Pa. Election Set Despite Potential E-voting Flaw

Diebold software reinstalled for Tuesday's vote

Officials in Pennsylvania this month have been rushing to apply a temporary fix for a security vulnerability in their e-voting devices before tomorrow's federal and state primary elections. Left unaddressed, critics said, the flaw could compromise the vote.

Pennsylvania Secretary of the Commonwealth Pedro Cortes on May 2 issued a directive to election departments statewide about the possible flaw in Diebold Elections Systems Inc.'s AccuVote TSX e-voting machines. The warning was announced days after Diebold alerted Cortes' office to a "potential security vulnerability in the system installation and upgrade mechanism" of the AccuVote touch-screen systems.

Statewide, 3,338 of the touch-screen machines will be used in tomorrow's election; more will be installed for the general election in November, said a spokeswoman for Cortes.

According to Diebold, the vulnerability is in the AccuVote systems' PC card slot, where unauthorized software could be installed without detection. The slot makes it easier for elections officials to install upgrades to the TSX machines as well as Diebold's AccuVote TS models, a company spokesman said. He didn't provide a timetable for fixing the flaw.

In its note to Pennsylvania officials, Diebold promised to eventually create a software-based "permanent solution." The spokeswoman for Cortes said the Allen, Texas-based unit of Diebold Inc. claimed that there was a "very low risk" that elections could be affected in the meantime. But Cortes reacted quickly to ensure that tomorrow's elections run smoothly, she said.

The secretary's office called on all Pennsylvania counties to reinstall the machines' system software in order to overwrite any unauthorized programs that may have been downloaded onto the systems. It also supplied each district with memory cards containing ballot information, to insert into the affected slot to update the voting machines.

Kenneth Leffler, elections director for Carbon County in eastern Pennsylvania, said that addressing the flaw required a lot of work, even though the risk it posed was minimal.

He said his team worked with six Diebold technicians to reinstall the system software, a process that took about 15 minutes on each of the county's 110 machines.

"Quite frankly, I don't see how [tampering] could have happened," Leffler said.

However, Brad Friedman, who closely covers electronic voting on his site, called the flaw "immensely serious" and claimed that "Diebold is not letting [other] state officials know this."

The Diebold spokesman countered that the company routinely reaches out to all of its customers when machines become vulnerable to such flaws. "Anything of interest to one state, we reach out through our network and make them aware of it," he said.

However, representatives of the secretaries of state in Texas, California and Ohio, all users of the affected Diebold systems, said they have not received notification of the flaw from Diebold.

The Diebold spokesman said that the company uses various methods to contact states, including personal notification of officials through sales and support channels.

The spokesman also said that Diebold is searching for technology that can lock the affected machines to prevent such intrusions and would alert officials should any tampering occur.

Copyright © 2006 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon