Packet Rat: E-voting has the Rat on pins and needles
Micheal J. Bechetti
It seemed appropriate that this Election Day fell so close to Halloween. The possibilities were just so darned scary'and the candidates were the least frightening part.
One reader recently asked if the Rat had any predictions for the election. Well, dear readers, he has only one: bedlam.
As the Rat scribbled notes for this posting, the election results weren't yet in. And it was not beyond the realm of possibility that all would go smoothly. But what scared the Whiskered One more than working for either of the two candidates were the implications of the first major election run largely by electronic-voting machines.
Making him particularly nervous was the fact that he was going to vote on an AccuVote touch-screen system from Diebold Inc. In the cyberrodent's experience, anything with 'accu' in its name tends to be anything but accurate. Plus, there was that whole brouhaha over the head of the North Canton, Ohio, company pledging to deliver Ohio to President Bush. This proclamation was especially disconcerting given the fact that the security of Diebold's back-end software is weak enough that he actually could deliver the votes if he had enough phone lines.
According to the Rat's sources, the software that generates results from AccuVote systems uses Microsoft Access, a data store the Rat's youngest offspring could crack in less time than it takes her to empty her sippy cup. More than a year ago, Maryland commissioned a report on Diebold's software from Science Applications International Corp. of San Diego.
The results showed so many potential security problems that most of the report had to be blacked out with electronic Sharpies before being made public. But Maryland went ahead and bought the Diebold machines because SAIC said good procedures could reduce the risks.
'Yeah,' the Rat mumbled as he approached his polling place, 'by not letting people vote with them.'
E-voting system manufacturers finally provided their compiled code to the National Software Reference Library, but not in time for anyone to check for potential exploits. And they didn't give the National Institute of Standards and Technology library the source code'just the compiled binaries.
Making the Rat even more nervous was an apparent denial-of-service attack on the Bush-Cheney Web site, which many took to be a case of the Bush campaign shutting down foreign access to its site. (The Rat tried to find out if the Kerry campaign was doing anything similar, but Netcraft'the site-watching organization that spotted the Bush site blunder'wasn't keeping uptime statistics for the senator's site.)
Insiders with the Bush campaign assured one Rat source that, in fact, something was amiss at the campaign site's Internet service provider and it did appear there was some sort of attack under way the Friday before the election. Campaign officials admitted the site had been blocked for security reasons. If foreign hackers could bring down the Bush-Cheney site, what might they do to an e-election?
'Here goes nothing,' The Rat muttered as he stepped up to cast his vote.The Packet Rat once managed networks but now spends his time ferreting out bad packets in cyberspace. E-mail him at firstname.lastname@example.org.