We all remember the butterfly ballots, the hanging chads. The "2000 election debacle," as J. Alex Halderman GS calls it, filled the headlines with controversy. But for this Ph.D. candidate in the computer science department, working with fellow graduate student Ariel Feldman under computer science professor Ed Felten, it inspired a study that might just change the direction of midterm elections this year. The results of this study caused an uproar when they were released in September, and these two grad students show no signs of slowing down.
"We were motivated by the belief that computer systems that play such an important role in our democracy should be subjected to independent, expert security analysis," Feldman said, and by a desire "to increase public awareness of the security vulnerabilities in electronic voting systems and their potential consequences."
Entitled "Security Analysis of the Diebold AccuVote-TS Voting Machine," the paper detailed flaws in the widely used Electronic Recording Machines (ERMs), used in place of mechanical ballots since the 2002 Help America Vote Act. Right from the beginning, the ERMs proved controversial. Due to security problems, "many computer scientists protested [use] of ERMs in general," Halderman said. He added that he and his colleagues were "very skeptical of using general purpose computers in such a security-sensitive environment such as voting ... especially without the proper safeguards."
Piggybacking on a 2004 study by researchers at Johns Hopkins that noted numerous mistakes in the e-voting software's security design, Halderman said he and Feldman "picked up where the Johns Hopkins researchers left off." He added, "We had the good fortune to study one of the actual machines," released to the research team by an anonymous source.
The University research team discovered that "these machines can propagate viruses" that can spread from machine to machine, Halderman explained. He added that the software encryption was "storing votes in such a way so that you could find the order in which they were cast," which, in turn, could lead to "knowing how each person voted."
The findings should scare University students, the researchers said. Many "are going to use these machines [this November]," Halderman said. "In Maryland and Georgia, they're going to use the exact machine we studied. In New Jersey, they're going to use voting machines that don't use any paper trail."
E-voting machines have been studied before, but most previous research was sponsored by the manufacturer. Explained Feldman, who wrote most of the code used to simulate attacks on the machines from viruses, "Our study is the first that we know of in which completely independent researchers legally obtained a widely-used voting machine and had unfettered access to its hardware and software for as long as was necessary."
Subsequent to the publishing of their paper, Feldman noted, came a shocking development. "The AccuVote-TS uses removable memory cards to store election results and ballot definitions," he said. "The memory card slot on the side of the AccuVote-TS is protected by a little locked door. The lock on this door is weak and can be picked in under 10 seconds. In addition, all of the tens of thousands of AccuVote-TS machines used in a single state use the same key for this lock." The worst part? "After we published the paper," Feldman continued, "we found out that keys to this kind of lock are on sale at many sites all over the Internet."
The team purchased several of the keys and then demonstrated their findings to the computer science department. "During our demonstration," Feldman reflected, "Chris Tengi, a member of the computer science technical staff, noticed that there was an alphanumeric code written on the key to the voting machine and remembered that he had a key at home that had the same code written on it. When he brought in that key to the department the following day, we found that his key was able to open the voting machine."
Aside from confirming their findings, what have Feldman and Halderman been doing since September? Halderman said that he is "still occupied by the voting project and all the follow-up work." He added that every day, he is "contacted with questions, suggestions, details, requests for information." As for the long term, he said, "I'll be on the faculty market in another year or two. I want to be professor so I can do this fun stuff all the time."
In the future, "We would very much like to study an AccuVote TSx and other kinds of electronic machines," said Halderman. "But manufacturers are generally not willing to allow researchers [to study them]," Halderman noted. Still, he said, there are other ways for researchers to get machines: "Over the summer, one of these machines was for sale on eBay." Then he added, disappointedly, "We didn't get it."