Hack the Vote

SYNOPSIS:

Inviting Bush supporters to a fund-raiser, the host wrote, "I am committed to helping Ohio deliver its electoral votes to the president next year." No surprise there. But Walden O'Dell — who says that he wasn't talking about his business operations — happens to be the chief executive of Diebold Inc., whose touch-screen voting machines are in increasingly widespread use across the United States.

For example, Georgia — where Republicans scored spectacular upset victories in the 2002 midterm elections — relies exclusively on Diebold machines. To be clear, though there were many anomalies in that 2002 vote, there is no evidence that the machines miscounted. But there is also no evidence that the machines counted correctly. You see, Diebold machines leave no paper trail.

Representative Rush Holt of New Jersey, who has introduced a bill requiring that digital voting machines leave a paper trail and that their software be available for public inspection, is occasionally told that systems lacking these safeguards haven't caused problems. "How do you know?" he asks.

What we do know about Diebold does not inspire confidence. The details are technical, but they add up to a picture of a company that was, at the very least, extremely sloppy about security, and may have been trying to cover up product defects.

Early this year Bev Harris, who is writing a book on voting machines, found Diebold software — which the company refuses to make available for public inspection, on the grounds that it's proprietary — on an unprotected server, where anyone could download it. (The software was in a folder titled "rob-Georgia.zip.") The server was used by employees of Diebold Election Systems to update software on its machines. This in itself was an incredible breach of security, offering someone who wanted to hack into the machines both the information and the opportunity to do so.

An analysis of Diebold software by researchers at Johns Hopkins and Rice Universities found it both unreliable and subject to abuse. A later report commissioned by the state of Maryland apparently reached similar conclusions. (It's hard to be sure because the state released only a heavily redacted version.)

Meanwhile, leaked internal Diebold e-mail suggests that corporate officials knew their system was flawed, and circumvented tests that would have revealed these problems. The company hasn't contested the authenticity of these documents; instead, it has engaged in legal actions to prevent their dissemination.

Why isn't this front-page news? In October, a British newspaper, The Independent, ran a hair-raising investigative report on U.S. touch-screen voting. But while the mainstream press has reported the basics, the Diebold affair has been treated as a technology or business story — not as a potential political scandal.

This diffidence recalls the treatment of other voting issues, like the Florida "felon purge" that inappropriately prevented many citizens from voting in the 2000 presidential election. The attitude seems to be that questions about the integrity of vote counts are divisive at best, paranoid at worst. Even reform advocates like Mr. Holt make a point of dissociating themselves from "conspiracy theories." Instead, they focus on legislation to prevent future abuses.

But there's nothing paranoid about suggesting that political operatives, given the opportunity, might engage in dirty tricks. Indeed, given the intensity of partisanship these days, one suspects that small dirty tricks are common. For example, Orrin Hatch, the chairman of the Senate Judiciary Committee, recently announced that one of his aides had improperly accessed sensitive Democratic computer files that were leaked to the press.

This admission — contradicting an earlier declaration by Senator Hatch that his staff had been cleared of culpability — came on the same day that the Senate police announced that they were hiring a counterespionage expert to investigate the theft. Republican members of the committee have demanded that the expert investigate only how those specific documents were leaked, not whether any other breaches took place. I wonder why.

The point is that you don't have to believe in a central conspiracy to worry that partisans will take advantage of an insecure, unverifiable voting system to manipulate election results. Why expose them to temptation?

I'll discuss what to do in a future column. But let's be clear: the credibility of U.S. democracy may be at stake.

Originally published in The New York Times, 12.2.03