[ISN] Who Hacked the Voting System? The Teacher

[InfoSec News]

http://www.nytimes.com/2004/05/03/technology/03vote.html

By JOHN SCHWARTZ
Published: May 3, 2004

BALTIMORE, April 29 - The fix was in, and it was devilishly hard to
detect. Software within electronic voting machines had been corrupted
with malicious code squirreled away in images on the touch screen.  
When activated with a specific series of voting choices, the rogue
program would tip the results of a precinct toward a certain
candidate. Then the program would disappear without a trace.

Luckily, the setting was not an election but a classroom exercise; the
conspirators were students of Aviel D. Rubin, a professor at Johns
Hopkins University. It might seem unusual to teach computer security
through hacking, but a lot of what Professor Rubin does is unusual. He
has become the face of a growing revolt against high-technology voting
systems. His critiques have earned him a measure of fame, the enmity
of the companies and their supporters among election officials, and
laurels: in April, the Electronic Frontier Foundation gave him its
Pioneer Award, one of the highest honors among the geekerati.

The push has had an effect on a maker of electronic voting machines,
Diebold Inc., as well. California has banned the use of more than
14,000 electronic voting machines made by Diebold in the November
election because of security and reliability concerns. Also, the
company has warned that sales of election systems this year are
slowing.

In April, the company said its first-quarter earnings rose 13 percent
compared with the same quarter a year earlier. It also reported $29.2
million in revenue on nearly $500 million in sales in the latest
period. But it lowered expectations for election systems sales for
this year to a range of $80 million to $95 million from $100 million
in sales a year earlier.

Professor Rubin took center stage in the national voting scene last
July, when he published the first in-depth security analysis of
Diebold's touch-screen voting software. The software had been pulled
off an unprotected Diebold Internet site by Bev Harris, a
publicist-turned-muckraker who posted the software and other documents
she found as part of her campaign against what she calls "black box
voting."

Professor Rubin and his colleagues at Hopkins and Rice University in
Houston subjected the 49,000 lines of code to a deep review over a
two-week period. Their report painted a grim picture: "Our analysis
shows that this voting system is far below even the most minimal
security standards applicable in other contexts," they wrote. "We
conclude that, as a society, we must carefully consider the risks
inherent in electronic voting, as it places our very democracy at
risk."

That shot across the bow was met with outrage from the industry and
from election officials who had spent tens of millions of dollars on
Diebold machines. Mr. Rubin was denounced as irresponsible and
uninformed.

"I think when he's talking about computers, he's very good and knows
what he's doing," said Britain J. Williams, a professor emeritus of
computer science at Kennesaw State University in Georgia, and a
consultant on voting systems. "When he's talking about elections, he
doesn't know what he's talking about."

Typically, Professor Rubin decided to confront the issue of whether he
had experience with elections by taking part in one. During the March
presidential primary, he signed up to become an election judge and
found himself sitting all day at a precinct in a church at
Lutherville, Md., helping voters use the same Diebold touch-screen
machines that he had criticized so roundly. He then went home and
wrote a full account and posted it to the Internet.

Over the day, he wrote, "I started realizing that some of the attacks
described in our initial paper were actually quite unrealistic, at
least in a precinct with judges who worked as hard as ours did and who
were as vigilant. At the same time, I found that I had underestimated
some of the threats before."

Ultimately, he said, "I continue to believe that the Diebold voting
machines represent a huge threat to our democracy."

When asked to comment on Professor Rubin's work, the company issued a
statement that did not mention him by name. "Our collective goal
should always be to provide voters with the assurance that their vote
is important, voting systems are accurate and their individual vote
counts," the company said.

While the debate has largely been constructive, Diebold said: "A key
consideration in this dialogue, though, should be that the debate be
positive and productive. We must not frighten voters or inadvertently
provide any type of disincentive to voting, because at that point the
dialogue itself begins to disenfranchise voters - the very thing this
beneficial discussion is trying to prevent."

Professor Rubin is not the first person to take on the risks of
high-tech voting.

Since Professor Rubin's paper came out last year, other reports have
broadened and deepened his conclusions.

But Professor Rubin is in a class by himself, said David Jefferson, a
computer scientists at Lawrence Livermore National Laboratory in
California, who calls him "the most important figure in the United
States in articulating the security problems with electronic and
Internet voting."

The only damage Professor Rubin has sustained along the way is largely
self-inflicted. Last August, he resigned from an unpaid technical
advisory position for a voting company, VoteHere Inc., and turned in
stock options that he had received but never redeemed.

Professor Rubin, 36, a child of two college professors, seems too
soft-spoken to be a firebrand. But his quiet exterior conceals a
deeply competitive streak: he has played soccer as a blood sport for
most of his life, breaking both wrists and ankles repeatedly over the
years. He still plays twice a week, he says, but now it is "a more
social game, without slide tackles."

Born in Kansas, he grew up in Birmingham, Ala., Haifa, Israel, and
Nashville, and got his computer science training at the University of
Michigan, where he earned bachelor's, master's and Ph.D. degrees by
1994. In late 2002, he became the technical director of the
Information Security Institute here at Hopkins.

Because of his passionate advocacy for his views, many people expect
Professor Rubin to be something of a "smart aleck" in person, said
Gerald Masson, the head of the institute. Instead, he said, "He comes
across as someone who sincerely believes that what he's doing is
right, and he has the technological depth to support it."