July 30, 2004
LAS VEGAS - One of the nation's leading critics of paperless electronic voting machines issued a challenge Thursday to computer hackers attending their annual Black Hat conference, encouraging them to test whether it's possible to rig an election.
Rebecca Mercuri, a Harvard University-affiliated research fellow, encouraged hackers to inspect software code made available on the Internet by VoteHere, an electronic voting software company based in Bellevue, Wash., and called upon other voting machine vendors to make their codes and products available.
"I'm tired of hearing members of the election community say that no problems have occurred with electronic voting systems when every election there's plenty of newspaper reports of `glitches,'" Mercuri said.
Mercuri said her challenge was in response to a similar bet issued by Michael Shamos, a Carnegie Mellon University computer scientist and voting technology consultant. Shamos has promised $10,000 to anyone who can hack into a voting machine undetected.
Mercuri said Shamos' challenge was impossible since the industry employs restrictive trade secret agreements that make it a felony to examine the equipment even when it's not being used in an election.
But in a telephone interview from Pittsburgh, Shamos dismissed Mercuri's criticism.
"No one is going to take me up on this challenge," Shamos said, adding the question of influencing an election is moot because no one could do it without being detected.
"Anybody can hack into anything," Shamos said. "I can break into a bank. The question is are they going to know the money is gone."
VoteHere founder Jim Adler said his company published the code to its patented election security software hoping people would test it.
Adler said the key to ensuring the integrity of e-voting is detection.
"This is not about preventing fraud. This is about detecting fraud," Adler said. "What you want is to have enough transparency so you can detect when fraud happens."
An estimated 50 million people nationwide will be eligible in November to cast votes on electronic machines, compared with 55 million voters using paper, punch cards or lever machines, according to Election Data Services.
During its Sept. 7 primary, Nevada will be the first in the nation to implement statewide use of touch-screen voting machines that print paper receipts. An official with the manufacturer of those machines, Sequoia Voting Systems, called Mercuri's challenge irresponsible.
"It needs to be reviewed by trusted experts in computer security ... and not by technological vigilantes who want to exploit the technology," said Alfie Charles, a spokesman for the Oakland, Calif.-based Sequoia.
Voting rights advocates and computer scientists have called for stricter auditing procedures to ensure the integrity of votes. They say electronic voting systems expose elections to hackers, software bugs, hardware malfunctions, power outages and even cyber terrorists and that meaningful recounts are impossible without a printed record of every ballot cast.
"Everyone needs to grab an oar and row because we're in trouble," said Bev Harris, executive director of Black Box Voting, a Seattle-based nonprofit consumer protection organization.
Harris has filed a lawsuit in California against electronic voting system manufacturer Diebold Inc., alleging the company's equipment exposed California elections to hackers and software bugs.
"It's better for us to give people a paper and pencil. ... than have a flawed touch-screen system," said Harris, who also addressed the annual conference of computer hackers and security personnel at Caesars Palace hotel-casino. "At least we would have an election that people could have some amount of trust in."
Harris said the country is moving too fast toward electronic voting without taking proper security measures. She said her organization has estimated that up to 10,000 technicians and local election officials will have access to voting data in November.
"No hacking required," Harris said. "We're talking editing here. It can be done with a cut-and-paste command."
The concept of hacking an election has even been made into an upcoming novel, called "The Mezonic Agenda: Hacking the Presidency," and an accompanying computer game, which was on display at the conference.
The object of the game, which is available on the Internet, is to control the fate of a mock U.S. presidential election.
Andrew Williams with Syngress Publishing said his company hopes the book will appeal to security experts and others who are interested in the integrity of electronic voting systems.
"Every single system is hackable," Williams said. "There's no reason to believe this one isn't."