November 03, 2008, 9:56 AM — Voting machines of all stripes have remarkably similar flaws and though geographically scattered, inaccurate tallies of votes are not likely to flip a whole presidential election, there is a "nightmare scenario" that could. Meanwhile on the state level, security issues have already popped up in the wake of various states' deployments of direct-recording electronic (DRE) voting machines.
Edward Felten, a go-to expert witness on some of the major security and software issues of our time, tackles these and other e-voting topics in the following interview.
Felten is professor of computer science and director of the Center for Information Technology Policy at Princeton University in New Jersey, a state where he has given testimony in a class-action lawsuit involving voting machines. The suit, Gusciora v. McGreevy, was filed in 2004 and charges that DREs are illegal. It cites state law concerning accurate vote counting, but will not be resolved before the November elections.
Felten has been actively involved in a variety of major security and software cases and issues. In 2006, he and several students were able to hack into a Diebold Election Systems (now Premier Election Solutions) voting machine, and reported on the results. Felten was also involved in the U.S. government's antitrust case against Microsoft.
The IDG News Service interviewed Felten in his Princeton office a week before the 2008 presidential election. A Sequoia AVC Advantage voting machine, bought on the Internet and studied by his colleagues, was parked in a conference room around the corner. An edited transcript of the interview follows:
IDGNS: The New Jersey voting machine case revolves around Sequoia machines; you also hacked into a Diebold machine a few years ago and reported your findings. Are there different types of problems to expect depending on the machine manufacturer?
Felten: It's actually been remarkable how similar the problems have been from one manufacturer to another. There have been quite a few machines studied now by independent computer scientists. You see a lot of the same problems across the board.
IDGNS: What are those problems?
Felten: You see issues with the security and reliability of the machines, and that basically all comes down to the fact that the machines are computers and store the records of votes only in electronic memories that the voter can't see. And so there's a problem of how you can be sure that the software is recording correctly, in the way that the voter wanted them to be.
IDGNS: How hard was it to hack into the Diebold machine?
Felten: It's something that anybody who has technical skill could do, something that say, any of our computer science majors here would have the technical skill to do. What we showed was all that someone would need is physical access to a machine or to one of the removable memory cards that it uses for about a minute, and then the machines were susceptible to computer viruses of the same general type you see on PCs.
IDGNS: I'd be curious to know what poll observers can do in those states where there is e-voting with no paper audit trail, for example right here in New Jersey, to find out if voters are experiencing problems?
Felten: One thing to do obviously is to just be alert and look for behaviors that aren't supposed to happen: To check the records that the machines do make at the beginning and the end of the day and make sure that everything is as it should be, and that the numbers add up and are consistent and so on, but especially just watching to see if anything unusual happens and then recording what does happen. There's one more thing actually that is important to do, and that is to make sure the machines are guarded, that the machines are not left unprotected so that someone could get access to them.
IDGNS: The Democrats apparently have an army of lawyers fanning out across the country. What, if anything, can they do if there are claims of e-voting problems in those states where there is no paper trail?
Felten: It depends on the nature of the problems. Some kinds of problems might be evident, if there are votes that are missing, that are garbled in the electronic records: That would be something that is evident, and then you would have a fight about what would be done to remedy the problem. Other kinds of potential problems might take more technical investigation to get to the bottom of, and you could imagine scenarios then when there has to be some kind of investigation to figure out, as best you can, what actually happened.
IDGNS: How widely do you expect post-election audits to be conducted in states where there is e-voting with a paper trail?
Felten: In a lot of places we won't have post-election audits unless there's some recount declared or some other reason to suspect something is wrong, and I think that's unfortunate, because I think that if you're going to keep the paper and electronic records of each vote you ought to do at least some checking to make sure that they're consistent. A paper record that you never look at doesn't do much as a quality control mechanism.
IDGNS: Do you think random checks are necessary?
