Scientists Tests Hack Into Electronic Voting Machines in California and Elsewhere
scientists from California universities have hacked into three
electronic voting systems used in California and elsewhere in the
nation and found several ways in which vote totals could potentially be
altered, according to reports released yesterday by the state.
The reports, the latest to raise questions about electronic voting
machines, came to light on a day when House leaders announced in
Washington that they had reached an agreement on measures to revamp
voting systems and increase their security.
The House bill would require every state to use paper records that
would let voters verify that their ballots had been correctly cast and
that would be available for recounts.
The House majority leader, Representative Steny H. Hoyer,
Democrat of Maryland, and the original sponsor of the bill,
Representative Rush D. Holt, Democrat of New Jersey, said it would
require hundreds of counties with paperless machines to install backup
paper trails by the presidential election next year while giving most
states until 2012 to upgrade their machines further.
Critics of the machines said that some of the measures would be
just stopgaps and that the California reports showed that security
problems needed to be addressed more urgently.
The California reports said the scientists, acting at the states
request, had hacked into systems from three of the four largest
companies in the business: Diebold Election Systems, Hart InterCivic
and Sequoia Voting Systems.
Thousands of their machines in varying setups are in use.
The reports said the investigators had created situations for each
system in which these weaknesses could be exploited to affect the
correct recording, reporting and tallying of votes.
Voting experts said the review could prompt the California secretary
of state, Debra Bowen, to ban the use of some of the machines in the
2008 elections unless extra security precautions were taken and the
election results were closely audited.
Matthew A. Bishop, a professor of computer science at the University of California,
Davis, who led the team that tried to compromise the machines, said his
group was surprised by how easy it was not only to pick the physical
locks on the machines, but also to break through the software defenses
meant to block intruders.
Professor Bishop said that all the machines had problems and that
one of the biggest was that the manufacturers appeared to have added
the security measures after the basic systems had been designed.
By contrast, he said, the best way to create strong defenses is to build security in from the design, in Phase 1.
The reports also said the investigators had found possible problems
not only with computerized touch-screen machines, but also with optical
scanning systems and broader election-management software.
Professor Bishop and state officials cautioned that the tests had
not taken into account the security precautions that are increasingly
found in many election offices. Limits on access to the voting systems
and other countermeasures could have prevented some intrusions,
Professor Bishop and the officials said.
Industry executives said that the tests had not been conducted in a
realistic environment and that no machine was known to have been hacked
in an election. The executives said they would present more detailed
responses on Monday at a public hearing.
Ms. Bowen said yesterday that it was vital for California to have
secure machines for its presidential primary in February. She said she
would announce by next Friday what actions she would take.
The findings could reverberate in Washington, where the full House
still has to vote on the measure and the Senate plans to take up a
similar bill this year.
Concerned about security, House and Senate Democratic leaders said
they wanted to require a shift to paper ballots and other backup
records to increase confidence that votes would be accurately counted.
State and local officials have argued that it is too late to make
many of the changes without creating chaos next year. Advocates for the
blind and other disabled voters say better equipment needs to be
developed to enable them to vote without help from poll workers, as
federal law requires.
In trying to balance all the concerns, Mr. Hoyer and Mr. Holt
decided to delay the most sweeping change, a requirement that every
ballot be cast on an individual durable piece of paper, from next year
To ensure that all machines would have some paper backup, they
agreed to require hundreds of counties in 20 states to add
cash-register-style printers to their touch-screen machines for 2008
and 2010 or switch to optical-scanning systems that count paper
ballots. New York, which has delayed replacing its lever machines,
would have to buy a new system by November 2008.
Advocates for the disabled praised the compromise. For many disabled
people to vote independently, the advocates said, the touch-screen
machines need to be modified to include audio files that can read back
the completed ballots, while the ballot-marking devices used with the
optical scanning systems have to be changed to feed ballots
Ralph G. Neas, president of People for the American Way, a group
that helped broker the deal, said the bill offered hope for an end to
unaccountable, unverifiable and inaccessible voting.
Mr. Holt said the measure could keep the country from going through another election where Americans doubt the results.
Critics say the California findings suggest that Congress should
press for a quicker shift from the touch screens to optical scanning,
in which voters mark paper ballots. Advocates of those systems say that
the paper ballots would be less vulnerable to manipulation than the
paper trails generated by the touch-screen computers and that they
would hold up better for manual recounts.
Correction: July 31, 2007
Because of an editing error, an article on Saturday about three electronic voting systems that were hacked in California
misstated a requirement in a House bill meant to ensure that there is a
paper record of each vote cast in the 2008 and the 2010 federal
elections. It gives counties that now have paperless touch-screen
machines the option of attaching printers to them or switching to
optical-scanning systems that count paper ballots. Attaching printers
is not the only choice.
Also, the article gave an incorrect spelling in some copies for the
given name of Californias secretary of state, who said her state must
have secure machines for its presidential primary in February. She is
Debra Bowen, not Deborah.