Q&A: Go back to paper ballots, says e-voting expert

Avi Rubin, a Maryland elections judge and professor, cites security woes

Avi Rubin is unique in that he is both a professor of computer science who specializes in e-voting security issues and someone who directly participates in the electoral process as a Maryland elections judge. His interest in e-voting began when he co-authored a study of Diebold Election Systems Inc. touch-screen voting software, released in July 2003. Rubin is also the author of Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting. The book, released this month, is highly critical of the security of e-voting machines used across the nation. Rubin, a professor at Johns Hopkins University, participated as an election judge in last week's primary in Baltimore County and detailed his experiences in a blog.

This week, Rubin talked with Computerworld about e-voting, last week's elections and his new book. Excerpts from that interview follow:

Can you talk about that original study you made of Diebold's AccuVote TS machine code? The software in the AccuVote TS machine was really bad. One comment I made at the time was that if a student had turned in a program like that, he'd have gotten an F. It had outdated encryption, which was used in [the] wrong places and in the wrong mode of operation. The list goes on and on. Some [glitches] are comical. Diebold said they have a new system that fixes them, but I have no way to find out. That's their track record -- they're always saying, "It's an old system." They're saying that about the Princeton study. We asked for the new machines but were never given access. All I can say is that they say they fixed them, but I can't tell if they did, and some of the fixes are nontrivial.

What's the main point made in your book? It says the country moved too quickly to e-voting and there are security and transparency problems and it was a big mistake. It's a first-person narrative, and an exciting story of what happened that blends together all the issues. I have two chapters devoted to my experience as an election judge in 2004. One thing that came out of that was that people were always saying, "He might know a lot about computers, but doesn't understand how elections work." I have a good understanding of how elections work now. It also gave me a lot of credibility with the federal Election Assistance Commission.

What happened in last week's primary election in Maryland? There were problems in Baltimore County, as there were in Montgomery County, correct? The problems weren't as bad in Baltimore County. The e-poll books were crashing a lot, and some precincts didn't get their voter access cards. We had 10 minutes of waiting time, and at some point, up to an hour, and that was too long. One voting machine crashed. One froze up when tallying the votes and then 10 minutes later came back online.

What are the Diebold electronic poll books? They are like a laptop with a smart card and a soft keyboard on the screen where you touch the letters. They control whether or not you get to vote. You put a smart card into an e-polling book. When the voter comes in, you enter the name and the voter registration pops up and tells you whether or not they voted already. Several were connected by a hub using Ethernet cable and the theory is that they update each other. We tested them and they weren't working very well. I put in the name of someone that had been checked in [by] another machine 20 minutes before and it didn't show that person as having voted. After a while, the names would show up, but they crashed so badly we had to take one off-line. We couldn't check them and had no control over them.

You mentioned there were problems with the AccuVote security tags? They're yellow tags similar to ones you can get at Home Depot, and Diebold claims they prevent someone from installing a virus. They have nubs that click and can be pulled only in one direction. The tags are placed on the outside case that holds the voting machine. They have numbers on them, and the election judges have a book with the numbers to match the right tags to the machines. Two didn't match the machines, so we called the elections board and they called us back and told us to use them. It's likely they delivered the wrong two machines. This must be commonplace. But if they're going to claim that this is secure, you have to respect the seal.

There were problems with the power, too? What happened was, I plugged in one machine to the wall and daisy chained the rest of them. But the plug had no power, and we didn't realize it for a couple of hours. There are four hours of battery power, and after that they all would have crashed if I hadn't noticed they were all going down. It would have been a mess -- we wouldn't have known what state they were in when they crashed. If they lose power, it's not clear the information will come back, like with a hard drive.

There was a Diebold rep there, right? He'd been employed by Diebold for 24 hours. He'd done six hours of training with 80 other people after he'd been hired off the street the day before the election. I knew more than he did, and everything he tried didn't work. He just sat around, and at 4 p.m. he said, "I'm going home." What Diebold did was disrespectful of the process of voting.

There were also problems with the security tape, correct? The tamper-tape is on the inside of the machine over the bay that holds the memory card -- which is like the one in a digital camera. I noticed one machine had frozen and I couldn't get it to work, so we decided to reboot it. To get at the on/off switch, we pulled off the tamper tape, and opened the bay. Inside, I could see the memory card. We closed it up and put the tape back on and I looked at it and it looked the same. I said, "Isn't the whole point of the tape that you can't do what she [the judge] just did and have the tape look the same?" They [the other judges] agreed. I inspected it and if you looked at it in a certain way in the light, subtly, it said "Void" on it. At the end of the day, if I took the memory card out and someone didn't look for that, I could have easily tampered with the machine. I couldn't believe the tape was that easy to get on and off and how similar the tape looked after it was removed.

Do you think the voter verifiable paper trail [VVPAT] that records a voter's choice, is a panacea? Not necessarily. We need to have more secure voting. The VVPAT or paper rolls are the wrong model. It keeps track on a roll in the order of how people voted, but it's impossible to recount because it's so unwieldy. It's still vulnerable to software problems, and if you don't check carefully you can get away with stuff not found in random checking requirements. We need paper ballots and still have a machine marking the ballots. You can have a touch-screen system that prints paper ballots and the counting is done with optical scan technology and the results are verified with random audits.

Some people have said ATMs and slot machines are more secure than voting systems. And would using Linux as an operating system for the machines, as is done in some districts in Australia, make the process more transparent? Security is a lot easier with an ATM. A voting machine has to be anonymous so you can't figure how people voted. And in Las Vegas, there is a videotaped process. I think the system has to be transparent to average voters and they don't understand how Linux works. You need something the public can sit and watch the recount and for that, you need paper.

Some people claim that touch-screen and other direct recording electronic [DRE] devices are necessary for handicapped access. Do you think so? Nothing in the DRE helps the blind person. It's an audio module that's attached to it. There are many types of such voter-enabling technology. Nothing about the touch-screen helps a blind voter.

What might the sorts of problems you saw last week mean for the next election? We're a model of democracy, and we have one of the worst voting systems in the world. I'm worried that the losers in the next election will not necessarily believe they really lost because of security. Look at Mexico's presidential election -- they're having massive protests in the streets because the losers are proclaiming they're the winners. We're doing everything in this country to create doubts in the voters' and candidates' minds.

So what can voters do? First, we should ditch electronic polling books and get voter registration cards. When the voter is done, they put [the voter registration card] in an envelope taped to the machine. If we can put something in place [for voting] in the next seven weeks, we should. I've been saying that for three years.

Copyright © 2006 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon