E-Voting Flaws Could Mean Election Tampering: Analysts

If you thought those hanging chads and other physical ballot problems in 2000 meant an electoral headache for voters, presidential candidates, and ultimately the courts, you almost don't want to know what could happen with one of the touted alternatives. Computer security analysts said Wednesday that electronic voting systems, in and out of cyberspace, are riddled enough with flaws that cyber-vandals could tamper with election results in a number of states in the U.S.

Johns Hopkins University and Rice University researchers told Reuters they found major bugs in a Diebold system that could let voters and poll workers cast multiple ballots, switch others' votes, or even shut an election down early.

"It's unfortunate to find flaws in a system as potentially important as this one," one of the Johns Hopkins researchers, graduate student Tadayoshi Kohno, told Reuters. The news service said the teams found the programs on a Diebold Website at the beginning of this year and think it was the heart of a touch-screen vote system tried in California, Georgia, Kansas, and Maryland in 2002.

The other flaws the teams found, Reuters said, include "spotty" encryption that can let outsiders burrow into the system and change the vote results, not to mention "lack of oversight in the development process," which could let malicious programmers build back doors for tampering. Voters could even create their own fake "smart cards," the lynchpin of the system, to vote more than once or force larger changes when posing as poll workers, Reuters said.

Information Security Institute director Avi Rubin told Reuters the system is so badly flawed as to warrant a complete re-writing, but even then he thinks computers should be kept out of Election Day. "I think voting is too important," he told Reuters, "and computers are too difficult to secure."