Forwarded from: William Knowles <wkat_private> http://www.washingtonpost.com/wp-dyn/articles/A25673-2003Aug6.html By Brigid Schulte Washington Post Staff Writer Thursday, August 7, 2003; Page B01 Maryland Gov. Robert L. Ehrlich Jr. (R) yesterday asked a contractor with expertise in computer security to review the electronic voting machines that the state recently agreed to purchase for up to $55 million and plans to put in every precinct before the 2004 election. The review comes two weeks after computer scientists at Johns Hopkins University said the voting system was so flawed that a 15-year-old hacker could tap into the software and tamper with election results. Based on Ehrlich's request, Science Applications International Corp. will write a risk assessment of the possibility of election fraud after examining the hardware and software of the touch-screen machines manufactured by Ohio-based Diebold Election Systems Inc. SAIC also will review state and local election procedures to evaluate the security of the entire voting system, state officials said. "Government has no more fundamental obligation than to ensure the integrity of the democratic election process," Ehrlich said in a statement. The governor's spokeswoman, Shareese N. DeLeaver, said: "The state will take whatever steps are necessary to ensure that these machines are checked, remedied, and any errors found are minimized to ensure voter confidence on Election Day. If [SAIC researchers] find there are no concerns, the sale will go forward. If not, then we'll go back to the drawing board and renegotiate." In the two weeks since its release, the Johns Hopkins report has hit like a bomb, with some state and local jurisdictions putting off plans to buy electronic equipment. Diebold spokesman Mike Jacobsen said company officials have been flying across the country, reassuring nervous election officials that all is well. "I hope that this independent study will help put some people's fears to rest," said Gilles W. Burger, chairman of the Maryland State Election Board. SAIC is an internationally known scientific engineering and technology company based in San Diego. It and its subsidiaries have multimillion-dollar contracts with, to name a few, NASA and the Department of Defense, and even with the government of Greece to provide computer security for the 2004 Olympic Games. Since June 2002, SAIC has been working under a $2.6 million consulting contract with Maryland to review its information technology systems, DeLeaver said. Reviewing the Diebold machines will be covered by the existing contract. While some election officials dismiss the Hopkins report as "technological hysteria," saying it did not take into account all the human security that election workers provide, others voice concern that it will undermine faith in elections and further depress voter turnout. Montgomery County Council member Howard A. Denis (R-Potomac-Bethesda) is so upset that he is calling for a meeting of the Hopkins scientists, state election officials and the council. If he's not satisfied, he said he will consider asking the state for a waiver, to take the Diebold machines that were used in the county's 2002 election out of circulation. "I don't want a situation where some 15-year-old kid could elect Ben Affleck to county executive," Denis said. "I'm very concerned about this. It goes to the heart of the integrity of our elections." In their report, Avi Rubin, technical director of John Hopkins's Information Security Institute, and his colleagues analyzed a Diebold software "sourcecode" that had been mistakenly stored on a public Internet site. The security flaws, they said, were "stunning," from hard-wiring one password into the code that would work on all machines -- making the system vulnerable to sabotage -- to relying on smart cards that could be easily duplicated in "homebrew" cards and used to vote multiple times. Diebold, with 55,000 such machines throughout the country, maintains that the code Rubin analyzed is old and that much of it has never been used in elections. In a 27-page point-by-point rebuttal, Diebold has challenged many of the findings and has called the Hopkins report faulty and erroneous. Rubin and Diebold officials said they welcomed the SAIC review. "If the result of our study is that SAIC examines this, then that's an excellent outcome," Rubin said. "We've got confidence in our system," Diebold's Jacobsen said. "We take these concerns seriously. And we're willing to take the appropriate steps with the right folks so that voters have a comfort level that things are done right." *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ---------------------------------------------------------------- C4I.org - Computer Security, & Intelligence - http://www.c4i.org ================================================================ Help C4I.org with a donation: http://www.c4i.org/contribute.html *==============================================================* - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Aug 07 2003 - 03:16:57 PDT