|
Computer scientists from California universities have hacked into three electronic voting systems used in California and elsewhere in the nation and found several ways in which vote totals could potentially be altered, according to reports released yesterday by the state.
The reports, the latest to raise questions about electronic voting machines, came to light on a day when House leaders announced in Washington that they had reached an agreement on measures to revamp voting systems and increase their security.
The House bill would require every state to use paper records that would let voters verify that their ballots had been correctly cast and that would be available for recounts.
The House majority leader, Representative Steny H. Hoyer, Democrat of Maryland, and the original sponsor of the bill, Representative Rush D. Holt, Democrat of New Jersey, said it would require hundreds of counties with paperless machines to install backup paper trails by the presidential election next year while giving most states until 2012 to upgrade their machines further.
Critics of the machines said that some of the measures would be just stopgaps and that the California reports showed that security problems needed to be addressed more urgently.
The California reports said the scientists, acting at the state's request, had hacked into systems from three of the four largest companies in the business: Diebold Election Systems, Hart InterCivic and Sequoia Voting Systems.
Thousands of their machines in varying setups are in use.
The reports said the investigators had created situations for each system "in which these weaknesses could be exploited to affect the correct recording, reporting and tallying of votes."
Voting experts said the review could prompt the California secretary of state, Debra Bowen, to ban the use of some of the machines in the 2008 elections unless extra security precautions were taken and the election results were closely audited.
Matthew A. Bishop, a professor of computer science at the University of California, Davis, who led the team that tried to compromise the machines, said his group was surprised by how easy it was not only to pick the physical locks on the machines, but also to break through the software defenses meant to block intruders.
Professor Bishop said that all the machines had problems and that one of the biggest was that the manufacturers appeared to have added the security measures after the basic systems had been designed.
By contrast, he said, the best way to create strong defenses is "to build security in from the design, in Phase 1."
The reports also said the investigators had found possible problems not only with computerized touch-screen machines, but also with optical scanning systems and broader election-management software.
Professor Bishop and state officials cautioned that the tests had not taken into account the security precautions that are increasingly found in many election offices. Limits on access to the voting systems and other countermeasures could have prevented some intrusions, Professor Bishop and the officials said.
Industry executives said that the tests had not been conducted in a realistic environment and that no machine was known to have been hacked in an election. The executives said they would present more detailed responses on Monday at a public hearing.
Ms. Bowen said yesterday that it was vital for California to have secure machines for its presidential primary in February. She said she would announce by next Friday what actions she would take.
The findings could reverberate in Washington, where the full House still has to vote on the measure and the Senate plans to take up a similar bill this year.
Concerned about security, House and Senate Democratic leaders said they wanted to require a shift to paper ballots and other backup records to increase confidence that votes would be accurately counted.
|
|
