In Georgia's touchscreen voting debate, is anyone getting it right?
Boy, hanging chads are looking better every day.
First Johns Hopkins University releases a damning report about the security of the brand of touchscreen voting machines Georgia uses. Then more reports come out that that company, Diebold, is making political contributions to the GOP — $100,000 in soft money donations to the Republican National Committee in 2000, and roughly the same amount in 2002. What's more, Diebold CEO Walden O'Dell sent out a fundraising letter in mid-August to Ohio Republicans for an upcoming bash at his mansion in which he said he is committed to helping Ohio deliver its electoral votes to Bush. Add that to the roughly $10,000 he's given to Republican candidates and causes since 1997. Meanwhile, Diebold is up for the contract to be Ohio's touchscreen vendor.
Tech-savvy progressives are all abuzz on the Web.
But down here in Bizarro World, aka under Georgia's Gold Dome, it's been the Republican governor harassing the Democratic secretary of state to test the security of the Diebold elections system after the Johns Hopkins report came out.
Thing is, soon after the study made headlines, its author admitted to a "conflict of interest" as a member of the board of another company in the e-voting game, which allowed Secretary of State Cathy Cox to dismiss the Hopkins report as "outrageous."
It was a dust-up that lasted but a few days, and yet in other states — Maryland and Ohio, for example — officials were concerned enough about the Hopkins study that they decided to test the security of Diebold's system. So what the hell happened here?
First, it's not clear that Gov. Sonny Perdue really wanted Cox to examine the voting machines. It now just seems like an opportunity to sling some partisan mud at a possible 2006 gubernatorial opponent.
Cox spokeswoman Cara Hodgson says her boss never received any directives or requests for more testing from Perdue. And, Hodgson says Cox's office is stepping up security on the state server, and eventually the individual machines themselves, by installing a system that allows the machines to be checked individually to see if the software code has been modified or tampered with.
As for the study that started this short-lived brouhaha, University of Iowa computer scientist Douglas Jones, who also recently served as chairman of the Iowa Board of Examiners for Voting Machines and Electronic Voting Systems, says that Diebold correctly pointed out in a 27-page rebuttal that the Hopkins group was looking at the company's software in isolation without marrying it to the actual equipment, and that undermined their research.
Having said that, Jones notes that Diebold's rebuttal actually confirms some of the charges made in the Hopkins report.
There are 16 points out of about 80 where "either Diebold's defense is wrong or where they say something like, 'This is an attack vector only for an election insider at election central,' which again is an admission that the weakness exists, and that the system is vulnerable to attack by insiders or poll workers in the way that the Hopkins report alleged."
Stanford University computer scientist David Dill has led the charge among computer scientists and experts to push state governments to include as part of any electronic system voter verifiable audit trails — basically slips of paper voters could use to check their selections after they've made their touchscreen votes.
"The most important conclusion from that study is that indeed there's no real, professional, high-quality attention to security at any point in the process, either in the design of the systems, the inspection of the system or the state certification processes," Dill says.
He also says that neither the Hopkins report nor Diebold's rebuttals change any of his group's conclusions about the system's vulnerability.
He also notes that the Hopkins report's author, Avi Rubin, didn't have a traditional conflict of interest when he announced that he held an interest in VoteHere Inc. Dill says he was privy to the research process, though, he didn't participate in the study, and he's confident there's no VoteHere conspiracy.
"Because they're selling what they claim to be a more secure system, they would want to sell it to people like Diebold," Dill says. "I'm not sure that it would have been in VoteHere's interest to do something like this because it would have alienated a potential customer."