With the 2006 midterm elections approaching, one would expect the average Johns Hopkins professors to be cited for his or her opinions on the intricacies of each Congressional race, or perhaps for a retrospective on previous campaign years. Although this largely remains true, there is a notable exception this election cycle: Dr. Avi Rubin.
Rubin, professor of Computer Science (JHU) and Technical Director of the Information Security Institute has voiced opposition to `e-voting.' E-voting, a system that the government has begun funding as replacement for the outdated methods of voting, such as punch cards and voting machines, involves the use of computerized voting technology to catalogue and quantify election results.
Attracting Rubin's attention is Diebold Electronics. Diebold, formerly known as Global Election Systems, produces computerized voting machines. Diebold's voting equipment counted over one hundred-million votes in the 2000 general election. In fact, over the 2004 election season, Diebold ma-
chines tabulated 80 percent of all votes cast in the United States.
The corporation, led by Bob Urosevich, advertises itself as America's "premiere manufacturer" of, among other products, electronic voting machines. Rubin, however, publicly denounced The Diebold Election System AccuVote-TS -- the company's latest machine model -- in a paper analyzing the electronic voting system.
Diebold intends to distribute the AccuVote-TS for the upcoming November elections, although the machine has met with concentrated criticism over the last months.
Rubin, along with others, claimed, "this voting system is far below even the most minimal security standards applicable in other contexts." Noted among the various flaws of the system was "that voters, without any inside privileges can cast unlimited votes without being detected by any internal mechanisms within the voting terminal software."
Especially pertinent after the allegations of tampering that concluded the 2000 and 2004 presidential elections, Robin contends that the voting system was also weak in maintaining voter privacy: "An insider, such as a poll worker, [can] modify the votes, but that insiders can also violate voter privacy and match votes with the voters who cast them."
Rubin's analysis was confirmed by a study conducted by a team of experts at Princeton University. The report, published under the auspices of the Princeton Center for Information Technology Policy, corroborated -- and added to -- many of Rubin's claims.
Expressing a sense of urgency in line with Rubin's earlier writings, the Princeton team wrote that Diebold's machines are "vulnerable to extremely serious attacks." Pointing out that "an attacker who gets physical access to a machine ... could install malicious code" which could "steal votes undetectably," the CITP analysis recommended a serious rollback in the distribution of AccuVote-TS machines.
Diebold offered a response on their Web site to the Princeton report that charged it with being "unrealistic and inaccurate" because it is "common sense" that "every local jurisdiction secures its voting machines," and therefore the concern with vote tampering is overblown. Left unchallenged however is Rubin's insight that it would be all too easy for local election officials to alter poll results.
State governments are responding to the sharp critiques of Diebold's voting machines. In 2003 the state of Maryland, upon receiving Rubin's analysis, commissioned a third party, the Science Applications International Corporation (SAIC), to conduct a review of the Diebold Election System AccuVote-TS voting system. The overall findings of the report held that, "The system, as implemented in policy, procedure, and technology, is at high risk of compromise."
Rubin's initial findings have also been supported by many Computer Science professors across the nation including Professor Michael Shamos of Carnegie Mellon who concluded that the AccuVote has one of "the most severe security flaws ever discovered in a voting system." Furthermore, Professor Douglas Jones of the University of Iowa has also confirmed Rubin's results.
Though the state of Maryland was forced to utilize the Diebold AccuVote-TS system for the 2004 presidential primary due to crime constraints, a bill was passed in the Maryland State House in March, 2006, to ban Diebold's e-voting machines from primaries and elections throughout the state. One of the main reasons cited was the lack of a paper trail in the voting system, which granted a level of invisibility to those who sought to tamper with votes. As Rubin stated, Diebold's machines became "much, much easier to attack than anything we've previously said ... On a scale of one to 10, if the problems we found before were a six, this is a 10. It's a totally different ball game."
Diebold has recently reported that it is working on improving internal security code for all of machines. Left unresolved, however, is whether the new measures will meet the exacting -- and Rubin argues, necessary -- security standards in time for the November election cycle.
Please note All comments are eligible for publication in The News-Letter.