'Stunning Flaws' in High-Tech Voting

NEW YORK -- The software that runs many high-tech voting machines contains serious flaws that would allow one person to cast multiple votes and permit poll workers to alter ballots without being detected, computer security researchers said last week.

"We found some stunning, stunning flaws," said Aviel Rubin, technical director of the Information Security Institute at Johns Hopkins University, who led a team that examined the software from Diebold Election Systems, which has about 33,000 voting machines operating in the United States.

The systems, in which voters are given chip-embedded smart cards to operate the machines, could be tricked by anyone with $100 worth of computer equipment, said Adam Stubblefield, a co-author of the paper reporting the flaws.

"With what we found, practically anyone in the country -- from a teenager on up -- could produce these smart cards that could allow someone to vote as many times as they like," he said.

The software was initially obtained by critics of electronic voting, who discovered it on a Diebold Internet site in January. This is the first review of the software by recognized computer security experts.

A spokesman for Diebold, Joe Richardson, said the company could not comment in detail until it had seen the full report. He said that the software on the site was "about a year old" and that "if there were problems with it, the code could have been rectified or changed" since then. The company, he said, puts its software through rigorous testing.

"We're constantly improving it so the technology we have 10 years from now will be better than what we have today," Richardson said.

The move to electronic voting, which intensified after the troubled Florida presidential balloting in 2000, has been a source of controversy among security researchers. They argue that the companies should open their software to public review to be sure it operates properly.

Richardson of Diebold said the company's voting-machine source code, the basis of its computer program, had been certified by an independent testing group. Outsiders might want more access, he said, but "we don't feel it's necessary to turn it over to everyone who asks to see it, because it is proprietary."

Diebold is one of the most successful companies in this field. Georgia and Maryland are among its clients, as are many counties around the country. Based in North Canton, Ohio, and an industry leader, Diebold has been the focus of much of the controversy over high-tech voting. Some people, in comments widely circulated on Internet bulletin boards, contend that the company's software has been designed to allow voter fraud. Rubin called such assertions "ludicrous" and said the software flaws showed the hallmarks of poor design, not subterfuge.

Among other things, the researchers said, ballots could be altered by anyone with access to a machine, so that a voter might think he was casting a ballot for one candidate while the vote was recorded for the opponent.

The kind of scrutiny that the researchers applied to the Diebold software would turn up flaws in all but the most rigorously produced software, Stubblefield said. But the standards must be as high as the stakes, he said.

"This isn't the code for a vending machine," he said. "This is the code that protects our democracy."

Still, things that seem troubling in coding may not be as big a problem in the real world, Richardson said. For example, counties restrict access to the voting machines before and after elections, he said. While the researchers "are all experts at writing code, they may not have a full understanding of how elections are run." But Douglas Jones, an associate professor of computer science at the University of Iowa, said he was shocked to discover flaws cited in Rubin's paper that he had mentioned to the system's developers about five years ago as a state elections official.

"To find that such flaws have not been corrected in half a decade is awful," he said. Software designed by other voting machine companies might be flawed as well, he said.