Felten: Random checks, random audits for sure are valuable. Most of the plausible post-election audit systems involve some kind of randomness. Just because it's super-expensive to recount all of the ballots by hand, it's something you only want to do when it's absolutely necessary. But if you pick randomly and pick randomly in the right way, you can still have high confidence that if there is a problem that's big enough to affect an election result, you could find it.
IDGNS: Whatâ€™s your concept of an ideal, "crack-proof" voting system?
Felten: There's a lot of things that could be done better than today's systems to protect systems against tampering. Ultimately the protections have to be out of the voting machine itself, and the whole voting process has to be designed so that human processes of oversight and observation can help to secure the system. You won't be able to necessarily prevent the machine from being tampered with, but you can hope to notice the tampering and hope to be able to figure out what the voters really wanted to do regardless of tampering.
IDGNS: What's the biggest concern with e-voting -- is it the sort of undetectable hacking you and your students demonstrated, voter error like touching the wrong button, flat-out attempts by one side or the other to steal elections? What's the most likely problem to crop up?
Felten: The most likely problem due to e-voting is likely just to be an engineering error or a bug or a misconfiguration of something that leads to votes either being lost or being put in the wrong column by mistake. So, not malice but just the kind of garden-variety computer problems that we all are used to cropping up on the voting machines.
IDGNS: There are some accounts of e-voting problems making the rounds of the blogs, with some of the more hysterical accounts talking about potential stealing of the election. Does that sort of paranoia diminish legitimate concerns about the everyday problems you're talking about?
Felten: I think that they may if people go too far in claiming that there have been problems. But we don't want to lose sight of the fact that tampering with an election is a technical possibility today. It's something that is feasible, so we can't just rule it out, out of hand. We need to, while remembering that unintentional error is far more likely, that this is a problem we need to fix, and that it's not really acceptable I think, going forward, to have a whole chain of elections that are vulnerable to tampering.
IDGNS: So how worried should people really be, ultimately, about all this?
Felten: I think it's important for people to keep their eyes open and recognize that things may go wrong, but I think the most important thing for the typical citizen is to work toward having a better system next time. As we come up on the current election it's too late to change much of anything. But there are a lot of elections down the road that are equally as important to get right, and this is the time to start working to get your public official to adopt a better system.
IDGNS: Keeping in mind that the presidential election in 2000 actually was ultimately won by about 500 votes in Florida, how likely do you think it is that a voting machine malfunction could throw the election?
Felten: As you said, the first prerequisite for this has to be an election that's really close to start with. Close enough that a relatively small error might potentially flip it. But that kind of is the nightmare scenario: that you have an election that's extremely close and decided by a relatively small margin in one or two states, and that there are e-voting irregularities in those places so that there is genuine doubt about what the voters actually meant to do.
IDGNS: So you'd need a perfect storm of things coming together for a machine malfunction to actually throw an election.
Felten: For a machine malfunction to throw a presidential election you would have to have circumstances like this. But of course there are a lot of elections going on at the state and local level as well. We've seen instances in the past where elections were ruined by electronic voting errors or almost ruined, and only a paper trail was able to determine who actually won the election. So it wouldn't be too surprising to see some problem like that somewhere in this election. Although the chances of it happening in the presidential election seem relatively small, still.
IDGNS: There have been reports that voters in Charleston saw votes flip from the Democratic to the Republican side -- they pressed on the button for Democrats and saw the X light up on the Republican side. What do you make of that?
Felten: One possibility is the calibration of the touch-screen voting machine. Basically a touch-screen device needs to be set up so that it accurately detects what position on the screen is being touched. If you have a cell phone that has a touch screen on it, often there is this process you go through at the beginning where it shows crosshairs and you have to touch those so that it can learn which electrical signals correspond to which positions on the screen. And if you don't get that right then it will feel a touch in a different place than where the touch actually happened. That's one explanation for these vote flips that are recorded, but of course there could be other things causing it too -- you can't really tell without more of an examination.