Image provided by: University of Oregon Libraries; Eugene, OR
About The North Coast times-eagle. (Wheeler, Oregon) 1971-2007 | View Entire Issue (Jan. 1, 2004)
PAGE 4 ALL THE PRESIDENT’S VOTES? used on Election Day " Mr. Tatum said it was possible the relevant documents were with Gary Powell, an official at the Georgia Technology Authority, so campaigners wrote to him as well. Mr Powell responded he was “not sure what you mean by the words 'please provide written certification documents.’" “If the machines were not certified, then right there the election was illegal," Mr. Wright says. The secretary of state's office has ye, to demonstrate anything to the contrary. The investigating citizens then considered the nature of the software itself. Shortly after the election, Diebold technician Rob Behler came forward and reported that, when the machines were about to be shipped to Georgia polling stations in the summer of 2002, they performed so erratically their software had to be amended with a last-minute “patch." Instead of being transmitted via disk — a potentially time-consuming process, especially since its author was in Canada, no, Georgia — the patch was posted, along with the entire election software package, on an open- access FTP, or file transfer protocol site, on the Internet. That, according to computer experts, was a violation of the most basic of security precautions, opening all sorts of possibilities for the introduction of rogue or malicious code. At the same time, however, it gave campaigners a golden oppor tunity to circumvent Diebold’s own secrecy demands and see exactly how the system worked. Roxanne Jekot, a computer programmer with 20 years experience and an occasional teacher at Lanier Technical College northeast of Atlanta, did a line-by-line review and found “enough to stand your hair on end." “There were security holes all over it,” she says, “from the most basic display of the ballot on the screen all the way through the operating system." Although the program was designed to be run on the Windows 2000 NT operating system, which has numerous safeguards to keep out intruders, Ms. Jekot found it worked just fine on the much less secure Windows 98; the 2000 NT security features were, as she put it, “nullified." DRAWINGS BY MATT WUERKER BY ANDREW GUMBEL Something very odd happened in the mid-term elections in Georgia in November 2002. On the eve of the vote, opinion polls showed Roy Barnes, the incumbent Democratic governor, leading by between 9 and 11 points. In a somewhat closer keenly watched Senate race, polls indicated that Max Cleland, the popular Democrat up for re-election, was ahead by 2 to 5 points against his Republican challenger, Saxby Chambliss. Those figures were more or less what political experts would have expected in a state with a long tradition of electing Democrats to statewide office. But then the results came in, and all of Georgia appeared to have been turned upside down. Barnes lost the governorship to the Republican, Sonny Perdue, 46% to 51%, a swing of as much as 16 percentage points from the last opinion polls. Cleland lost to Chambliss 46% to 53%, a last minute swing of 9 to 12 points. Red-faced opinion pollsters suddenly had a lot of explaining to do and launched internal investigations. Political analysts credited the upset — par, of a pattern of Republican successes around the country — to a huge campaigning push by President Bush in the final days of the race. They also said tha, Roy Barnes had lost because of a surge of “angry white men" punishing him for eradicating all bu, a vestige of the old confederate symbol from the state flag Bu, something about these explanations did no, make sense, and they have made even less sense overtime. When the Georgia secretary of state’s office published its demographic breakdown of the election in early 2003, it turned out there was no surge of angry white men; in fact, the only subgroup showing even a modes, increase in turnout was black women. There were also big, puzzling swings in partisan loyalties in different parts of the state.In 58 counties the vote was broadly in line with the primary election. In 27 counties in Republican- dominated north Georgia, however, Max Cleland unaccountably scored 14% points higher than he had in the primaries. And in 74 counties in the Democrat south, Saxby Chambliss garnered a whopping 22 points more for the Republicans than the party as a whole had won less than three months earlier. Now, weird things like this do occasionally occur in elections, and the figures on their own are not proof of anything except statistical anomalies worthy of further study. Bu, in Georgia there was an extra reason to be suspicious. The state became the firs, in the country tha, November to conduct an election entirely with touchscreen voting machines, after lavish ing $45 million on a new system that promised to deliver the securest, most up-to-date, most voter-friendly election in the history of the republic The machines, however, turned out to be anything bu, reliable. With academic studies showing the Georgia touchscreens to be poorly programmed, full of security holes and prone to tampering, and with thousands of similar machines from different companies being introduced a, high speed across the country, computer voting may, in fact, be U S. democracy’s own 21s, century nightmare. In many Georgia counties the machines froze up, causing long delays as technicians tried to reboot them. In heavily Democratic Fulton County, in downtown Atlanta, 67 memory cards from the voting machines went missing, delaying certification of the results for 10 days. In neighboring DeKalb County, 10 memory cards were unaccounted for; they were later recovered from terminals tha, had supposedly broken down and taken out of service. I, is still unclear exactly how results from these missing cards were tabulated, or if they were counted a, all. And we will probably never know, for a highly disturbing reason The vote count was no, conducted by state election officials, bu, by the private company tha, sold Georgia the voting machines in the firs, place, under a strict trade-secrecy contract tha, made i, no, only difficult bu, actually illegal — on pain of stiff criminal penalties — for the state to touch the equipment or examine the proprietary software to ensure the machines worked property There was no, even a paper trail to follow up. The machines were fitted with thermal printing devices tha, could theoretically provide a written record of voters’ choices, bu, these were no, activated. Consequently, recounts were impossible. Had Diebold Inc., the manufacturer, been asked to review the votes, all it could have done was program the computers to spi, out the same data as before, flawed or no, Astonishingly these are the terms under which America’s top three computer voting machine manufacturers — Diebold, Sequoia and Election Systems & Software (ES&S) — have sold their products to election officials around the country. Far from questioning the need for rigid trade secrecy and the absence of a paper record, secretaries