Study: All Electronic Voting Machines Vulnerable to Software Attacks

A major new report on electronic voting by the Brennan Center for Justice has concluded that the three most common types of electronic voting machines are all vulnerable to software attacks. We speak with the chair of the Brennan Center Task Force on Voting System Security.

With the mid-term elections less than five months away, the battle over Congress is heating up across the country. Will Democrats retake the House and Senate? Or will Republicans retain control? Everything comes down to one day in November, when millions of Americans cast their votes. But will your vote really count? Consider this: A single person with technical knowledge could alter the outcome of an election by tampering with the software used by electronic voting machines.

That's one of the findings of a major new report on electronic voting. The study conducted by the Brennan Center for Justice concluded that the three most common types of electronic voting machines are all vulnerable to software attacks that could threaten the integrity of a state or national election. The year-long study is considered the most comprehensive ever done on electronic voting.

Lawrence Norden, Associate Counsel with the Brennan Center for Justice. For the past year he has led the center's voting technology assessment project. He is the lead author of their new report "The Machinery of Democracy: Security, Accessibility, Usability, Cost."

* * * * * * * *

AMY GOODMAN: Lawrence Norden, the author of the report, joins us now. He is Associate Counsel with the Brennan Center for Justice. For the past year, he's led the Center’s voting technology assessment project. The report is called “The Machinery of Democracy: Security, Accessibility, Usability and Cost." Welcome to Democracy Now!

LAWRENCE NORDEN: Thanks very much for having me.

AMY GOODMAN: Your major findings are shocking. Go through them.

LAWRENCE NORDEN: Well, first of all, we did find that there are serious vulnerabilities in electronic voting machines. What we also found, importantly, was that there are relatively simple and straightforward ways to make those systems substantially more secure, to remedy the vulnerabilities that we found that we were most concerned about, but that unfortunately right now very few jurisdictions have those remedies in place.

JUAN GONZALEZ: Now, explain the vulnerabilities and also the different voting systems, different companies that produce them, in terms of what you found with each of them, if at possible.

LAWRENCE NORDEN: Sure. Something that was different about, I think, this report, as opposed to previous reports on electronic voting machines that have come out, is that we weren't looking at specific anecdotes or focusing on one particular vendor. What we were doing is looking at all of the major electronic voting systems. This is a new architecture. Something like 50% of Americans are voting on new machines over the past few years, and they require new security measures. So one of the systems that many people will be using across the country are what are called optical scan machines. These are machines where you fill in a ballot, as you might fill in in an SAT exam, and you then scan that ballot electronically. It’s read electronically, and the vote total is electronically recorded in the machine. And the other machine that many people are familiar with are the touch screens, the DREs. And these are like ATM machines or computer screens that a voter presses directly onto the machine to record her vote. Again, stored electronically. In some cases these have paper trails, where voters can check to see that their vote was recorded correctly. In other cases there are no paper records. What we found is that in all cases, for all of these systems, there are enough points of vulnerability, there is enough access, that somebody could insert a software-type program and reach enough machines, so that they could potentially change the votes on the machines, shut down the machines, do other things like this. Now, again, I want to emphasize that there are things that can be done to prevent this to make this much more difficult.

AMY GOODMAN: You talk about the wireless components of machines, that they're particularly vulnerable. What do you mean?

LAWRENCE NORDEN: Yeah. We found that wireless -- having a wireless component on a machine makes it much more vulnerable to attack. And the reason is that if there's a wireless component, somebody can walk into a polling place, any member of the public, if the wireless system is strong enough, even from outside of a polling place --

AMY GOODMAN: And explain what you mean by “wireless component.”

LAWRENCE NORDEN: A wireless component is a component that will receive a wireless signal from something like a PDA, a Blackberry or some other device like that, that many of us have, that can send a signal to another wireless device. And the problem with that is it makes it -- first of all, it allows a general member of the public to partake in the attack -- they don't need specific access to the machine -- and they can reach many more machines at once. Instead of having to somehow get to each machine separately, go to different polling places, they can very quickly target a number of machines. And one of the things that we found is the fewer people that you have that need to be involved in the attack, the easier it's going to be.

JUAN GONZALEZ: And do you have any sense of what percentage of machines, for instance, employ wireless technology around the country?

LAWRENCE NORDEN: Yeah. Right now there are still vendors that are manufacturing machines with wireless components. I should say this is a very small percentage now nationwide. Unfortunately, the standards for voting systems have not banned them, and only two states in the country are banning them. Our fear is that this will become more widespread. So we want to make sure that as soon as possible as many states as possible are saying wireless components can't be used.

AMY GOODMAN: Lawrence Norden, we only have a minute. Can you go through your recommendations?

LAWRENCE NORDEN: Sure. One of the most important recommendations that we make is that paper should be audited. There are 36 states now that have paper records. We're saying, unless you're look at them, unless you're checking the paper record against the electronic record, you're not offering that much more security. Another important recommendation: ban wireless components on voting machines, at least as they currently exist. And finally, something that's very important, we want to see counties performing their own programming on voting machines. The more centralized things like programming and creating ballot-definition files, the more likely that it's going to be easy to reach a lot of machines. We want localities to do those types of things.

AMY GOODMAN: Lawrence Norden, I want to thank you very much. We're going to post your report on our website at democracynow.org. Finally, the people on the Brennan Center Task Force, who came up with this report?

LAWRENCE NORDEN: Well, I think we had a great, very impressive taskforce. We had the leading officials, leading scientists and experts in the government, in academia, and in the private sector -- MIT, Stanford, the National Institute for Standards and Technology, Lawrence Livermore National Laboratory. We worked for about a year and a half putting this together, and I think it’s -- if people look at it, they'll see it's a very serious and thorough report.

AMY GOODMAN: Lawrence Norden is with the Brennan Center, Associate Counsel.