Will The Next Election Be Hacked?
Fresh disasters at the polls — and new evidence from an industry insider — prove that electronic voting machines can’t be trusted
Post your thoughts about the threats to fair voting, in the National Affairs blog. Plus, read Robert F. Kennedy Jr.’s “Was the 2004 Election Stolen?” — his report on Republican methods for keeping more than 350,000 Ohio voters from casting ballots or having their votes counted.
The debacle of the 2000 presidential election made it all too apparent to most Americans that our electoral system is broken. And private-sector entrepreneurs were quick to offer a fix: Touch-screen voting machines, promised the industry and its lobbyists, would make voting as easy and reliable as withdrawing cash from an ATM. Congress, always ready with funds for needy industries, swiftly authorized $3.9 billion to upgrade the nation’s election systems – with much of the money devoted to installing electronic voting machines in each of America’s 180,000 precincts. But as midterm elections approach this November, electronic voting machines are making things worse instead of better. Studies have demonstrated that hackers can easily rig the technology to fix an election – and across the country this year, faulty equipment and lax security have repeatedly undermined election primaries. In Tarrant County, Texas, electronic machines counted some ballots as many as six times, recording 100,000 more votes than were actually cast. In San Diego, poll workers took machines home for unsupervised “sleepovers” before the vote, leaving the equipment vulnerable to tampering. And in Ohio – where, as I recently reported in “Was the 2004 Election Stolen?” [RS 1002], dirty tricks may have cost John Kerry the presidency – a government report uncovered large and unexplained discrepancies in vote totals recorded by machines in Cuyahoga County.
Even worse, many electronic machines don’t produce a paper record that can be recounted when equipment malfunctions – an omission that practically invites malicious tampering. “Every board of election has staff members with the technological ability to fix an election,” Ion Sancho, an election supervisor in Leon County, Florida, told me. “Even one corrupt staffer can throw an election. Without paper records, it could happen under my nose and there is no way I’d ever find out about it. With a few key people in the right places, it would be possible to throw a presidential election.”
Chris Hood remembers the day in July 2002 that he began to question what was really going on in Georgia. An African-American whose parents fought for voting rights in the South during the 1960s, Hood was proud to be working as a consultant for Diebold Election Systems, helping the company promote its new electronic voting machines. During the presidential election two years earlier, more than 94,000 paper ballots had gone uncounted in Georgia – almost double the national average – and Secretary of State Cathy Cox was under pressure to make sure every vote was recorded properly.
Hood had been present in May 2002, when officials with Cox’s office signed a contract with Diebold – paying the company a record $54 million to install 19,000 electronic voting machines across the state. At a restaurant inside Atlanta’s Marriott Hotel, he noticed the firm’s CEO, Walden O’Dell, checking Diebold’s stock price on a laptop computer every five minutes, waiting for a bounce from the announcement.
Hood wondered why Diebold, the world’s third-largest seller of ATMs, had been awarded the contract. The company had barely completed its acquisition of Global Election Systems, a voting-machine firm that owned the technology Diebold was promising to sell Georgia. And its bid was the highest among nine competing vendors. Whispers within the company hinted that a fix was in.
“The Diebold executives had a news conference planned on the day of the award,” Hood recalls, “and we were instructed to stay in our hotel rooms until just hours before the announcement. They didn’t want the competitors to know and possibly file a protest” about the lack of a fair bidding process. It certainly didn’t hurt that Diebold had political clout: Cox’s predecessor as secretary of state, Lewis Massey, was now a lobbyist for the company.
The problem was, Diebold had only five months to install the new machines – a “very narrow window of time to do such a big deployment,” Hood notes. The old systems stored in warehouses had to be replaced with new equipment; dozens of state officials and poll workers had to be trained in how to use the touch-screen machines. “It was pretty much an impossible task,” Hood recalls. There was only one way, he adds, that the job could be done in time – if “the vendor had control over the entire environment.” That is precisely what happened. In late July, to speed deployment of the new machines, Cox quietly signed an agreement with Diebold that effectively privatized Georgia’s entire electoral system. The company was authorized to put together ballots, program machines and train poll workers across the state – all without any official supervision. “We ran the election,” says Hood. “We had 356 people that Diebold brought into the state. Diebold opened and closed the polls and tabulated the votes. Diebold convinced Cox that it would be best if the company ran everything due to the time constraints, and in the interest of a trouble-free election, she let us do it.”
Then, one day in July, Hood was surprised to see the president of Diebold’s election unit, Bob Urosevich, arrive in Georgia from his headquarters in Texas. With the primaries looming, Urosevich was personally distributing a “patch,” a little piece of software designed to correct glitches in the computer program. “We were told that it was intended to fix the clock in the system, which it didn’t do,” Hood says. “The curious thing is the very swift, covert way this was done.”
Georgia law mandates that any change made in voting machines be certified by the state. But thanks to Cox’s agreement with Diebold, the company was essentially allowed to certify itself. “It was an unauthorized patch, and they were trying to keep it secret from the state,” Hood told me. “We were told not to talk to county personnel about it. I received instructions directly from Urosevich. It was very unusual that a president of the company would give an order like that and be involved at that level.”
According to Hood, Diebold employees altered software in some 5,000 machines in DeKalb and Fulton counties – the state’s largest Democratic strongholds. To avoid detection, Hood and others on his team entered warehouses early in the morning. “We went in at 7:30 a.m. and were out by 11,” Hood says. “There was a universal key to unlock the machines, and it’s easy to get access. The machines in the warehouses were unlocked. We had control of everything. The state gave us the keys to the castle, so to speak, and they stayed out of our way.” Hood personally patched fifty-six machines and witnessed the patch being applied to more than 1,200 others.
The patch comes on a memory card that is inserted into a machine. Eventually, all the memory cards end up on a server that tabulates the votes – where the patch can be programmed to alter the outcome of an election. “There could be a hidden program on a memory card that adjusts everything to the preferred election results,” Hood says. “Your program says, ‘I want my candidate to stay ahead by three or four percent or whatever.’ Those programs can include a built-in delete that erases itself after it’s done.”
It is impossible to know whether the machines were rigged to alter the election in Georgia: Diebold’s machines provided no paper trail, making a recount impossible. But the tally in Georgia that November surprised even the most seasoned political observers. Six days before the vote, polls showed Sen. Max Cleland, a decorated war veteran and Democratic incumbent, leading his Republican opponent Saxby Chambliss – darling of the Christian Coalition – by five percentage points. In the governor’s race, Democrat Roy Barnes was running a decisive eleven points ahead of Republican Sonny Perdue. But on Election Day, Chambliss won with fifty-three percent of the vote, and Perdue won with fifty-one percent.
Diebold insists that the patch was installed “with the approval and oversight of the state.” But after the election, the Georgia secretary of state’s office submitted a “punch list” to Bob Urosevich of “issues and concerns related to the statewide voting system that we would like Diebold to address.” One of the items referenced was” Application/Implication of ‘0808’ Patch.” The state was seeking confirmation that the patch did not require that the system “be recertified at national and state level” as well as “verifiable analysis of overall impact of patch to the voting system.” In a separate letter, Secretary Cox asked Urosevich about Diebold’s use of substitute memory cards and defective equipment as well as widespread problems that caused machines to freeze up and improperly record votes. The state threatened to delay further payments to Diebold until “these punch list items will be corrected and completed.”
Diebold’s response has not been made public – but its machines remain in place for Georgia’s election this fall. Hood says it was “common knowledge” within the company that Diebold also illegally installed uncertified software in machines used in the 2004 presidential primaries – a charge the company denies. Disturbed to see the promise of electronic machines subverted by private companies, Hood left the election consulting business and became a whistle-blower. “What I saw,” he says, “was basically a corporate takeover of our voting system.”
The United States is one of only a handful of major democracies that allow private, partisan companies to secretly count and tabulate votes using their own proprietary software. Today, eighty percent of all the ballots in America are tallied by four companies – Diebold, Election Systems & Software (ES&S), Sequoia Voting Systems and Hart InterCivic. In 2004, 36 million votes were cast on their touch-screen systems, and millions more were recorded by optical-scan machines owned by the same companies that use electronic technology to tabulate paper ballots. The simple fact is, these machines not only break down with regularity, they are easily compromised – by people inside, and outside, the companies.
Three of the four companies have close ties to the Republican Party. ES&S, in an earlier corporate incarnation, was chaired by Chuck Hagel, who in 1996 became the first Republican elected to the U.S. Senate from Nebraska in twenty-four years – winning a close race in which eighty-five percent of the votes were tallied by his former company. Hart InterCivic ranks among its investors GOP loyalist Tom Hicks, who bought the Texas Rangers from George W. Bush in 1998, making Bush a millionaire fifteen times over. And according to campaign-finance records, Diebold, along with its employees and their families, has contributed at least $300,000 to GOP candidates and party funds since 1998 – including more than $200,000 to the Republican National Committee. In a 2003 fund-raising e-mail, the company’s then-CEO Walden O’Dell promised to deliver Ohio’s electoral votes to Bush in 2004.
The voting-machine companies bear heavy blame for the 2000 presidential-election disaster. Fox News’ fateful decision to call Florida for Bush – followed minutes later by CBS and NBC – came after electronic machines in Volusia County erroneously subtracted more than 16,000 votes from Al Gore’s total. Later, after an internal investigation, CBS described the mistake as “critical” in the network’s decision. Seeing what was an apparent spike for Bush, Gore conceded the election – then reversed his decision after a campaign staffer investigated and discovered that Gore was actually ahead in Volusia by 13,000 votes.
Investigators traced the mistake to Global Election Systems, the firm later acquired by Diebold. Two months after the election, an internal memo from Talbot Iredale, the company’s master programmer, blamed the problem on a memory card that had been improperly – and unnecessarily – uploaded. “There is always the possibility,” Iredale conceded, “that the ‘second memory card’ or ‘second upload’ came from an unauthorized source.”
Amid the furor over hanging chads and butterfly ballots in Florida, however, the “faulty memory card” was all but forgotten. Instead of sharing culpability for the Florida catastrophe, voting-machine companies used their political clout to present their product as the solution. In October 2002, President Bush signed the Help America Vote Act, requiring states and counties to upgrade their voting systems with electronic machines and giving vast sums of money to state officials to distribute to the tightknit cabal of largely Republican vendors.
The primary author and steward of HAVA was Rep. Bob Ney, the GOP chairman of the powerful U.S. House Administration Committee. Ney had close ties to the now-disgraced lobbyist Jack Abramoff, whose firm received at least $275,000 from Diebold to lobby for its touch-screen machines. Ney’s former chief of staff, David DiStefano, also worked as a registered lobbyist for Diebold, receiving at least $180,000 from the firm to lobby for HAVA and “other election reform issues.” Ney – who accepted campaign contributions from DiStefano and counted Diebold’s then-CEO O’Dell among his constituents – made sure that HAVA strongly favored the use of the company’s machines.
Ney also made sure that Diebold and other companies would not be required to equip their machines with printers to provide paper records that could be verified by voters. In a clever twist, HAVA effectively pressures every precinct to provide at least one voting device that has no paper trail – supposedly so that vision-impaired citizens can vote in secrecy. The provision was backed by two little-known advocacy groups: the National Federation of the Blind, which accepted $1 million from Diebold to build a new research institute, and the American Association of People with Disabilities, which pocketed at least $26,000 from voting-machine companies. The NFB maintained that a paper voting receipt would jeopardize its members’ civil rights – a position not shared by other groups that advocate for the blind.
Sinking in the sewage of the Abramoff scandal, Ney agreed on September 15th to plead guilty to federal conspiracy charges – but he has already done one last favor for his friends at Diebold. When 212 congressmen from both parties sponsored a bill to mandate a paper trail for all votes, Ney used his position as chairman to prevent the measure from even getting a hearing before his committee.
The result was that HAVA – the chief reform effort after the 2000 disaster – placed much of the nation’s electoral system in the hands of for-profit companies. Diebold alone has sold more than 130,000 voting machines – raking in estimated revenues of at least $230 million. “This whole undertaking was never about voters,” says Hood, who saw firsthand how the measure benefited Diebold’s bottom line. “It was about privatizing elections. HAVA has been turned into a corporate-revenue enhancement scheme.”
No case better demonstrates the dangers posed by electronic voting machines than the experience of Maryland. As in Georgia, officials there granted Diebold control over much of the state’s election systems during the 2002 midterm elections. (In the interests of disclosure, my sister was a candidate for governor that year and lost by a margin consistent with pre-election polls.) On Election Night, when Chris Hood accompanied Diebold president Bob Urosevich and marketing director Mark Radke to the tabulation center in Montgomery County where the votes would be added up, he was stunned to find the room empty. “Not a single Maryland election official was there to retrieve the memory cards,” he recalls. As cards containing every vote in the county began arriving in canvas bags, the Diebold executives plugged them into a group of touch-screen tabulators linked into a central server, which was also controlled by a Diebold employee.
“It would have been very easy for any one of us to take a contaminated card out of our pocket, put it into the system, and download some malicious code that would then end up in the server, impacting every other vote that went in, before and after,” says Hood. “We had absolute control of the tabulations. We could have fixed the election if we wanted. We had access, and that’s all you need. I can honestly say that every election I saw with Diebold in charge was compromised – if not in the count, at least in the security.”
After the election, Maryland planned to install Diebold’s AccuVote-TS electronic machines across the entire state – until four computer scientists at Johns Hopkins and Rice universities released an analysis of the company’s software source code in July 2003. “This voting system is far below even the most minimal security standards applicable in other contexts,” the scientists concluded. It was, in fact, “unsuitable for use in a general election.”
“With electronic machines, you can commit wholesale fraud with a single alteration of software,” says Avi Rubin, a computer-science professor at Johns Hopkins who has received $7.5 million from the National Science Foundation to study electronic voting. “There are a million little tricks when you build software that allow you to do whatever you want. If you know the precinct demographics, the machine can be programmed to recognize its precinct and strategically flip votes in elections that are several years in the future. No one will ever know it happened.”
In response to the study, Maryland commissioned two additional reports on Diebold’s equipment. The first was conducted by Science Applications International Corporation – a company that, along with Diebold, was part of an industry group that promotes electronic voting machines. SAIC conceded that Diebold’s machines were “at high risk of compromise” – but concluded that the state’s “procedural controls and general voting environment reduce or eliminate many of the vulnerabilities identified in the Rubin report.” Despite the lack of any real “procedural controls” during the 2002 election, Gov. Robert Ehrlich gave the state election board the go-ahead to pay $55.6 million for Diebold’s AccuVote-TS system.
The other analysis, commissioned by the Maryland legislature, was a practical test of the systems by RABA Technologies, a consulting firm experienced in both defense and intelligence work for the federal government. Computer scientists hired by RABA to hack into six of Diebold’s machines discovered a major flaw: The company had built what are known as “back doors” into the software that could enable a hacker to hide an unauthorized and malicious code in the system. William Arbaugh, of the University of Maryland, gave the Diebold system an “F” with “the possibility of raising it to a ‘C’ with extra credit – that is, if they follow the recommendations we gave them.”
But according to recent e-mails obtained by Rolling Stone, Diebold not only failed to follow up on most of the recommendations, it worked to cover them up. Michael Wertheimer, who led the RABA study, now serves as an assistant deputy director in the Office of the Director of National Intelligence. “We made numerous recommendations that would have required Diebold to fix these issues,” he writes in one e-mail, “but were rebuffed by the argument that the machines were physically protected and could not be altered by someone outside the established chain of custody.”
In another e-mail, Wertheimer says that Diebold and state officials worked to downplay his team’s dim assessment. “We spent hours dealing with Diebold lobbyists and election officials who sought to minimize our impact,” he recalls. “The results were risk-managed in favor of expediency and potential catastrophe.”
During the 2004 presidential election, with Diebold machines in place across the state, things began to go wrong from the very start. A month before the vote, an abandoned Diebold machine was discovered in a bar in Baltimore. “What’s really worrisome,” says Hood, “is that someone could get hold of all the technology – for manipulation – if they knew the inner workings of just one machine.”
Election Day was a complete disaster. “Countless numbers of machines were down because of what appeared to be flaws in Diebold’s system,” says Hood, who was part of a crew of roving technicians charged with making sure that the polls were up and running. “Memory cards overloading, machines freezing up, poll workers afraid to turn them on or off for fear of losing votes.”
Then, after the polls closed, Diebold technicians who showed up to collect the memory cards containing the votes found that many were missing. “The machines are gone,” one janitor told Hood – picked up, apparently, by the vendor who had delivered them in the first place. “There was major chaos because there were so many cards missing,” Hood says. Even before the 2004 election, experts warned that electronic voting machines would undermine the integrity of the vote. “The system we have for testing and certifying voting equipment in this country is not only broken but is virtually nonexistent,” Michael Shamos, a distinguished professor of computer science at Carnegie Mellon University, testified before Congress that June. “It must be re-created from scratch.”
