Investigating Reports,

Watch 128k stream       Watch 256k stream

Electronic Voting Machine Study Exposes Most Serious Security Flaws Ever Documented

A report released earlier this month details what experts are saying are the most serious electronic voting machine flaws ever documented. The author of the report is Harri Hursti. He is a Finnish security expert who analyzed Diebold voting machines for an organization called Black Box Voting. Hursti wrote in the report that the defects in the machines could "cast a serious question over the integrity of the vote” and that “someone could attack the system to selectively disenfranchise groups of voters through denial of service.”

Though the report has received considerable attention, less known is about how the report came to light. Back in March, Bruce Funk, the County Clerk of Emery County, Utah, asked Black Box Voting to analyze Diebold machines the county was considering implementing. When the flaws were exposed, representatives from the Utah Lieutenant Governor’s office, state elections officials and the Attorney General’s office flew into Emery to meet with Funk. They were accompanied by representatives from Diebold who threatened the county with punitive actions for testing their equipment. Bruce Funk was forced to resign.

• Bruce Funk, former County Clerk of Emery County, Utah.
• Professor David Dill, professor of computer science at Stanford University and founder of VerifiedVoting.org.

AMY GOODMAN: Bruce Funk joins us now on the phone from Utah. He was the County Clerk of Emery County for 23 years before he was forced out. And joining us here at Stanford University is Professor David Dill. He’s professor of computer science here at Stanford, also founder and director of verifiedvoting.org, an organization pushing for states to implement voter-verified paper ballots. We welcome you both to Democracy Now! Professor Dill, let me begin with you. The significance of this report that came out?

PROF. DAVID DILL: Basically it says that people can install software on the Diebold machines if they have access to it and if they have the skills to modify the software. And those skills are widely available in our society. It’s difficult to protect machines, because they have to be delivered to polling places and are usually left there overnight before and after the election. Once bad software has been installed on a machine, it's very difficult to know that that's happened, and it’s very difficult to install known good software, because the bad software that’s already there can corrupt the new software that’s being installed.

AMY GOODMAN: And so, what do you mean by installing bad software? What would this software be?

PROF. DAVID DILL: Well, this is hypothetical, I’ll emphasis, but basically if you control the software on the machine, you control the machine. It's like you're inside doing whatever you want to do with obvious bad implications for the trustworthiness of the voting system.

AMY GOODMAN: What could the software do, for example?

PROF. DAVID DILL: Well, somebody could change votes in the software. They could change them during the election as the votes are being cast, after the election. They could change the way the user interface works, so it’s more confusing in subtle ways. They could cause the machine to crash at inconvenient times. Basically anything you could program a computer to do could be done.

AMY GOODMAN: And have we seen this anywhere?

PROF. DAVID DILL: Not that I know of. I think the most frightening thing about electronic voting, in general, is that you can't tell whether something like this has happened. People have said that there's no documented case of electronic voting machines being hacked. That's true, so far as I know. The frightening thing is that there’s no way to know if they have been hacked, so how do we know if the results of our elections are accurate?

AMY GOODMAN: Bruce Funk, can you tell us what happened to you? Tell us what happened in Utah, what you were looking for, why you commissioned an investigation of the machines.

BRUCE FUNK: The reason I requested the investigation was that they started out with the sales rep whose -- the western regional sales representative for Diebold, Dana LaTour, said to elected officials from Utah in a meeting in St. George in 2005 of November that on election day, “some of you are going to hate any guts,” and that was the first keywords that disturbed me. Then, when I asked their top technician here in the state of Utah, I said, “What did she mean by that?” he said that on election day we're going to have some problems, we’re just going to have to work through them. Well, that was my first suspect that something could possibly go wrong, and I wanted to know what?

But the initial thing that led me to getting a hold of Black Box Voting was that when I re-examined the machine, I found a number of them with insufficient backup memory, some as little as four megabytes, whereas a normal machine had anywhere from 27 to 29 megabytes. And so, this is what prompted me to get a hold of Black Box Voting, because the Diebold people weren't giving me any answers. The state officials responsible for elections had no experience with elections or the machines either. And so that's why I sought out advice there. And so I had watched the election happenings for nearly a year, and so at that time I was very familiar with a number of the organizations out there, and I felt that Black Box Voting was the very reputable one, and they would have the possibility of furnishing experts who could exam the machine and tell me exactly what was going on with, particularly at the time, the backup memory. And so, that's kind of how it started.

As a result of that, Black Box Voting had to let some initial findings out, because there were some hazards there, plugs that were easily knocked out of their sockets and exposing wires, and as a result, Diebold, their legal counsel, representatives, the state, who has bought into this program for so tightly -- I can't figure out what the reasons are. Their election office represented from lieutenant governors and their legal counsel held a special meeting with the Emery County Commission, their legal counsel, and they met together, and as a result of that meeting, I was left on the outside, but when I did have a chance to join them, and --

AMY GOODMAN: You were forced out of your job as County Clerk of Emery County?

BRUCE FUNK: Yes. And that's what it ultimately led to, is they -- somewhere in that meeting, something was worked out that if they could terminate me as the election official of Emery County, then they would recertify the machines. And so they changed my locks, effective April 1, and locked me out of my office.

AMY GOODMAN: How long had you been in your job?

BRUCE FUNK: 23 years.

AMY GOODMAN: Professor Dill, what do you think of the significance of this?

PROF. DAVID DILL: Well, I think Bruce Funk is the only person who’s really done his job. We are constantly re-assured about the processes to certify these machines at the federal level. Several different states have supposedly inspected them. Several studies have been commissioned. And this was the only point where the security flaw was really revealed to the public, through the efforts of a private organization and one county clerk. There's a real shoot-the-messenger mentality here. I think we've got a very bad situation if when the people who do their jobs really well are punished for doing so, especially at the behest of a vendor who was embarrassed by that person discovering a flaw in their product.

AMY GOODMAN: And explain what exactly the flaw was.

PROF. DAVID DILL: I’ve really been asked not to go into great detail about this, not that I could. I could speculate about it, but a number of computer scientists who are experts on this have asked other people not to speculate in great detail about what could be going on, because the flaw is sufficiently dangerous, they don't want the knowledge out there widely. The most detailed report is available at the Black Box Voting website, and what it describes is basically several different levels at which different kinds of software can be installed in the machine, and normally what you would expect is at least a password that is not widely known, that would have to be given in order to prevent the software from being installed, and apparently the machines don't even have that requirement. So if you put the files in the right place, and they have certain simple properties, the machine will happily install them.

AMY GOODMAN: Why isn't there more outrage about this?

PROF. DAVID DILL: I think -- well, it's gotten actually a fair amount of national news coverage compared to a lot of e-voting problems. I think that there are a lot of people who would be embarrassed if this were more widely known, and I think that they would prefer that it not be discussed in great deal. It has, however, gotten a lot of national news coverage. I do want people to think about this in the right way. This is a bad security problem, but if you step back a little bit, it's not a lot different from what we had before we knew about this problem, which is that you have a bunch of machines that basically you don't know what they’re doing, you don’t know whether they’re recording the votes accurately, and there's no way to check during the election or after the fact. So this is one of what’s going to be an infinite series of security crises.

AMY GOODMAN: Let me read to you from a Newsweek piece by Steven Levy, "Will Your Vote Count in 2006?" which, of course, quotes you saying, “When you’re using a paperless voting system, there’s no security.” But it quotes Diebold Election Systems spokesperson David Bear, who says that “Hursti’s findings do not represent a fatal vulnerability in Diebold technology, but simply note the presence of a feature that allows access to authorized technicians to periodically update the software. If it so happens that someone not supposed to use the machine -- or an election official who wants to put his or her thumb on the scale of democracy -- takes advantage of this fast track to fraud, that's not Diebold's problem.” Bear says, the Diebold spokesperson, “[Our critics are] throwing out a ‘what if’ that’s premised on a basis of an evil, nefarious person breaking the law.”

PROF. DAVID DILL: I’m always speechless when I hear or read that quote. But I’m trying to think of the right analogy. It's like someone issuing me burglary tools so I can get into my house more conveniently. What it does is compromise me. You know, it casts doubt on every election and every election official, regardless of how honest they are. So it's heartwarming that Diebold has this much confidence in our election officials, but I think that our election officials would probably prefer to see the elections protected by the equipment.

AMY GOODMAN: Bruce Funk, are you sorry you did what you did? You’ve lost your job. You had it for almost a quarter of a century.

BRUCE FUNK: No, I don’t. I knew at the time, in watching Harri Hursti go through these machines, that it was the right thing to do, and despite the outcome. And watching that, I had the same concerns as Professor Dill there, in that the vulnerability of these machines were what really concerned me, because as an election official, you can't have something there that even questions whether it can be hacked, and you're going to be accountable for that, and they’re going to accuse you of that. And you don't even want that option there.