Thursday, March 26, 2009

Most Electronic Voting Isn't Secure, CIA Expert Says

Via mcclatchydc.com -

The CIA, which has been monitoring foreign countries' use of electronic voting systems, has reported apparent vote-rigging schemes in Venezuela, Macedonia and Ukraine and a raft of concerns about the machines' vulnerability to tampering.

Appearing last month before a U.S. Election Assistance Commission field hearing in Orlando, Fla., a CIA cybersecurity expert suggested that Venezuelan President Hugo Chavez and his allies fixed a 2004 election recount, an assertion that could further roil U.S. relations with the Latin leader.

In a presentation that could provide disturbing lessons for the United States, where electronic voting is becoming universal, Steve Stigall summarized what he described as attempts to use computers to undermine democratic elections in developing nations. His remarks have received no news media attention until now.

Stigall told the Election Assistance Commission, a tiny agency that Congress created in 2002 to modernize U.S. voting, that computerized electoral systems can be manipulated at five stages, from altering voter registration lists to posting results.

"You heard the old adage 'follow the money,' " Stigall said, according to a transcript of his hour-long presentation that McClatchy obtained. "I follow the vote. And wherever the vote becomes an electron and touches a computer, that's an opportunity for a malicious actor potentially to . . . make bad things happen."

Stigall said that voting equipment connected to the Internet could be hacked, and machines that weren't connected could be compromised wirelessly. Eleven U.S. states have banned or limited wireless capability in voting equipment, but Stigall said that election officials didn't always know it when wireless cards were embedded in their machines.

While Stigall said that he wasn't speaking for the CIA and wouldn't address U.S. voting systems, his presentation appeared to undercut calls by some U.S. politicians to shift to Internet balloting, at least for military personnel and other American citizens living overseas. Stigall said that most Web-based ballot systems had proved to be insecure.

The commission has been criticized for giving states more than $1 billion to buy electronic equipment without first setting performance standards. Numerous computer-security experts have concluded that U.S. systems can be hacked, and allegations of tampering in Ohio, Florida and other swing states have triggered a campaign to require all voting machines to produce paper audit trails.

The CIA got interested in electronic systems a few years ago, Stigall said, after concluding that foreigners might try to hack U.S. election systems. He said he couldn't elaborate "in an open, unclassified forum," but that any concerns would be relayed to U.S. election officials.

Stigall, who's studied electronic systems in about three dozen countries, said that most countries' machines produced paper receipts that voters then dropped into boxes. However, even that doesn't prevent corruption, he said.

Turning to Venezuela, he said that Chavez controlled all of the country's voting equipment before he won a 2004 nationwide recall vote that had threatened to end his rule.

When Chavez won, Venezuelan mathematicians challenged results that showed him to be consistently strong in parts of the country where he had weak support. The mathematicians found "a very subtle algorithm" that appeared to adjust the vote in Chavez's favor, Stigall said.

Calls for a recount left Chavez facing a dilemma, because the voting machines produced paper ballots, Stigall said.

"How do you defeat the paper ballots the machines spit out?" Stigall asked. "Those numbers must agree, must they not, with the electronic voting-machine count? . . . In this case, he simply took a gamble."

Stigall said that Chavez agreed to allow 100 of 19,000 voting machines to be audited.

"It is my understanding that the computer software program that generated the random number list of voting machines that were being randomly audited, that program was provided by Chavez," Stigall said. "That's my understanding. It generated a list of computers that could be audited, and they audited those computers.

"You know. No pattern of fraud there."

A Venezuelan Embassy representative in Washington declined immediate comment.

No comments:

Post a Comment