Two months later, the U.S. Computer Emergency Readiness Team – a division of the Department of Homeland Security – issued a little-noticed “cyber-security bulletin.” The alert dealt specifically with a database that Diebold uses in tabulating votes. “A vulnerability exists due to an undocumented backdoor account,” the alert warned, citing the same kind of weakness identified by the RABA scientists. The security flaw, it added, could allow “a malicious user [to] modify votes.”
Such warnings, however, didn’t stop states across the country from installing electronic voting machines for the 2004 election. In Ohio, jammed and inoperable machines were reported throughout Toledo. In heavily Democratic areas of Youngstown, nearly 100 voters pushed “Kerry” and watched “Bush” light up. At least twenty machines had to be recalibrated in the middle of the voting process for flipping Kerry votes to Bush. Similar “vote hopping” was reported by voters in other states.
The widespread glitches didn’t deter Secretary of State J. Kenneth Blackwell – who also chaired Bush’s re-election campaign in Ohio – from cutting a deal in 2005 that would have guaranteed Diebold a virtual monopoly on vote counting in the state. Local election officials alleged that the deal, which came only a few months after Blackwell bought nearly $10,000 in Diebold stock, was a violation of state rules requiring a fair and competitive bidding process. Facing a lawsuit, Blackwell agreed to allow other companies to provide machines as well. This November, voters in forty-seven counties will cast their ballots on Diebold machines – in a pivotal election in which Blackwell is running as the Republican candidate for governor.
Electronic voting machines also caused widespread problems in Florida, where Bush bested Kerry by 381,000 votes. When statistical experts from the University of California examined the state’s official tally, they discovered a disturbing pattern: “The data show with 99.0 percent certainty that a county’s use of electronic voting is associated with a disproportionate increase in votes for President Bush. Compared to counties with paper ballots, counties with electronic voting machines were significantly more likely to show increases in support for President Bush between 2000 and 2004.” The three counties with the most discrepancies – Broward, Palm Beach and Miami-Dade – were also the most heavily Democratic. Electronic voting machines, the report concluded, may have improperly awarded as many as 260,000 votes to Bush. “No matter how many factors and variables we took into consideration, the significant correlation in the votes for President Bush and electronic voting cannot be explained,” said Michael Hout, a member of the National Academy of Sciences.
Charles Stewart III, an MIT professor who specializes in voter behavior and methodology, was initially skeptical of the study – but was unable to find any flaw in the results. “You can’t break it – I’ve tried,” he told The Washington Post. “There’s something funky in the results from the electronic-machine Democratic counties.”
Questions also arose in Texas in 2004. William Singer, an election programmer in Tarrant County, wrote the secretary of state’s office after the vote to report that ES&S pressured officials to install unapproved software during the presidential primaries. “What I was expected to do in order to ‘pull off’ an election,” Singer wrote, “was far beyond the kind of practices that I believe should be standard and accepted in the election industry.” The company denies the charge, but in an e-mail this month, Singer elaborated that ES&S employees had pushed local election officials to pressure the secretary of state to accept “a software change at such a last minute there would be no choice, and effectively avoid certification.”
Despite such reports, Texas continues to rely on ES&S. In primaries held in Jefferson County earlier this year, electronic votes had to be recounted after error messages prevented workers from completing their tabulations. In April, with early voting in local elections only a week away, officials across the state were still waiting to receive the programming from ES&S needed to test the machines for accuracy. Calling the situation “completely unacceptable and disturbing,” Texas director of elections Ann McGeehan authorized local officials to create “emergency paper ballots” as a backup. “We regret the unacceptable position that many political subdivisions are in due to poor performance by their contracted vendor,” McGeehan added.
In October 2005, the government Accountability Office issued a damning report on electronic voting machines. Citing widespread irregularities and malfunctions, the government’s top watchdog agency concluded that a host of weaknesses with touch-screen and optical-scan technology “could damage the integrity of ballots, votes and voting-system software by allowing unauthorized modifications.” Some electronic systems used passwords that were “easily guessed” or employed identical passwords for numerous systems. Software could be handled and transported with no clear chain of custody, and locks protecting computer hardware were easy to pick. Unsecured memory cards could enable individuals to “vote multiple times, change vote totals and produce false election reports.”
