in a county, you can allocate scarce resources to the county where you're losing by a close margin," said Jim March, a computer system administrator from Milpitas who examined ballot results that ended up on a Diebold site without password protection. "This data is incredibly valuable to a campaign manager."
Silicon Valley computer experts have long criticized touch-screen voting machines, which do not normally provide a paper receipt and which send digital votes directly to a computer server. Programmers say software bugs, power outages or clever hackers could easily delete or alter data -- and recounts would prove impossible without paper backups.
San Luis Obispo County relies on the more popular "optical scan" system used in 34 of California's 58 counties.
Programmers say the March 2002 incident casts suspicion on any election system that depends on computers -- even the relatively low-tech optical scan, which relies on paper ballots and uses computers only to store and send data.
Voters who cast optical scan ballots typically use a pencil to fill in a bubble near their candidate's name on a sheet of paper, similar to standardized tests. Poll workers feed the ballots into a scanner, which records results on a precinct computer.
After polls close, results are sent to a central server via modem. Anytime modems are involved, hackers get an opportunity to intercept data, computer security experts say.
March said he found absentee ballot totals from 57 of 164 San Luis Obispo County precincts in an easily accessible File Transfer Protocol site operated by North Canton, Ohio-based Diebold. The votes were time-stamped at 3:31 p.m. on March 5, 2002 -- more than four hours before polls closed.
By law, election officials cannot release tallies until voting is finished -- typically 8 p.m. on election day. Activists discovered the data in January.
Diebold, which won't say when the data showed up on the site, acknowledged the incident and says it is investigating how the data ended up on a public Internet site.
Deborah Seiler, Diebold's West Coast sales representative, said Diebold engineers may have published the results as part of a test -- possibly days, weeks or months after the county primary, regardless of the time stamp. She said a system of checks and balances safeguards Diebold's 33,000 voting machines nationwide from fraud.
"These activists don't understand what they're looking at," Seiler said.
County election officials insist the primary was fair. No one has called for a criminal investigation or recount. Most local supervisors were running unopposed, and the winning candidates and proposals enjoyed large margins.
County clerk-recorder Julie L. Rodewald said she was "concerned" about the results winding up online, but she has no plans to get rid of Diebold equipment.
March questioned why San Luis Obispo County's server connected to a Diebold server at all -- particularly if it dialed out while polls were open. He said the "phone home" incident could have been the work of an incompetent or malicious Diebold insider, or an outside hacker. Any astute campaign manager could have profited, he said.
Kim Alexander, president of the Davis, Calif.-based nonprofit California Voter Foundation, said computers have benefited the election process by speeding vote counts. But technology has complicated poll workers' jobs, and the San Luis Obispo County incident and other mysterious errors have raised alarming security concerns.
"In our quest to deliver faster, more accurate election results, we've left the voting process wide open to new forms of attack and mismanagement," Alexander said.
Possible flaw triggers electronic voting concerns
Associated Pre
BC-Electronic Voting, Bjt,0836
Apparent security hole in primary highlights danger of electronic voting
Eds: Also moving on advance lines.
By RACHEL KONRAD AP Technology Writer
SAN JOSE, Calif. (AP) -- The strange case of an election tally that appears to have popped up on the Internet hours before polls closed is casting new doubts about the trustworthiness of electronic voting machines.
During San Luis Obispo County's March 2002 primary, absentee vote tallies were apparently sent to an Internet site operated by Diebold Election Systems Inc., the maker of the voting machines used in the election.
At least that's what timestamps on digital records showed.
County election officials say the unexplained gaffe probably didn't influence the vote, and Diebold executives -- who only recently acknowledged the lapse -- say voters should have confidence in the election process.
But computer programmers say the incident is further evidence that electronic voting technology could allow a politically connected computer hacker to monitor balloting and, if the vote was going the wrong way, mobilize voters to swing the election.
"If you're at the state party headquarters and you know how the vote is going in a county, you can allocate scarce resources to the county where you're losing by a close margin," said Jim March, a computer system administrator from Milpitas who examined ballot results that ended up on a Diebold site without password protection. "This data is incredibly valuable to a campaign manager."
Silicon Valley computer experts have long criticized touch-screen voting machines, which do not normally provide a paper receipt and which send digital votes directly to a computer server. Programmers say software bugs, power outages or clever hackers could easily delete or alter data -- and recounts would prove impossible without paper backups.
San Luis Obispo County relies on the more popular "optical scan" system used in 34 of California's 58 counties.
Programmers say the March 2002 incident casts suspicion on any election system that depends on computers -- even the relatively low-tech optical scan, which relies on paper ballots and uses computers only to store and send data.
Voters who cast optical scan ballots typically use a pencil to fill in a bubble near their candidate's name on a sheet of paper, similar to standardized tests. Poll workers feed the ballots into a scanner, which records results on a precinct computer.
After polls close, results are sent to a central server via modem. Anytime modems are involved, hackers get an opportunity to intercept data, computer security experts say.
March said he found absentee ballot totals from 57 of 164 San Luis Obispo County precincts in an easily accessible File Transfer Protocol site operated by North Canton, Ohio-based Diebold. The votes were time-stamped at 3:31 p.m. on March 5, 2002 -- more than four hours before polls closed.
By law, election officials cannot release tallies until voting is finished -- typically 8 p.m. on election day. Activists discovered the data in January.
Diebold, which won't say when the data showed up on the site, acknowledged the incident and says it is investigating how the data ended up on a public Internet site.
Deborah Seiler, Diebold's West Coast sales representative, said Diebold engineers may have published the results as part of a test -- possibly days, weeks or months after the county primary, regardless of the time stamp. She said a system of checks and balances safeguards Diebold's 33,000 voting machines nationwide from fraud.
"These activists don't understand what they're looking at," Seiler said.
County election officials insist the primary was fair. No one has called for a criminal investigation or recount. Most local supervisors were running unopposed, and the winning candidates and proposals enjoyed large margins.
County clerk-recorder Julie L. Rodewald said she was "concerned" about the results winding up online, but she has no plans to get rid of Diebold equipment.
March questioned why San Luis Obispo County's server connected to a Diebold server at all -- particularly if it dialed out while polls were open. He said the "phone home" incident could have been the work of an incompetent or malicious Diebold insider, or an outside hacker. Any astute campaign manager could have profited, he said.
Kim Alexander, president of the Davis, Calif.-based nonprofit California Voter Foundation, said computers have benefited the election process by speeding vote counts. But technology has complicated poll workers' jobs, and the San Luis Obispo County incident and other mysterious errors have raised alarming security concerns.
"In our quest to deliver faster, more accurate election results, we've left the voting process wide open to new forms of attack and mismanagement," Alexander said.
.