of state and their technical advisers — anxious to banish memories of the hanging chad fiasco and other associated disasters in the 2000 Presidential recount in Florida — have, for the most part, welcomed the touchscreen voting machines as a technological miracle solution. Georgia was not the only state in November 2002 to see last-minute swings in voting patterns There were others in Colorado, Minnesota, Illinois and New Hampshire — all in races flagged as key partisan battlegrounds, and all won by the Republican Party Again, this was widely attributed to campaigning efforts of President Bush and the demoralization of a Democratic Party too timid to speak out against the looming war in Iraq. Strangely, however, the pollsters made no comparable howlers in lower-key races whose outcome was no, seriously contested. Another anomaly, perhaps. Wha, then is one to make of the fact tha, the owners of the three major computer voting machines are all prominent Republican Party donors? Or of a recent political fund-raising letter written to Ohio Republicans by Walden O’Dell, Diebold’s chief executive, in which he said he was “committed to helping Ohio to deliver its electoral votes to the President (in 2004)" — even as his company was bidding for the contract on the state’s new voting machinery? Alarmed and suspicious, a group of Georgia citizens began to look into the November 2002 election to see whether there was any chance the results might have been deliberately or accidentally manipulated. Their research proved unexpect edly, and disturbingly, fruitful. First, they wanted to know if the software had under gone adequate checking. Under state and federal law, all voting machinery and component parts must be certified before use in an election. So Atlanta graphic designer Dennis Wright wrote to the secretary of state's office for a copy of the certificate letter. Clifford Tatum, assistant director of legal affairs for the election division, wrote back, "We have determined that no records exist in the Secretary of State’s office regarding a certification letter from the lab certifying the version of software MARITIME MUSEUM VISIT THE MUSEUM SHOP IN ASTORIA, OREGON Also embedded in the software were the comments of the programmers working on it. One described what he and his colleagues had just done as “a gross hack." Elsewhere was the remark: “This doesn’t really work.” “Not a confidence builder, would you say?" Ms Jekot says. “They were operating in panic mode, cobbling together something that would work for the moment, knowing that at some point they would have to go back to figure ou, how to make it work more permanently.” She found some of the code downright suspect — for example, an overtly meaningless instruction to divide the number of write-in votes by 1. “From a legal standpoint there is absolutely no reason to do that," she says. “I, raises an immediate red flag.” Mostly, though, she was struck by the shoddiness of much of the programming. “I really expected to have some diffi culty reviewing the source code because it would be at a higher level than I am accustomed to," she says. “In fact, a lot of this stuff looked like the homework my first-year students might have turned in." Diebold had no specific comment on Ms.Jekot’s inter pretations, offering only a blanket caution about the complexity of election systems “often no, well understood by individuals with little real-world experience." But Ms. Jekot was not the only one to examine Diebold software and find it lacking. In July 2003, a group of researchers from the Information Security Institute at Johns Hopkins Univer sity in Baltimore discovered wha, they called “stunning flaws." These included putting the password in the source code, a basic security no-no; manipulating the voter smart-card function so one person could cast more than one vote; and other loopholes tha, could theoretically allow voters' ballot choices to be altered without their knowledge, either on the spot or by remote access. Diebold issued a detailed response, saying the Johns Hopkins report was riddled with false assumptions, inadequate information and “a multitude of false conclusions." Substantially similar findings, however, were made in a follow-up study on behalf of the state of Maryland, in which a group of computer security experts catalogued 328 software flaws, 26 of them critical, putting the whole system “at high risk of compromise.” “If these vulnerabilities are exploited, significant impact could occur on the accuracy, integrity, and availability of election results," their report says. Ever since the Johns Hopkins study, Diebold has sought to explain away the open FTP file as an old, incomplete version of its election package. The claim cannot be independently veri fied because of the trade-secrecy agreement, and no, everyone is buying it. "It is documented throughout the code who changed what and when. We have the history of this program from 1996 to 2002," Ms. Jekot says. “I have no doubt this is the software used in the elections.” Diebold now says it has upgraded its encryption and password features — but only on its Maryland machines. A key security question concerned compatibility with Microsoft Windows, and Ms. Jeko, says jus, three programmers, all of them senior Diebold executives, were involved in this aspect of the system. One of these, Diebold’s vice-president of research and development, Talbo, Iredale, wrote an e-mail in April 2002 — later obtained by the campaigners — making it clear that he wanted to shield the operating system from Wylie Labs, an independent testing agency involved in the early certi fication process. The reason tha, emerges from the e-mail is that he wanted to make the software compatible with WinCE 3.0, an operating system used for handhelds and PDAs; in other words, »system tha, could be manipulated from a remote location. “We do not wan, Wyle(s,previewing and certifying the operating systems,” the e-mail says.“Therefore can we keep to a minimum the references to the WinCE 3 0 operating system." In an earlier intercepted e-mail, this from Ken Clark in Diebold’s research and development department, the company explained upfront to another independent testing lab tha, the supposedly secure software system could be accessed without a password, and its contents easily changed using the Microsoft Access program. Mr. Clark says he had considered putting in a password requirement to stop dealers and customers from doing “stupid things," bu, tha, the easy access had often “go, people ou, of a bind." Astonishingly, the representative from the inde pendent testing lab did no, see anything wrong with this and granted certification to the part of the software program she was inspecting — a pattern of lackadaisical oversight tha, was repli cated all the way to the top of the political chain of command in Georgia, and in many other parts of the country. Diebold has no, contested authenticity of the e-mails, now openly accessible on the Interne, However, Diebold did caution that, as the e-mails were taken from a Diebold Election