An even more comprehensive report released in June by the Brennan Center for Justice, a nonpartisan think tank at the New York University School of Law, echoed the GAO’s findings. The report – conducted by a task force of computer scientists and security experts from the government, universities and the private sector – was peer-reviewed by the National Institute of Standards and Technology. Electronic voting machines widely adopted since 2000, the report concluded, “pose a real danger to the integrity of national, state and local elections.” While no instances of hacking have yet been documented, the report identified 120 security threats to three widely used machines – the easiest method of attack being to utilize corrupt software that shifts votes from one candidate to another.
Computer experts have demonstrated that a successful attack would be relatively simple. In a study released on September 13th, computer scientists at Princeton University created vote-stealing software that can be injected into a Diebold machine in as little as a minute, obscuring all evidence of its presence. They also created a virus that can “infect” other units in a voting system, committing “widespread fraud” from a single machine. Within sixty seconds, a lone hacker can own an election.
And touch-screen technology continues to create chaos at the polls. On September 12th, in Maryland’s first all-electronic election, voters were turned away from the polls because election officials had failed to distribute the electronic access cards needed to operate Diebold machines. By the time the cards were found on a warehouse shelf and delivered to every precinct, untold numbers of voters had lost the chance to cast ballots.
It seems insane that such clear threats to our election system have not stopped the proliferation of touch-screen technology. In 2004, twenty-three percent of Americans cast their votes on electronic ballots – an increase of twelve percent over 2000. This year, more than one-third of the nation’s 8,000 voting jurisdictions are expected to use electronic voting technology for the first time.
The heartening news is, citizens are starting to fight back. Voting-rights activists with the Brad Blog and Black Box Voting are getting the word out. Voter Action, a nonprofit group, has helped file lawsuits in Arizona, New York, Pennsylvania, Colorado and New Mexico to stop the proliferation of touch-screen systems. In California, voters filed suit last March to challenge the use of a Diebold touch-screen system – a move that has already prompted eight counties to sign affidavits saying they won’t use the machines in November.
It’s not surprising that the widespread problems with electronic voting machines have sparked such outrage and mistrust among voters. Last November, comedian Bill Maher stood in a Las Vegas casino and looked out over thousands of slot machines. “They never make a mistake,” he remarked to me. “Can’t we get a voting machine that can’t be fixed?”
Indeed, there is a remarkably simple solution: equip every touch-screen machine to provide paper receipts that can be verified by voters and recounted in the event of malfunction or tampering. “The paper is the insurance against the cheating machine,” says Rubin, the computer expert.
In Florida, an astonishing new law actually makes it illegal to count paper ballots by hand after they’ve already been tallied by machine. But twenty-seven states now require a paper trail, and others are considering similar requirements. In New Mexico, Gov. Bill Richardson has instituted what many consider an even better solution: Voters use paper ballots, which are then scanned and counted electronically. “We became one of the laughingstock states in 2004 because the machines were defective, slow and unreliable,” says Richardson. “I said to myself, ‘I’m not going to go through this again.’ The paper-ballot system, as untechnical as it seems, is the most verifiable way we can assure Americans that their vote is counting.”
Paper ballots will not completely eliminate the threat of tampering, of course – after all, election fraud and miscounts have occurred throughout our history. As long as there has been a paper trail, however, our elections have been conducted with some measure of public scrutiny. But electronic voting machines are a hacker’s dream. And today, for-profit companies are being given unprecedented and frightening power not only to provide these machines but to store and count our votes in secret, without any real oversight.
You do not have to believe in conspiracy theories to fear for the integrity of our electoral system: The right to vote is simply too important – and too hard won – to be surrendered without a fight. It is time for Americans to reclaim our democracy from private interests.
This article is from the October 5th, 2006 issue of “Rolling Stone” magazine.
Post your thoughts about the threats to fair voting, in the National Affairs blog. Plus, read Robert F. Kennedy Jr.’s “Was the 2004 Election Stolen?” — his report on Republican methods for keeping more than 350,000 Ohio voters from casting ballots or having their votes counted.
Read Diebold’s letter to Rolling Stone and Robert F. Kennedy Jr.’s response