The burglary at one of Houston’s early voting locations (“Computers stolen at early polling location; Ballot board to check electronic voting machines for tampering,” Page B2, Tuesday) raises the specter of election fraud. Some computers were stolen, and as far as we know, the voting machines stored at Hester House were untouched. But if the burglars wanted to tamper with the election outcome, what could they have accomplished? In 2007, California Secretary of State Debra Bowen put together a team to conduct a security analysis of the state’s electronic voting systems. I was part of the team analyzing the Hart InterCivic voting system — the same type we use here in Harris County. Our report concluded that the Hart system has a wide variety of security flaws and that it can be attacked in a manner that makes it hard to detect and correct. We further concluded that these attacks can be carried out by a single individual without extensive effort and without long-term access to the equipment. Our results were corroborated by a follow-up study conducted by the Ohio secretary of state.
Did the Houston burglars tamper with the voting machines? I hope not. Could they have tampered with the voting machines? Absolutely. Could we determine if tampering had occurred? Only if we got lucky and found clearly incriminating evidence, such as the burglar’s fingerprints near the connectors on the backs of the voting machines.
Most likely, we will have to fall back to studying the election statistics. If the vote totals from this one location don’t make any sense, then we’ve got a problem. If the margin of victory is closer than the number of votes from Hester House, the losing candidate will have a legitimate concern that no amount of recounting of the electronic vote records could ever resolve.
We would most likely need to re-run the election from scratch.
It’s unfortunate that our county clerk has already given herself “a gold star” for her performance when the facts of the case are as yet unknown, at least to the public. Our eSlate machines have three copies of every vote: one stored on the eSlate where it was cast and two more stored within the poll workers’ management console. We should pull the machines back to the warehouse and compare all three sets of records to make sure they’re consistent. Likewise, the number of votes should be compared against the electronic poll books to make sure there are no more and no less votes than registered voters who showed up at the polls. None of these mitigations, nor any “logic and accuracy” tests would allow us to detect the actions of a sophisticated attacker, but they might at least catch somebody who just turned the machines on to stuff the ballot box or to erase the existing recorded votes.
Even though two years have passed since the California reports came out, Hart InterCivic has not repaired the serious security flaws in its equipment. The proper government response is to start the process to procure a replacement system and to ensure that it’s subject to stronger advance scrutiny than the porous “certification” processes that approved the gear we’re using today. Until then, we will continue to cast our votes using a system with inadequate security measures, the moral equivalent of driving without a seat belt.
We’re not dead yet, but we’re vulnerable, and we should be doing something about it before it’s too late.
This op-ed was published in The Houston Chronicle and reposted here with permission of the author.