California Plans Hacking Test of E-voting Systems

Fla. test found Diebold machines vulnerable

Diebold's AccuVote machines are are facing security scrutiny.
Diebold's AccuVote machines are are facing security scrutiny.
Looking to quell fears about potential vote tampering with electronic voting machines, the state of California this month plans to hold a hacking test of an optical scan voting device from Diebold Election Systems.

The initial test was to be held last week but was postponed, said Jim March, an investigator at Black Box Voting Inc., a Renton, Wash.-based nonprofit voter advocacy group.

Plans for the California test come amid recurring concerns that e-voting gear, including optical scan and touch-screen voting machines, are vulnerable to intrusion or rigging.

March's organization prodded California Secretary of State Bruce McPherson's office to test Diebold's AccuVote optical scan equipment for possible vulnerabilities after a check of the machines in Florida revealed problems.

March said the Leon County, Fla., test in May determined that a vulnerability in the memory card in the Diebold optical scan machine could allow a hacker to replace code and "doctor the results."

The California test is expected to be carried out by Finland-based security expert Harri Hursti, who conducted the Florida test in conjunction with Black Box. It hasn't been determined whether Black Box will be involved in the California trial run.

A spokeswoman for the California secretary of state said the Florida evaluation persuaded McPherson to sponsor a security test in his state. She said the secretary's office and Hursti are still working on the protocols and logistical details for the California test.

The spokeswoman said that a machine will be selected for the trial at random from an undetermined voting precinct in the state.

McKinney, Texas-based Diebold contends that its optical scan gear is not vulnerable to hacking and has agreed to work with McPherson on the upcoming test.

Diebold Responds

A Diebold spokesman called the Leon County, Fla., hacking test invalid. "We weren't ever aware of it," he said. Hursti and Black Box were given "complete and unfettered access" to the system and the passcode, but such access isn't generally available to outsiders, he said.

The spokesman also noted that security procedures during elections extend beyond the safety of the equipment.

"If I gave you the keys to my house and told you when I was out, you would have a good chance to get in," the spokesman said.

On another front, Diebold's status as a provider of e-voting equipment in North Carolina is in limbo after a judge last week denied its request for an injunction that would shield the company from the state's election transparency laws.

Diebold had argued that the laws requiring e-voting machine vendors to place all source code and related software in escrow can't be followed.

"We're not trying to evade anything," said Doug Hanna, a Raleigh-based attorney representing Diebold. He said vendors can't possibly comply with the statute because they can't legally place system components from third-party vendors in escrow.

Hanna said other states dictate that proprietary source code be placed in escrow, but not third-party code. He said he doesn't know how the fight in North Carolina will affect Diebold's status there.

Copyright © 2005 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon