All it takes is the right access.
Get that, and an election worker could manipulate voting results in the computers
that read paper ballots - without leaving any digital fingerprints.
That was the verdict after Leon County Elections Supervisor Ion Sancho invited
a team of researchers to look for holes in election software.
The group wasn't able to crack the Diebold system from outside the office.
But, at the computer itself, they changed vote tallies, completely unrecorded.
Sancho said it illustrates the need for tight physical security, as well as
a paper trail that can verify results, which the Legislature has rejected.
Black Box Voting, the non-profit that ran the test and published a report on
the Internet, pointed to the findings as proof of an elections system clearly
vulnerable to corruption.
But state officials in charge of overseeing elections pooh-poohed the test
process and dismissed the group's report.
"Information on a blog site is not viable or credible," said Jenny
Nash, a spokeswoman for the Department of State.
It went like this:
Sancho figured Leon County's security could withstand just about any sort of
probing and wanted to prove it.
He went to one of the most skeptical - and vocal - watchdogs of election procedures.
Bev Harris, founder of Black Box Voting, had experience with voting machines
across the country.
She recruited two computer-security experts and made the trip to Tallahassee
from her home in Washington state three times between February and late May.
Leon County is one of 30 counties in Florida that use Diebold optical scanners.
Voters darken bubbles on a sheet of paper, sort of like filling in the answers
on the SAT, and the scanners read them and add up the numbers.
So the task was simple. Get in, tamper with vote numbers, and get out clean.
They made their first attempts from outside the building. No success.
Then, they sat down at the vote-counting computers, the sort of access to the
machines an employee might have. For the crackers, security protocols were no
problem, passwords unnecessary.
They simply went around them.
After that, the security experts accomplished two things that should not have
They made 65,000 votes disappear simply by changing the real memory card -
which stores the numbers - for one that had been altered.
And, while the software is supposed to create a record whenever someone makes
changes to data stored in the system, it showed no evidence they'd managed to
access and change information.
When they were done, they printed the poll tapes. Those are paper records,
like cash register tape, that show the official numbers on the memory cards.
Two tapes, with different results. And the only way to tell the fake one?
At the bottom, it read, "Is this real? Or is it Memorex?"
"That was troubling," Sancho said.
Leon County more secure
In Leon County, access to the machines is strictly controlled, limited to a
single employee. The memory cards are kept locked away, and they're tracked
by serial number.
Those precautions help prevent any tampering.
"You've got to have security over the individual who's accessing the system,"
Sancho said. In fact, "you've got to have good security and control over
every step of this process."
The trouble is, not every county is as closely run.
In Volusia County, her group has found what they think was memory-card tampering
during the 2000 election. More than 16,000 votes for Al Gore vanished.
Harris said her research turned up memos - obtained from the elections supervisor's
office - that blamed the failure on an extra memory card that showed up, and
disappeared, without explanation.
She believes that was an attempt to change the outcome of the election, but
one carried out clumsily. The test in Leon County proved it was possible, if
done by more experienced computer programmers, she said.
So what does the Department of State say?
Nash, the spokeswoman, said that the Diebold systems were designed to be used
in secure settings, and that, by giving the testers direct access to the computers,
Sancho had basically allowed them to bypass security.
In other words, not much of a test.
Except that the security experts were given only as much opportunity as any
other election worker would have. Less so, considering that Sancho did not provide
them with passwords or any other way to actually get into the programming.
As for the exact vulnerabilities that Harris reported - and Sancho confirmed
- Nash said no one from the state could comment, since they hadn't been present
at the test.
She added later that Sancho could request help from state certifiers if he
had concerns, but had not asked yet.
To read the entire report, visit www.BlackBoxVoting
Ion Sancho, supervisor of elections, will post a summary of the test results
this weekend at www.leonfl.org/elect/