By Deb Feyerick and Bob Ruff
The notion of stealing votes is as old as, well, voting itself.
With the advent of computerized voting, some are concerned that e-voting may be susceptible to tampering. University of Michigan Prof. J. Alex Halderman, along with colleagues at Princeton University, decided to put that question to the test.
First, they legally purchased government surplus voting machines, then they tested them to see if they were vulnerable to vote theft.
For Halderman's crew, getting into the machines was as easy as picking a cheap lock. Once in, the researchers were able to reprogram the memory card inside the machines, set up a mock election and then steal votes at will.
Princeton researcher Ariel Feldman, showed us one of the hacked machines: "We were flipping votes from one candidate to another to keep the total number of votes the same." And, just to nail the point home about how simple it is to alter the computer's memory card, they replaced the election software with the classic video game, Pac-Man.
And there's more:
"We have found that we can make a voting machine virus that can jump from machine to machine and change the election outcome across a whole state," says Halderman. "This is very, very scary and it's a realistic threat today."
As many as 9 million registered voters this November will be able to vote on machines similar to the ones tested by Michigan and Princeton researchers.
There IS a way to minimize the risk of vote fraud
Halderman says machines that don't leave a paper trail should be scrapped in favor of "paper voting with electronic scanning. So, the voter fills out a paper ballot and it's scanned into a computer at the polling place." But equally critical is the need for election officials to conduct proper audits after the election. By doing so they can make sure the paper ballots correctly match the scanned votes.
The trend nationally is away from voting without a paper trail and audit, which please the experts we contacted.
End of problem? Well, not exactly says Halderman.
Thirty-two states this November are offering some form of internet voting to Americans living overseas, including those serving in the military. Arizona and some parts of West Virginia are letting voters receive and send back their ballots directly from their computer. Washington, D.C., was hoping to do the same, but first decided to do an open source test in September of their internet based voting system. Election officials challenged anyone to see if the could hack into it.
Professor Halderman and his students at Michigan decided to take a crack at it. The result?
"We were able," Halderman told us, "(to) reprogram the system to do essentially whatever we want. Steal all the ballots. Find out how everyone voted. We even programmed it so after a voter voted, we could play the University of Michigan fight song."
D.C. officials were quick to suspend their internet voting system until they could figure out why it was so easy for it to be hacked. So easy, in fact, that during the test Halderman found hackers from China and Iran trying to break in. Before they could, Halderman ordered his students to change passwords before the foreigners could figure things out.
D.C. will have no internet voting this year. Halderman thinks the technology is years away, if ever, from being able to provide safe internet voting.
In the meantime he and most computer experts urge states to rely on those paper ballots that can be scanned and then audited just to be sure nobody is trying to electronically stuff the ballot box.