E-voting system ‘vulnerable to tampering’
Software already used for ballots in several US states is insecure and allows fraudsters to cast multiple votes with relative ease, according to researchers at Johns Hopkins University.
The debacle of the 2000 Presidential election, where allegations of inaccuracy were leveled at Florida’s punch card ballot system, has led several states to adopt touch screen computer systems.
But the technical director of the university’s Information Security Institute, Avi Rubin, warns: “People are rushing too quickly to computerise our method of voting before we know how to do it securely”.
Driven by these concerns, his team of researchers, aided by a computer scientist from Rice University, analysed tens of thousands of lines of programming code purportedly for Ohio-based Diebold Election Systems’ electronic voting equipment, which was posted anonymously on the web earlier this year.
The Diebold system was used in 33 000 stations in Georgia, California, Kansas and other locations last year, and the system is to be rolled out in Maryland.
Vulnerabilities in the system were allegedly uncovered, centering on the use of a ‘smart card’, containing a computer chip that allows voters to cast their vote only once.
However Prof Avin warns that a “15-year-old computer enthusiast could make counterfeit cards in a garage and sell them”, allowing fraudsters to cast multiple votes for their preferred candidate in the privacy of a voting booth.
But Diebold has told NewScientist magazine that the team’s analysis fails to take into account the whole system of software, hardware, services and poll worker training.
The firm adds that the code studied by the John Hopkins team has subsequently been updated and was never used in an actual election.
Prof Avin and his team are quick to point out that there is no evidence that the Diebold system has even been tampered with, but explain they are keen to make their concerns public because of concerns about election fraud in the future.